<div dir="ltr">Hi, <div><br></div><div>Using the CSV-parser, you can parse Apache log messages as well: <a href="https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/csv-parser.html">https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/csv-parser.html</a></div><div><br></div><div>Or if you can configure the Apache log format to use name=value pairs, that's the easiest to parse: <a href="https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/key-value-parser.html">https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/key-value-parser.html</a></div><div><br></div><div>An alternative is to use a pattern database.</div><div><br></div><div>Regards, </div><div><br></div><div>Robert</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, May 24, 2016 at 11:46 AM, Alexey Vlasov <span dir="ltr"><<a href="mailto:renton@renton.name" target="_blank">renton@renton.name</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
I intend to manage the distribution of the Apache log-files for each<br>
virtualhost using syslog-ng.<br>
<br>
I write the following in Apache vhost configue:<br>
<br>
<VirtualHost *><br>
SetEnv V3WUSER w_test-l26-apache-_b8649b<br>
LogFormat "%{V3WUSER}e %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" xcombined<br>
CustomLog /var/log/apache_aux2_worker2/access_pipe.log xcombined<br>
</IfModule><br>
<br>
as a result I get this kind of format of the log file:<br>
<br>
w_test-l26-apache-_b8649b 10.0.2.24 - - [24/May/2016:12:41:33 +0300]<br>
"GET / HTTP/1.1" 200 - "<a href="http://example.com/" rel="noreferrer" target="_blank">http://example.com/</a>" "ELinks (0.11.7; Linux 3.14.46-1gb-csm x86_64; 158x45)"<br>
<br>
where the first field is the unique identifier of the virtualhost.<br>
<br>
Next step I write the following in syslog-ng:<br>
<br>
source src_apache_piped_logs {<br>
pipe("/var/log/apache_aux2_worker2/access_pipe.log"<br>
keep_timestamp(no));<br>
};<br>
<br>
destination dst_apache_piped_logs {<br>
file("/var/log/virtwww/${V3WUSER}/access.log"<br>
template("$MSGONLY\n") template-escape(no));<br>
};<br>
<br>
log {<br>
source(src_apache_piped_logs); destination(dst_apache_piped_logs);<br>
};<br>
<br>
Сonsequently I would like to have each log file of the virtualhost<br>
placed in its own catalog and the path should contain the first field of<br>
the message (${V3WUSER} = w_test-l26-apache-_b8649b)<br>
<br>
Is it actually possible?<br>
Thanks in advance for the help.<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div><br></div>