<div dir="ltr">Hi,<div><br></div><div>Thank you for your suggestion however this is not possible in my setup. </div><div><br></div><div>Yours Sincerely,</div><div>Delon Lee</div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, 8 May 2018 at 03:52 Evan Rempel <<a href="mailto:erempel@uvic.ca">erempel@uvic.ca</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">We write all of our apache logs to an application<br>
<br>
ErrorLog "|/path/to/our/script <a href="http://site.fqdn.name" rel="noreferrer" target="_blank">site.fqdn.name</a> error"<br>
<br>
LogFormat "%h %l %u %t \"%r\" %>s %b" common<br>
CustomLog "|/path/to/our/script <a href="http://site.fqdn.name" rel="noreferrer" target="_blank">site.fqdn.name</a> access" common<br>
<br>
This script just writes the log line to syslog via script specific syslog API with an application name of httpd<br>
and a line prefix of<br>
<br>
access: <a href="http://site.fqdn.name" rel="noreferrer" target="_blank">site.fqdn.name</a>:<br>
or<br>
error: <a href="http://site.fqdn.name" rel="noreferrer" target="_blank">site.fqdn.name</a>:<br>
<br>
This allows the receiving end (central syslog server) to strip off the header and recreate files specific to each virtual host<br>
<br>
access_site.fqdn.name_datestamp<br>
error_site.fqdn.name_datestamp<br>
<br>
And these destination files will have the EXACT content that apache would have logged to disk on the source server.<br>
<br>
This permits us to feed web analytic tools in real time and provide them the exact source logs that these tools<br>
support.<br>
<br>
Works for us.<br>
<br>
Evan.<br>
<br>
<br>
On 05/07/2018 08:58 AM, Gergely Nagy wrote:<br>
>>>>>> "Delon" == Delon Lee Di Lun <<a href="mailto:lee.delon2005@gmail.com" target="_blank">lee.delon2005@gmail.com</a>> writes:<br>
> Delon> In response to gergely, the 2nd option would require the changes to be made<br>
> Delon> on the "apache side" of things right? If so, its unlikely possible in my<br>
> Delon> use case.<br>
><br>
> No, you can do that with rsyslog and syslog-ng too. Both allow you to<br>
> tinker with the syslog headers.<br>
><br>
> Ideally, changing the Apache-generated log format to conform to a syslog<br>
> RFC would be ideal, but I understand that's not something most are<br>
> willing - or able/allowed - to make. So the next best option is to<br>
> fiddle with the syslog fields on the syslog side of things.<br>
><br>
<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div>