Hi, Thank you for your suggestion however this is not possible in my setup. Yours Sincerely, Delon Lee On Tue, 8 May 2018 at 03:52 Evan Rempel <erempel@uvic.ca> wrote:
We write all of our apache logs to an application
ErrorLog "|/path/to/our/script site.fqdn.name error"
LogFormat "%h %l %u %t \"%r\" %>s %b" common CustomLog "|/path/to/our/script site.fqdn.name access" common
This script just writes the log line to syslog via script specific syslog API with an application name of httpd and a line prefix of
access: site.fqdn.name: or error: site.fqdn.name:
This allows the receiving end (central syslog server) to strip off the header and recreate files specific to each virtual host
access_site.fqdn.name_datestamp error_site.fqdn.name_datestamp
And these destination files will have the EXACT content that apache would have logged to disk on the source server.
This permits us to feed web analytic tools in real time and provide them the exact source logs that these tools support.
Works for us.
Evan.
On 05/07/2018 08:58 AM, Gergely Nagy wrote:
> "Delon" == Delon Lee Di Lun <lee.delon2005@gmail.com> writes: Delon> In response to gergely, the 2nd option would require the changes to be made Delon> on the "apache side" of things right? If so, its unlikely possible in my Delon> use case.
No, you can do that with rsyslog and syslog-ng too. Both allow you to tinker with the syslog headers.
Ideally, changing the Apache-generated log format to conform to a syslog RFC would be ideal, but I understand that's not something most are willing - or able/allowed - to make. So the next best option is to fiddle with the syslog fields on the syslog side of things.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq