[syslog-ng] syslog-ng - Apache Logging
Steven Shepherd
netdudefl at yahoo.com
Wed Jan 26 15:12:45 CET 2011
That did the trick! Thanks :)
________________________________
From: Matthew Hall <mhall at mhcomputing.net>
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Sent: Tue, January 25, 2011 4:51:38 PM
Subject: Re: [syslog-ng] syslog-ng - Apache Logging
On Tue, Jan 25, 2011 at 12:55:06PM -0800, Steven Shepherd wrote:
> I have Apache logging working via a named pipe, however the log looks like:
>
> Jan 25 14:44:13 $HOSTNAME $VIRTUAL_HOST: 000.000.000.000 - -
> [25/Jan/2011:14:44:13 -0600] "GET /foo.html HTTP/1.0" 200 24040 "-"
>"Wget/1.10.2
>
> (Red Hat modified)"
>
> I want to strip the syslog timestamp and $HOSTNAME. However, if I use
> "template("$MSGONLY\n")", it strips the timestamp, hostname *and* the
> $virtual_host (obtained from including "%V" in LogFormat and using 'vcommon' on
>
> apache server).
>
> Any ideas on how to remove the syslog data but leave the vhost data in place?
>
> Cheers!
You probably want to look at MSGHDR.
The default syslog format is:
By default, syslog-ng sends messages using the following template: $ISODATE
$HOST $MSGHDR$MSG\n. (The $MSGHDR$MSG part is written together because the
$MSGHDR macro includes a trailing whitespace.)
--
http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-v3.2-guide-admin-en.html/index.html-single.html
Make sure to read over the definitions of the vars.
You can use rewrites and sets to put the value of these locked (unchangeable)
vars into other vars, and then edit the value of the new vars with PCRE and
such, to contain just the desired data.
Matthew.
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20110126/6b0605f3/attachment.htm
More information about the syslog-ng
mailing list