[syslog-ng] Apache vhost logs
Gergely Nagy
algernon at balabit.hu
Mon Jul 11 13:24:49 CEST 2011
Josu Lazkano <josu.lazkano at barcelonamedia.org> writes:
> $ cat user
> Jul 11 13:10:10 host1/host1 IP - - [11/Jul/2011:13:10:09 +0200] "GET
> /favicon.ico HTTP/1.1" 404 503 "-" "Mozilla/5.0 (Windows NT 6.1;
> WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.112
> Safari/534.30"
> ...
>
> This looks great, but I want to get all vhost on different files, something like this:
>
> domain1 - > apache_access_domain1.log
> domain2 - > apache_access_domain2.log
> domain3 - > apache_access_domain3.log
> ...
>
> Is this possible? I must configure on the client or server side?
Yes, it is possible. As long as the virtual host's name appears in the
log message, it is possible.
Something along these lines could work (assuming keep_hostname(yes)):
# Here, find a pattern with which you can identify apache logs.
# It's possible to alter the template on the webserver, to include a
# token with chich the messages become easily identifiable: for example,
# using this LogFormat (in apache):
#
# LogFormat "Jan 12 12:12:12 %v apache[666]: %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
filter f_apache { program("apache"); };
destination d_apache {
file("/var/log/apache/apache_access_${HOST}.log");
};
log {
source(s_src);
filter(f_apache);
destination(d_apache);
};
--
|8]
More information about the syslog-ng
mailing list