[syslog-ng] Transform file path
Alexey Vlasov
renton at renton.name
Tue May 24 11:46:43 CEST 2016
Hi,
I intend to manage the distribution of the Apache log-files for each
virtualhost using syslog-ng.
I write the following in Apache vhost configue:
<VirtualHost *>
SetEnv V3WUSER w_test-l26-apache-_b8649b
LogFormat "%{V3WUSER}e %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" xcombined
CustomLog /var/log/apache_aux2_worker2/access_pipe.log xcombined
</IfModule>
as a result I get this kind of format of the log file:
w_test-l26-apache-_b8649b 10.0.2.24 - - [24/May/2016:12:41:33 +0300]
"GET / HTTP/1.1" 200 - "http://example.com/" "ELinks (0.11.7; Linux 3.14.46-1gb-csm x86_64; 158x45)"
where the first field is the unique identifier of the virtualhost.
Next step I write the following in syslog-ng:
source src_apache_piped_logs {
pipe("/var/log/apache_aux2_worker2/access_pipe.log"
keep_timestamp(no));
};
destination dst_apache_piped_logs {
file("/var/log/virtwww/${V3WUSER}/access.log"
template("$MSGONLY\n") template-escape(no));
};
log {
source(src_apache_piped_logs); destination(dst_apache_piped_logs);
};
Сonsequently I would like to have each log file of the virtualhost
placed in its own catalog and the path should contain the first field of
the message (${V3WUSER} = w_test-l26-apache-_b8649b)
Is it actually possible?
Thanks in advance for the help.
More information about the syslog-ng
mailing list