[syslog-ng] Transform file path

Scheidler, Balázs balazs.scheidler at balabit.com
Wed May 25 08:15:00 CEST 2016 

Yes, you have to parse the incoming access.log entries, for example using
the apache-accesslog-parser() in SCL, after which you'll have separate
name-value pairs for access.log fields that you can later use in templates.

-- 
Bazsi

On Tue, May 24, 2016 at 11:46 AM, Alexey Vlasov <renton at renton.name> wrote:

> Hi,
>
> I intend to manage the distribution of the Apache log-files for each
> virtualhost using syslog-ng.
>
> I write the following in Apache vhost configue:
>
> <VirtualHost *>
>     SetEnv V3WUSER w_test-l26-apache-_b8649b
>     LogFormat "%{V3WUSER}e %h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> \"%{User-Agent}i\"" xcombined
>     CustomLog /var/log/apache_aux2_worker2/access_pipe.log xcombined
> </IfModule>
>
> as a result I get this kind of format of the log file:
>
> w_test-l26-apache-_b8649b 10.0.2.24 - - [24/May/2016:12:41:33 +0300]
> "GET / HTTP/1.1" 200 - "http://example.com/" "ELinks (0.11.7; Linux
> 3.14.46-1gb-csm x86_64; 158x45)"
>
> where the first field is the unique identifier of the virtualhost.
>
> Next step I write the following in syslog-ng:
>
> source src_apache_piped_logs {
>     pipe("/var/log/apache_aux2_worker2/access_pipe.log"
>     keep_timestamp(no));
> };
>
> destination dst_apache_piped_logs {
>     file("/var/log/virtwww/${V3WUSER}/access.log"
>     template("$MSGONLY\n") template-escape(no));
> };
>
> log {
>     source(src_apache_piped_logs); destination(dst_apache_piped_logs);
> };
>
> Сonsequently I would like to have each log file of the virtualhost
> placed in its own catalog and the path should contain the first field of
> the message  (${V3WUSER} = w_test-l26-apache-_b8649b)
>
> Is it actually possible?
> Thanks in advance for the help.
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160525/a5037055/attachment.htm

More information about the syslog-ng mailing list