tag 293115 + pending thanks
Piotr Krukowiecki schrieb:
Package: logwatch Version: 5.2.2-3 Severity: normal Tags: patch
Hi
I'm using combined log format for apache:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{forensic-id}n\"" combined
I think it was default format for apache and I didn't changed it.
You are right for apache 1, but apache2 doesn't have the forensic-id field.
I'll patch the config file by attached patch. I'll also add a note to README.Debian.
An alternative way would be to change the regexes to be non-greedy (which could also speed the parsing up a little bit), but that would need more testing for corner cases (and smells more hackish IMHO).
Willi
--- /etc/logwatch/conf/services/http.conf 2004-11-21 21:15:32.000000000 +0100 +++ ../../conf/services/http.conf 2005-02-11 12:04:56.000000000 +0100 @@ -16,8 +16,14 @@ # bytes_transfered # agent # +#Debians apache2 default configuration needs: $HTTP_FIELDS = "client_ip ident userid timestamp request http_rc bytes_transfered referrer agent" $HTTP_FORMAT = "space space space brace quote space space quote quote" + +#If you are using apache 1, use: +#$HTTP_FIELDS = "client_ip ident userid timestamp request http_rc bytes_transfered referrer agent forensic" +#$HTTP_FORMAT = "space space space brace quote space space quote quote quote" + # Define the field formats # # the only currently supported formats are:
