On Mon, 28 Jan 2013 11:33:11 +0000 Rainer Gerhards <[email protected]> wrote:
> $template ApacheAccessLogFile, > "/var/log/httpd/%msg:R,ERE,1,BLANK:([a-z0-9\-\.]+) [0-9]+$--end%_access.log" > Amazing! Thanks so much! --- start of long story --- I have Apache logging to /bin/logger and then have rsyslog generate the per-vhost log files and then send the log over the network. I was passing the vhost to rsyslog as part of the syslog tag, the bit that usually contains the pid. The problem I've just encountered is that there's a maximum length for the syslog tag of 32 characters so for many vhosts the full vhost wasn't being transmitted through /bin/logger, before rsyslog is even involved. So with this I am planning to have rsyslog write the physical log files using content from the Apache error log message rather than the syslog tag. The problem I've now got is Apache error log files. Until we start using Apache 2.3.9+ we can't specify the error log format to include the vhost so for error logs I am still restricted to sending the vhost through the syslog tag. --- end of long story --- Actually I've just seen an article that would actually get around my problem... http://www.rsyslog.com/sende-messages-with-tags-larger-than-32-characters/ How do I integrate this from that article... template (name="LongTagForwardFormat" type="string" string="<%PRI%>%TIMESTAMP:::date-rfc3339% %HOSTNAME%%syslogtag%%msg:::sp-if-no-1st-sp%%msg%") With this in my current rsyslog.conf... $template ApacheAccessLogFile, "/var/log/httpd/%procid%_access.log" $template ApacheAccessLogFormat, "%msg:2:$:drop-last-lf%\r\n" if $app-name == 'apache-access' and $syslogfacility-text == 'local0' and $syslogseverity-text == 'info' then -?ApacheAccessLogFile;ApacheAccessLogFormat Then that will hopefully give me enough of an understanding to be able to figure these out myself. Cheers, Ben _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
