Apache Log
 

Hello,

Can you define two identical LogFormat and then use them in the same vhost in two different CustomLogs?
Thank you

Yack

Would be simple enough to test it. Have you tested it? What was the result?

Maybe something like this if you haven't tried yet,..

Related Docs: http://httpd.apache.org/docs/current...html#customlog

Certainly, I did some tests:

In httpd.conf:
...
LogFormat "%{X-Forwarded-For}i %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" test
LogFormat "%{X-Forwarded-For}i %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
…
In virtual host config:
<VirtualHost *:80>
…
CustomLog /var/log/httpd/www.efaci.it.access_log combined
CustomLog "|/usr/bin/logger -t httpd -p local7.info" test
…



but it does not work

Only first CustomLog work (combined)

Logs are sent to the configured destination but do not come with the correct format.

If you change the configuration in this way:

<VirtualHost *:80>
…
CustomLog /var/log/httpd/www.efaci.it.access_log combined
CustomLog "|/usr/bin/logger -t httpd -p local7.info" combined
…

all work fine, but I need two different LogFormat

Thanks

Yack

You are only showing one log format with two different aliases.

What are the two different LogFormats you are trying to use?

The two logformat are identical, they change the name only, but have two different purposes.
The first sends the logs into one file the second one in a siem.
Their content may, in time, differ.
I would like to use them both in the vhost configuration.
Logs are sent to the file in correct format but the log send to siem not have the correct format (LogFormat 'test')

What about specifying them without alias reference?

error!!!

CustomLog takes two or three arguments, a file name, a custom log format string or format name, and an optional "env=" or "expr=" clause

Lets start all over and break apart this format string that is giving the error:

Would it be better written like this with escapes?

YES! Httpd loads up correctly now. If I add my local IP to /etc/hosts as example.com --- and if I write out a silly /etc/httpd/conf.d/vhosts.conf file for testing like this:

And add the formats to the conf/httpd.conf file, along with the test 'MYTEST' so we know its coming from these lines, in the "IfModule log_config_module" section like so:
Restart and look at our files that were created and their format:
You can see that the aliases did their magic. The logformat string has to be formatted correctly and it has to be in the right place in the configuration file.

Thank you, I will try this evening.

Yack

It works but why does not it give me the remote ip that makes the web request?

<190>httpd: - - - [06/Jul/2017:09:41:39 +0200] "GET /costruction.gif HTTP/1.1" 304 - "http://www.xxxx.it/" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0" TEST

the option %{X-Forwarded-For}i not work!

Thanks

Yack

How is the variable X-Forwarded-For populated?

The format you've proposed doesn't include recording of the remote IP. Add %h to the format to see the remote IP.
My 'combined' format is defined as which yields
the hyphens indicate that the requested data is not available, so in my case, the remote log name and the remote user are not there.

Maybe also review the documentation Take note of the section on Piped Logs. And this for details on log formatting