Apache Log
Hello,
Can you define two identical LogFormat and then use them in the same vhost in two different CustomLogs? Thank you Yack |
Would be simple enough to test it. Have you tested it? What was the result?
Maybe something like this if you haven't tried yet,.. Code:
LogFormat "%h %l %u %t \"%r\" %>s %b" common |
Certainly, I did some tests:
In httpd.conf: ... LogFormat "%{X-Forwarded-For}i %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" test LogFormat "%{X-Forwarded-For}i %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined … In virtual host config: <VirtualHost *:80> … CustomLog /var/log/httpd/www.efaci.it.access_log combined CustomLog "|/usr/bin/logger -t httpd -p local7.info" test … but it does not work Only first CustomLog work (combined) Logs are sent to the configured destination but do not come with the correct format. If you change the configuration in this way: <VirtualHost *:80> … CustomLog /var/log/httpd/www.efaci.it.access_log combined CustomLog "|/usr/bin/logger -t httpd -p local7.info" combined … all work fine, but I need two different LogFormat Thanks Yack |
You are only showing one log format with two different aliases.
Code:
LogFormat "%{X-Forwarded-For}i %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" |
The two logformat are identical, they change the name only, but have two different purposes.
The first sends the logs into one file the second one in a siem. Their content may, in time, differ. I would like to use them both in the vhost configuration. Logs are sent to the file in correct format but the log send to siem not have the correct format (LogFormat 'test') |
What about specifying them without alias reference?
Code:
Virtualhost 80.... |
error!!!
CustomLog takes two or three arguments, a file name, a custom log format string or format name, and an optional "env=" or "expr=" clause |
Lets start all over and break apart this format string that is giving the error:
Would it be better written like this with escapes? Code:
"%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" Code:
<VirtualHost *:80> Code:
<IfModule log_config_module> Code:
[root@linux01 httpd]# cat /var/www/html/requests.log* |
Thank you, I will try this evening.
Yack |
It works but why does not it give me the remote ip that makes the web request?
<190>httpd: - - - [06/Jul/2017:09:41:39 +0200] "GET /costruction.gif HTTP/1.1" 304 - "http://www.xxxx.it/" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0" TEST the option %{X-Forwarded-For}i not work! Thanks Yack |
Quote:
The format you've proposed doesn't include recording of the remote IP. Add %h to the format to see the remote IP. My 'combined' format is defined as Code:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"" combined Code:
73.186.197.82 - - [06/Jul/2017:07:09:43 -0700] "GET / HTTP/1.1" 200 39638 "-" Maybe also review the documentation Take note of the section on Piped Logs. And this for details on log formatting |
All times are GMT -5. The time now is 10:17 PM. |