[rsyslog] rsyslog with apache and per vhost log

Maurizio Rottin maurizio.rottin at gmail.com
Thu Mar 20 16:22:11 CET 2008


wow!
%msg:F,32:2% works!
i completely misunderstood how Fielf works...i thought the first
number was the FromChar and second the ToChar...
Thanks a lot!!!

2008/3/20, Rainer Gerhards <rgerhards at hq.adiscon.com>:
> Should work with fields (much faster). I can't try it out due to relp
>  work, but try:
>
>  %msg:F,32:2%  [32 is USASCII SP, the delimiter here]
>
>  But maybe %msg:F,32:1% - you need to experiment a bit. In any case, that
>  should work...
>
>
>  Rainer
>
>  > -----Original Message-----
>  > From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog-
>  > bounces at lists.adiscon.com] On Behalf Of Maurizio Rottin
>
> > Sent: Thursday, March 20, 2008 3:59 PM
>  > To: rsyslog-users
>  > Subject: Re: [rsyslog] rsyslog with apache and per vhost log
>  >
>  > yes! but actually there is a space at the beginning and hostname can
>  > contain the dash -, numbers, and letters.
>  >
>  > 2008/3/20, Rainer Gerhards <rgerhards at hq.adiscon.com>:
>  > > Let me try to avoid the regexp (its expensive and I can not debug it
>  > now
>  > >  ;)): so you search for the string that is at the start of the msg
>  > and
>  > >  delimited by the first space?
>  > >
>  > >
>  > >
>  > >  Rainer
>  > >  > -----Original Message-----
>  > >  > From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog-
>  > >  > bounces at lists.adiscon.com] On Behalf Of Maurizio Rottin
>  > >
>  > > > Sent: Thursday, March 20, 2008 3:47 PM
>  > >  > To: rsyslog-users
>  > >  > Subject: Re: [rsyslog] rsyslog with apache and per vhost log
>  > >  >
>  > >
>  > > > 2008/3/20, Rainer Gerhards <rgerhards at hq.adiscon.com>:
>  > >  > > Can you send me a handful of the logline to play with? Probably
>  > not
>  > >  > this
>  > >  > >  week, but next...
>  > >  > >
>  > >  >
>  > >  >  www.mysite.com 192.168.242.2 [20/Mar/2008:15:41:10 +0100] "GET
>  > >  > /images/wm001.jpg HTTP/1.1" 304 -
>  > "http://www.mysite.com/webmail.htm"
>  > >  > "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13)
>  > Gecko/20060607"
>  > >  >
>  > >  > i'm trying to use the regexp but with no success in this way:
>  > >  > $template MsgFormat,"%msg%\n"
>  > >  > $template ApacheRemoteCustom,"/var/log/apachelog/%msg:R:^\
>  > >  > [a-z,\.]*--end%_az.log"
>  > >  > local6.info -?ApacheRemoteCustom;MsgFormat
>  > >  >
>  > >  > from the documentation: "the property replacer will return the
>  > part of
>  > >  > the property text that matches the regular expression" which
>  > should be
>  > >  > " www.mysite.com"
>  > >  > but i get a file named _az.log
>  > >  >
>  > >  > --
>  > >  > mr
>  > >
>  > > > _______________________________________________
>  > >  > rsyslog mailing list
>  > >  > http://lists.adiscon.net/mailman/listinfo/rsyslog
>  > >  _______________________________________________
>  > >  rsyslog mailing list
>  > >  http://lists.adiscon.net/mailman/listinfo/rsyslog
>  > >
>  >
>  >
>  > --
>  > mr
>  > _______________________________________________
>  > rsyslog mailing list
>  > http://lists.adiscon.net/mailman/listinfo/rsyslog
>  _______________________________________________
>  rsyslog mailing list
>  http://lists.adiscon.net/mailman/listinfo/rsyslog
>


-- 
mr



More information about the rsyslog mailing list