Apache

Apache configuration

Put the following configuration in your httpd.conf or a virtualhost-specific configuration file.

# Access Log configuration
LogFormat "%v %h %l %u %t \"%r\" %>s %b" common_with_vhost
CustomLog "|/usr/bin/logger -u /opt/logman.io/syslog-ng/var/apache_access_log" common_with_vhost

# Error Log configuration
ErrorLogFormat "[T:%{cu}t]#+# [m:%-m]#+# [l:%l]#+# [p:%P]#+# [t:%T]#+# [s:%7F]#+# [e:%E]#+# [c:%a]#+# [R:%{Referer}i]#+# %M% "
ErrorLog "|/usr/bin/logger -u /opt/logman.io/syslog-ng/var/apache_error_log"

Syslog-ng configuration

source s_apache_aal {
        unix-stream("/opt/logman.io/syslog-ng/var/apache_access_log");
};

parser p_apache_aal {

    csv-parser(
        dialect(escape-double-char)
        flags(strip-whitespace)
        delimiters(" ")
        template("${MESSAGE}")
        quote-pairs('""[]')
        columns(
            "lm.P",
            "lm.aal.i", # Client IP
            "lm.aal.I", # Ident
            "lm.aal.a", # Auth
            ".TMP.TSTAMP",
            "MESSAGE",
            "lm.aal.c", # Response code
            "lm.aal.b", # Bytes
            "lm.aal.r", # Referrer
            "lm.aal.A" # Agent
        )
    );

    csv-parser(
        template("${MESSAGE}")
        delimiters(" ")
        dialect(escape-none)
        flags(strip-whitespace)
        columns(
            "lm.aal.m", # Method
            "lm.aal.p", # Request path
            "lm.aal.v"  # HTTP version
        )
    );

    date-parser(format("%d/%b/%Y:%H:%M:%S %z"), template("${.TMP.TSTAMP}"));

    map-value-pairs(
            pair("lm.T" "a") # Apache Access Log
            pair("lm.H" "$HOST")
            pair("lm.t" "$S_UNIXTIME")
    );
};

log {
        source(s_apache_aal);
        parser(p_apache_aal);
        destination(d_amqp);
};



source s_apache_errorlog {
    unix-stream("/opt/logman.io/syslog-ng/var/apache_error_log");
};
parser p_apache_errorlog {
        map-value-pairs(
                pair("lm.H" "$HOST")
                pair("lm.T" "ael") # Apache Error Log
        );
};

log {
        source(s_apache_errorlog);
        parser(p_apache_errorlog);
        destination(d_amqp);
};