0

I'm running a couple Apache web servers that each have 4-8 separate virtual hosts on each of them. I'm trying to setup a dedicated log server that stores each virtual host access and errors logs in a separate directory for that virtual host.

For example on the logging server,
/var/log/remove/10.0.0.2/virtualhost1 contains access_log and error_log
/var/log/remove/10.0.0.2/virtualhost2 contains access_log and error_log /var/log/remove/10.0.0.3/virtualhost3 contains access_log and error_log
and so on...

Right now I have it split up by host but I can't figure out how to do it additionally by virtual host. Here are the relevant lines from the logging server's syslog-ng.conf

source r_src { tcp(ip("0.0.0.0") port(5140)); };
destination r_all { file("/opt/splunk/logs/$HOST"); };
log { source(r_src); destination(r_all); };

Any help would be appreciated. Thanks!

James
  • 1
  • 1

1 Answers1

2

I think this should answer your question:

The summary: syslog-ng can extract fields from your log messages, and then you can use these fields in template substitutions. As long as your are logging the virtual host name (%v) in your Apache logs, you should have all the information you need.

larsks
  • 43,623
  • 14
  • 121
  • 180