9
responses
responses
Answer (1)
tape (account cancelled)
Hello,
in our documentation, there is a sample integration guide to handle apache logs.
See: https://nxlog.co/documentation/nxlog-user-guide#sources_app_apache
Peter
Comments (8)
when i type in my config file
Module im_file File '/var/log/apache2/error.log' if $raw_event =~ /(?x)^[\S+\ ([^]]+)]\ [(\S+):(\S+)]\ [pid\ (\d+): tid\ (\d+)]\ ([client\ (\S+)]\ )?(.+)$/ { $EventTime = parsedate($1); $ApacheModule = $2; $ApacheLogLevel = $3; $ApachePID = $4; $ApacheTID = $5; if $7 != '' $ClientAddress = $7; $Message = $8; }
i receive error in nxlog log file 2018-02-26 13:39:15 ERROR module 'appache_error' is not declared at C:\Program Files (x86)\nxlog\conf\nxlog.conf:55 2018-02-26 13:39:15 ERROR route 2 is not functional without output modules, ignored at C:\Program Files (x86)\nxlog\conf\nxlog.conf:55 2018-02-26 13:39:15 WARNING not starting unused module apache_error
The error message is quiet straightforward. It state that you misspelled the module name.
i don't know which guide that i use: access log or error log?
you have to make the decision, what you want to store, accesslog or/and errorlog
format of my log is 127.0.0.1 - gsm [26/Feb/2018:14:32:15 +0100] "POST /location/location/ HTTP/1.1" 200 1731 "https://site/location/file.zip" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36"
how i make parsing for normal display
this is accesslog, so the accesslog part of the documentation needed
i used next code
Module im_file File "E:\HFSLOG\*HFS.log" SavePos TRUE ReadFromLast TRUE PollInterval 1 ReadFromLast TRUE PollInterval 1 if $raw_event =~ /(?x)^(\S+)\ \S+\ (\S+)\ [([^]]+)]\ \"(\S+)\ (.+) \ HTTP\/\d.\d\"\ (\S+)\ (\S+)\ \"([^\"]+)\" \ \"([^\"]+)\"/ { $Hostname = $1; if $2 != '-' $AccountName = $2; $EventTime = parsedate($3); $HTTPMethod = $4; $HTTPURL = $5; $HTTPResponseStatus = $6; if $7 != '-' $FileSize = $7; if $8 != '-' $HTTPReferer = $8; if $9 != '-' $HTTPUserAgent = $9; }
Module om_udp Host 192.168.99.52 Port 514 Exec to_syslog_bsd();
how change this code that i display normally
in the documentation here: https://nxlog.co/documentation/nxlog-user-guide#processing_parsers_common_combined you can find both the common and combined format of apache log how to parse it with nxlog