Closed butlerx closed 3 years ago
I'm saying we could change the httpd log format to something more easily parseable. http://httpd.apache.org/docs/current/mod/mod_log_config.html#logformat What do you think?
ah, then we should look at just outputting key-value or JSON logs directly and avoid needing to write parsing rules at all. Personally I'm happier if we update the logs to output key value.
If we are modifying the logs to be more easily parsable we could use rsyslog to read the files
input(type="imfile"
File="/var/log/httpd/access-*.log"
Tag="apache/access.log"
Ruleset="sendToLogserver")```
something like
LogFormat "{ \"time\":\"%t\", \"remoteIP\":\"%a\", \"host\":\"%V\", \"request\":\"%U\", \"query\":\"%q\", \"method\":\"%m\", \"status\":\"%>s\", \"userAgent\":\"%{User-agent}i\", \"referer\":\"%{Referer}i\" }" accessJson
That sounds good! We already have rsyslogd configured on all hosts.
looking at how docker implemented logs to stdout
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
-e 's!^(\s*TransferLog)\s+\S+!\1 /proc/self/fd/1!g' \
but httpd is having issues accessing these
What was left to do here? Wouldn't mind having some httpd data :)
Looking at the last change was logging to journald rather than syslog or file. So I think just testing left
tested on rbtest and verified working
Yep no log files anymore
im unsure what you're suggesting to change about the pr