By default ISPConfig is using vlogger for writing apache-logs as file and to store some data to the database.
I don´t like this way as it stores in a multi-server setup the logs only on each server. So if you´re already running a centralisied log-server, you will never get all logs forward to your log-server. On the other hand you can´t create full statistics with spplitted logs. To make sure, you´re stats contains all access-log-entries, you must first fetch them into one file.
So i replaced vlogger with syslog-ng. First you need to change vlogger to logger in “CustomLog”. The LogFormat should not be changed:
LogFormat "%v %h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig
Change /usr/local/ispconfig/server/conf/apache_ispconfig.conf.master:
CustomLog "| /bin/logger -t apache2" combined_ispconfig
and also
/etc/apache2/sites-available/ispconfig.vhost:
CustomLog "| /bin/logger -t apache2" combined_ispconfig
By now all logs were sent via logger to syslog-ng (or any other syslog-daemon).
I write an access-log for each Domain. So i split the incoming message. For this i use the pattern-db. You can also use a csv-parser, but the pattern-db is much faster. As long as you´re running only a few low-traffic-domains, you can easily setup the csv-parser; there`s no need for the more complicated patttern-db. In the following i you how to setup it up using a csv-parser (i won´t do this with > 200 log-entries/minute).
On the end of this post you can easily download the config-files and also the needed pattern. cut & paste isn´t really needed. 😉
The destinations for syslog:
destination d_apache-logs {
file("/var/log/ispconfig/httpd/${.apache.domain}/${YEAR}${MONTH}${DAY}-access.log"
template("${.apache.client_ip} ${.apache.ident_name} ${.apache.user_name} ${.apache.timestamp} ${.apache.timestamp2} \"${.apache.request_url}\" ${.apache.request_status} ${.apache.content_length} \"${.apache.referer}\" \"${.apache.user_agent}\"\n")
template_escape(yes)
perm(0644));
};
All logs were written to /var/log/ispconfig/httpd/DOMAIN.
Granted, the template splits the log into many parts that are not absolutely necessary. It doesn´t harm to have any part of the log in your own variables. i other posts in this blog you may need them.
Again the syslog-ng.conf:
destination d_ispconfig_apache-stat {
program("/root/scripts/syslog/sql-log.sh"
template("INSERT INTO web_traffic VALUES ('${.apache.domain}',curdate(),${.apache.content_length}) ON duplicate KEY UPDATE traffic_bytes=traffic_bytes+${.apache.content_length};\n"));
};
Instead of “program” you can also call mysql with the matching parameters.
This will look like:
destination d_ispconfig_apache-stat {
program("/usr/bin/mysql -uispconfig -pPASSWORD dbispconfig"
template("INSERT INTO web_traffic VALUES ('${.apache.domain}',curdate(),${.apache.content_length}) ON duplicate KEY UPDATE traffic_bytes=traffic_bytes+${.apache.content_length};\n"));
};
Update 02.01.2013
fundamental this should also work with the mysql-destination from syslog-ng . By now i´ve no idea, how to realisize a”ON DUPLICATE KEY UPDATE” definieren kann.
Syslog-ng´s sql-driver currently doesn´t support “ON DUPLICATE KEY UPDATE”. At this moment you must use the program-parameters.
/root/scripts/syslog/sql-log.sh:
#!/bin/bash
#
# apache-stats to mysql
while read MSG; do
mysql -uispconfig -pPWD dbispconfig -e "$MSG"
done
exit 0
Get your PWD from /usr/local/ispconfig/server/lib/config.inc.php.
Now we define what syslog-ng should do with the logs:
log {
source(src);
parser(p_apache-access);
filter(f_apache2);
destination (d_apache-logs);
destination (d_ispconfig_apache-stat);
};
As you can see we need a filter and a parser.
Filter:
filter f_apache2 {
program('apache2')
};
Parser:
parser p_apache-access {
csv-parser(columns(
".apache.domain",
".apache.client_ip",
".apache.ident_name",
".apache.user_name",
".apache.timestamp",
".apache.timestamp2",
".apache.request_url",
".apache.request_status",
".apache.content_length",
".apache.referer",
".apache.user_agent")
flags(escape-double-char,strip-whitespace)
delimiters(" ")
quote-pairs('""\[\]') );
};
Done. 😉
Download:
Pingback: Gemeinsame Log-Statistiken (awstats) im ISPConfig3 WWW Cluster - Howtoforge Forum