Hi, I am evaluating kiwi syslog server to am trying and combine all of our webservers logs onto a cental server, We are wanting to use a reverse proxy (pound) and log all the web activity that goes through it to Syslog. So far we have managed to get the syslog messages from pound in to KiwiSyslog and now we need to figure out how to split the logs out to files based on the host header.
Below is what we are currently recieving into Kiwi and in this sample host header is "testsite1.com". So what I want to do is somehow get that hostheader into the file name. Is this possible ?
04-26-2010 17:12:12 Daemon.Info 192.168.1.1 Apr 26 16:14:55 pound: testsite1.com 192.168.1.60 - - [26/Apr/2010:16:14:55 +0000] "GET /style/default/images/dp_icon.gif HTTP/1.1" 304 - "">http://testsite1.com/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3"
The exact syslog message text probably won't be exactly like that above entry but all I need t find out is how to get a specific filed/part of the message text into the file name / path and I should be fine.
Hope this makes sense, and thanks in advance.
Keith
