-
Notifications
You must be signed in to change notification settings - Fork 7
/
apache_http.yaml
175 lines (168 loc) · 5.28 KB
/
apache_http.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
version: 0.0.8
title: Apache HTTP Server
description: Log parser for Apache HTTP Server
parameters:
- name: log_format
label: Log Format
description: When choosing the 'default' option, the agent will expect and parse logs in a format that matches the default logging configuration. When choosing the 'observIQ' option, the agent will expect and parse logs in an optimized JSON format that adheres to the observIQ specification, requiring an update to the apache2.conf file. See the Apache HTTP Server source page for more information.
type: enum
valid_values:
- default
- observiq
default: default
- name: enable_access_log
label: Access Logs
description: Enable to collect Apache HTTP Server access logs
type: bool
default: true
- name: access_log_path
label: Access Log Path
description: Path to access log file
type: string
default: "/var/log/apache2/access.log"
relevant_if:
enable_access_log:
equals: true
- name: enable_error_log
label: Error Logs
description: Enable to collect Apache HTTP Server error logs
type: bool
default: true
- name: error_log_path
label: Error Log Path
description: Path to error log file
type: string
default: "/var/log/apache2/error.log"
relevant_if:
enable_error_log:
equals: true
- name: start_at
label: Start At
description: Start reading file from 'beginning' or 'end'
type: enum
valid_values:
- beginning
- end
default: end
# Set Defaults
#{{$enable_error_log := default true .enable_error_log}}
#{{$error_log_path := default "/var/log/apache2/error.log" .error_log_path}}
#{{$enable_access_log := default true .enable_access_log}}
#{{$access_log_path := default "/var/log/apache2/access.log" .access_log_path}}
#{{$start_at := default "end" .start_at}}
# {{$log_format := default "default" .log_format}}
pipeline:
#{{ if $enable_access_log }}
- id: access_log_reader
type: file_input
include:
- {{ $access_log_path }}
start_at: {{ $start_at }}
labels:
log_type: 'apache_http.access'
plugin_id: {{ .id }}
output: '{{ if eq $log_format "default" }}access_regex_parser{{ else if eq $log_format "observiq" }}access_json_parser{{ end }}'
#{{ end }}
#{{ if $enable_error_log }}
- id: error_log_reader
type: file_input
include:
- {{ $error_log_path }}
start_at: {{ $start_at }}
# {{ if eq $log_format "default" }}
multiline:
line_start_pattern: '\[(?P<time>\w+ \w+ \d{2} \d{2}:\d{2}:\d{2}\.\d+ \d+)\] '
# {{ end }}
labels:
log_type: 'apache_http.error'
plugin_id: {{ .id }}
output: '{{ if eq $log_format "default" }}error_regex_parser{{ else if eq $log_format "observiq" }}error_json_parser{{ end }}'
#{{ end }}
# {{ if eq $log_format "default" }}
- id: access_regex_parser
type: regex_parser
regex: '^(?P<remote_addr>[^ ]*) (?P<remote_host>[^ ]*) (?P<remote_user>[^ ]*) \[(?P<time>[^\]]*)\] "(?P<method>\S+) +(?P<path>[^ ]*)( (?P<protocol>[^/]*)/(?P<protocol_version>[^\"]*)|[^\"]*)?" (?P<status>[^ ]*) (?P<body_bytes_sent>[^ ]*)(?: "(?P<http_referer>[^\"]*)" "(?P<http_user_agent>[^\"]*)"(?:\s+(?P<http_x_forwarded_for>[^ ]+))?)?'
timestamp:
parse_from: time
layout: '%d/%b/%Y:%H:%M:%S %z'
severity:
parse_from: status
preset: none
preserve_to: status
mapping:
info: 2xx
notice: 3xx
warning: 4xx
error: 5xx
output: {{ .output }}
- id: error_regex_parser
type: regex_parser
regex: '^\[(?P<time>\w+ \w+ \d{2} \d{2}:\d{2}:\d{2}\.\d+ \d+)\] \[(?P<module>\w+):(?P<log_level>[\w\d]+)\] \[pid (?P<pid>\d+)(?::tid (?P<tid>[\d]+))?\](?: \[client (?P<client>[^\]]*)\])? (?P<error_code>[^:]+): (?P<message>.*)'
timestamp:
parse_from: time
layout: '%a %b %d %T.%s %Y'
severity:
parse_from: log_level
mapping:
critical: crit
emergency: emerg
warning: warn
trace:
- trace1
- trace2
- trace3
- trace4
- trace5
- trace6
- trace7
- trace8
output: {{ .output }}
# {{ end }}
# {{ if eq $log_format "observiq" }}
- id: access_json_parser
type: json_parser
timestamp:
parse_from: timestamp
layout: '%Y-%m-%dT%H:%M:%S.%s%z'
severity:
parse_from: status
preset: none
preserve_to: status
mapping:
info: 2xx
notice: 3xx
warning: 4xx
error: 5xx
output: access_protocol_parser
- id: access_protocol_parser
type: regex_parser
parse_from: $record.protocol
regex: '(?P<protocol>[^/]*)/(?P<protocol_version>.*)'
output: {{ .output }}
- id: error_json_parser
type: json_parser
timestamp:
parse_from: time
layout: '%Y-%m-%d %H:%M:%S.%s'
severity:
parse_from: log_level
mapping:
critical: crit
emergency: emerg
warning: warn
trace:
- trace1
- trace2
- trace3
- trace4
- trace5
- trace6
- trace7
- trace8
output: error_message_parser
- id: error_message_parser
type: regex_parser
parse_from: $record.message
regex: '(?P<error_code>[^:]*):(?P<message>.*)'
output: {{ .output }}
# {{ end }}