Including hostname in apache logwatch reports
Solution 1:
Try this (works for me):
Define LogFormat in your httpd.conf
as
LogFormat "%h %t [%V] \"%r\" %>s \"%{Referer}i\""
With this particular case, you'll have remote_address, date/time, [The server name according to the UseCanonicalName setting], request, satus code and Referer (that's my desired format) and then put
$LogFormat "%h %t %V \"%r\" %>s \"%{Referer}i\""
in your services/http.conf LogWatch file. That will
- make apache put the hostname (Canonical or not, it depends if you use %v or %V)
- force LogWatch to understand your Apache Access log
Here is an example of the a line in the log output with this particular set of directives:
172.3.20.11 [01/Jun/2011:21:00:52 +0200] joomla.local "GET /images/tabs_back.png HTTP/1.1" 404 "http://joomla.local/templates/beez_20/css/personal.css"
If we FOCUS ON ERROR CODES, and how are they treated in LogWatch, here are some changes you can made to /usr/share/logwatch/scripts/services/http: Add:
my $my_host = ""; my $my_url = "";
Then, about line 462, add this line to save our 4th column (HOST):
$field{my_host} = $field{$log_fields[3]};
And in line 560, after fmt_url
is shorten ( if (length($field{url}) > 60) {...}
) add:
$my_host = $field{$log_fields[3]};
$my_host = substr($my_host,1);
$my_url=$my_host . $fmt_url;
Finally, change:
$needs_exam{$field{http_rc}}{$fmt_url}++;
by
$needs_exam{$field{http_rc}}{$my_url}++;
doing so, you'll have this in your Logwatch:
Requests with error response codes
404 Not Found
joomla.local/images/tabs_back.png: 3 Time(s)
I Hope it helps all you out
Solution 2:
I had the same issue and solved it by changing the LogFormat
in apache.conf
(http://httpd.apache.org/docs/2.2/mod/mod_log_config.html)
# LogFormat "%h %l %u %t \"%r\" %>s %O" common
# The default output has no info about the server name (%v).
# %m %U%q %H is strictly equivalent to %r.
LogFormat "%h %l %u %t \"%m %v%U%q %H\" %>s %O" common
This generates the same output as the default, adding the canonical server name as a prefix. Eg:
... "GET www.example.com/apache_pb.gif HTTP/1.0" 200 2326 ...
The pro is that you don't need any other customization (eg. on the logwatch side). The con is that you get a few extra characters for each logged line.