问题
我已经configurationlogwatch(CentOS 5.8,x64)来包含nginx, 以此作为指导,并在日志格式上使用Apache和nginx文档。 问题是,我正在使用特定的日志格式,是:
log_format main '$remote_addr - $remote_user [$time_local] "$request" $scheme:$server_port ' '$status $body_bytes_sent "$http_referer" ' 'Upstream ["$upstream_addr" ($upstream_response_time) $upstream_status : $upstream_cache_status] ' '"$http_user_agent" "$http_x_forwarded_for"'; (来自/etc/nginx/nginx.conf )
我已经将这个日志格式翻译成:
$LogFormat "%h %l %u %t \"%r\" %H:%p %>s %b \"%{Referer}i\" Upstream [\"%{Upstream-address}e\" (%{Upstream-response-time}e) %{Upstream-status}e : %{Upstream-cache-status}e] \"%{User-Agent}i\" \"%{X-Forwarded-For}e\""
为Logwatch。 在研究/usr/share/logwatch/scripts/services/http ,我发现任何未被预定义的%{...}e将被忽略,所以我认为这将是包含这些上游variables。
但是,考虑到nginx,Logwatch不会给出任何输出。
我做了什么
我创build了以下logwatch文件: /usr/share/logwatch/default.conf/logfiles/nginx.conf :
######################################################## # Define log file group for nginx # http://8bitpipe.com/?p=516 ######################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = nginx/*access.log # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... #If you use a "-" in naming add that as well -mgt Archive = nginx/archive/*access.log* # Expand the repeats (actually just removes them now) *ExpandRepeats # Keep only the lines in the proper date range... *ApplyhttpDate
/usr/share/logwatch/default.conf/services/nginx.conf :
########################################################################### # Configuration file for nginx filter ########################################################################### Title = "nginx" # Which logfile group... LogFile = nginx # Define the log file format # # This is now the same as the LogFormat parameter in the configuration file # for httpd. Multiple instances of declared LogFormats in the httpd # configuration file can be declared here by concatenating them with the # '|' character. The default, shown below, includes the Combined Log Format, # the Common Log Format, and the default SSL log format. #$LogFormat = "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"|%h %l %u %t \"%r\" %>s %b|%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" $LogFormat "%h %l %u %t \"%r\" %H:%p %>s %b \"%{Referer}i\" Upstream [\"%{Upstream-address}e\" (%{Upstream-response-time}e) %{Upstream-status}e : %{Upstream-cache-status}e] \"%{User-Agent}i\" \"%{X-Forwarded-For}e\"" # The following is supported for backwards compatibility, but deprecated: # Define the log file format # # the only currently supported fields are: # client_ip # request # http_rc # bytes_transfered # agent # #$HTTP_FIELDS = "client_ip ident userid timestamp request http_rc bytes_transfered referrer agent" #$HTTP_FORMAT = "space space space brace quote space space quote quote" # Define the field formats # # the only currently supported formats are: # space = space delimited field # quote = quoted ("..") space delimited field # brace = braced ([..]) space delimited field # Flag to ignore 4xx and 5xx error messages as possible hack attempts # # Set flag to 1 to enable ignore # or set to 0 to disable $HTTP_IGNORE_ERROR_HACKS = 0 # Ignore requests # Note - will not do ANY processing, counts, etc... just skip it and go to # the next entry in the log file. # Examples: # 1. Ignore all URLs starting with /model/ and ending with 1 to 10 digits # $HTTP_IGNORE_URLS = "^/model/\d{1,10}$" # # 2. Ignore all URLs starting with /model/ and ending with 1 to 10 digits and # all URLS starting with /photographer and ending with 1 to 10 digits # $HTTP_IGNORE_URLS = "^/model/\d{1,10}$|^/photographer/\d{1,10}$" # or simply: # $HTTP_IGNORE_URLS = "^/(model|photographer)/\d{1,10}$" # # vi: shiftwidth=3 tabstop=3 et
我已经把/usr/share/logwatch/scripts/services/http到了/usr/share/logwatch/scripts/services/nginx 。
这在执行logwatch时不会给出任何错误,但它也不会给出任何输出,而肯定有日志文件parsing。
执行logwatch --service nginx --print --range All --debug 7给出,例如:
** lot of blabla about config files ** export LOGWATCH_DATE_RANGE='all' export LOGWATCH_OUTPUT_TYPE='unformatted' export LOGWATCH_TEMP_DIR='/var/cache/logwatch/logwatch.vdVyg9y2/' export LOGWATCH_DEBUG='7' Preprocessing LogFile: nginx '/var/log/nginx/www.xxxx1.org-access.log' '/var/log/nginx/www.xxxx2.com-access.log' '/var/log/nginx/www.xxxx3.com-access.log' '/var/log/nginx/www.xxxx4.com-access.log' '/var/log/nginx/www.xxxx5.com-access.log' '/var/log/nginx/www.xxxx6.com-access.log' '/var/log/nginx/www.xxxx7.com-access.log' '/var/log/nginx/www.xxxx8.com-access.log' '/var/log/nginx/www.xxxx9.com-access.log' '/var/log/nginx/www.xxxx10.com-access.log' '/var/log/nginx/www.xxxx11.com-access.log' '/var/log/nginx/www.xxxx12-access.log' '/var/log/nginx/www.xxxx13.nu-access.log' '/var/log/nginx/www.xxxx14.org-access.log' 2>/dev/null | /usr/bin/perl /usr/share/logwatch/scripts/shared/expandrepeats ''| /usr/bin/perl /usr/share/logwatch/scripts/shared/applyhttpdate ''>/var/cache/logwatch/logwatch.vdVyg9y2/nginx TimeFilter: Period is all TimeFilter: SearchDate is (../.../....:..:..:..) TimeFilter: Debug SearchDate is ( / / ) DEBUG: Inside ApplyHTTPDate... DEBUG: Looking For: (../.../....:..:..:..) export http_ignore_error_hacks='0' export logformat "%h %l %u %t \"%r\" %h:%p %>s %b \"%{referer}i\" upstream [\"%{upstream-address}e\" (%{upstream-response-time}e) %{upstream-status}e : %{upstream-cache-status}e] \"%{user-agent}i\" \"%{x-forwarded-for}e\""='' Processing Service: nginx ( cat /var/cache/logwatch/logwatch.vdVyg9y2/nginx | /usr/bin/perl /usr/share/logwatch/scripts/services/nginx) 2>&1
为什么我没有得到任何输出?