Skip to content

Instantly share code, notes, and snippets.

@kosho
Last active Jun 3, 2021
Embed
What would you like to do?
Structured logging example configurations
# Apache httpd
- input_type: log
paths:
- /var/log/httpd/access_log.js
document_type: apache
json.keys_under_root: true
json.add_error_key: true
# Squid
- input_type: log
paths:
- /var/log/squid/access_log.js
document_type: squid
json.keys_under_root: true
json.add_error_key: true
LogFormat "{ \"clientip\": \"%h\", \"ident\": \"%l\", \"auth\": \"%u\", \"timestamp\": \"%{%FT%T%z}t\", \"verb\": \"%m\", \"request\": \"%U%q\", \"httpversion\": \"%H\", \"response\": %>s, \"bytes\": %b, \"referer\": \"%{Referer}i\", \"agent\": \"%{User-agent}i\" }" combinedjson
CustomLog logs/access_log.js combinedjson
logformat combinedjson { "clientip": "%>a", "ident": "%ui", "uname": "%un", "timestamp": "%{%FT%T%z}tg", "verb": "%rm", "request": "%ru", "httpversion": "HTTP/%rv", "response": %>Hs, "bytes": %<st, "referer": "%{Referer}>h", "agent": "%{User-Agent}>h", "request_status": "%Sh", "hierarchy_status": "%Sh" }
access_log /var/log/squid/access_log.js combinedjson
@diepes

This comment has been minimized.

Copy link

@diepes diepes commented Jun 3, 2021

I think there is a small mistake in squid.conf line 1, for the combinedjson the %Sh is used twice.

, "request_status": "%Sh", "hierarchy_status": "%Sh"
should be
, "request_status": "%Ss", "hierarchy_status": "%Sh"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment