Apache2 rotatelogs in acquisition

Hello,

I search to valide a format in acquis.yaml. Whith Apache2 we uses Rotatelogs for logs like this

 ErrorLog "|/usr/bin/rotatelogs -lc /var/www/site_name/var/log/apache2/error.%Y.%m.%d 86400"
  CustomLog "|/usr/bin/rotatelogs -lc /var/www/site_name/var/log/apache2/access.%Y.%m.%d 86400" combined

Do you think we could send all daily logs at crowdsec with in acquis.yml

---
filenames:
  - /var/www/*/var/log/apache2/access.%Y.%m.%d
  - /var/www/*/var/log/apache2/error.%Y.%m.%d
labels:
  type: apache2
---

Thanks for you're help

We dont know what variable are so they would be treated as literal. The best way would be to do this

filenames:
  - /var/www/*/var/log/apache2/access.*
  - /var/www/*/var/log/apache2/error.*
labels:
  type: apache2
---

@iiAmLoz ok I’ll go to modify my acquis.yml

But If i do access.* all old logs are parsed ? For exemple access log of today is access.2023.03.28 but logs of yesterday is access.2023.03.27 …

Yes but the file module only tails the file so if no lines are added then nothing will be brought into memory. Unless you can specify a latest file which is just a symlink to the latest log.

Hello @iiAmLoz all seems to works we could show logs files with cscli metrics

Thanks for you’re help

1 Like