Apache log to logstash and consume content



We are using logstash to parse sensitive data from our logs and as a result we need the original logfile (that contains the sensitive data) to not retain any content.

I have tried using a mkfifo and have logstash watch the named pipe file and have apache log to it. This does not work as logstash does not hold the pipe file open, as a result apache fails to start as it cannot log to the file if its not being held open.

I also considered using a syslog input but we have multiple configs for multiple vhosts and as result using a single facility could get complex.

Ideally we want this configuration
Apache -> logstash -> output.log

Can anyone recommend a configuration or logstash input that would allow us to not retain the original unprocessed log data.

Thank you

(Rene) #2

I don't really get what you exactly want, but as long as the vhosts are concerned, I wrote a article on my own blog about getting logs from multiple vhosts into Logstash

(system) #3