Hi, I have a virtual hosting setup where 100s of domains are hosted. The hosting setup is configured like this. /var/www/vhost1 - 100 Each vhost dir for eg vhost1/ has its own htdocs/logs dir where the webcontent and logs are created. coming to the point, i use logwatch to parse these logs. i have added all these log file to in the httpd logs conf file for logwatch so it parses all the log files. But what the problem is if i see any sql injection / Exploit attempts in log file its really hard to detect in which domain it occured. so i have to run a grep command like grep "ipaddress" /var/www/*/log/access_log . What i want is how to configure logwatch such that it parses logs and reports domain wise. for eg vhost1.com and its logs parsed results. and vhost2.com and its logs parsed results. Or is there any other way of monitoring log files in apache for a virtual hosting setup. Any comments would be much appreciated. Regards, Mohan.
A alternative to writing custom logwatch reports is to syslog the files to Splunk and sort it out there. Splunk has some really nice reporting features and is really customizable. http://www.splunk.com/
