Hello,

it would be nice if you remove the . in Request duration from 25.844 to 25844, i can use it with other apache-instances which dont support you modul for this i use:

LogFormat "{ \"version\": \"1.1\", \"host\": \"ringo.aei.mpg.de\", \"facility\": \"apache-gelf\", \"short_message\":  \"%r\", \"timestamp\": %{%s}t, \"level\": 6, \"_agent\":  \"%{User-Agent}i\", \"_bytes_send\": \"%O\", \"_request_duration_ms\": %D, \"_remote_address\": \"%a\", \"_request_method\": \"%m\", \"_referer\": \"%{Referer}i\", \"_status\": %s, \"_virtual_host\": \"%v\" }"  graylog2_access

CustomLog "|/bin/nc -u syslog.my.domain.de 50520" graylog2_access

so please remove the dot! or add a new GelfField (Request duration ms / Request duration seconds)

best regards

We can not install mod_log_gelf on ubuntu 18.04 because libjson-c2 does not exists.

Is it possible to have a new version packaged ? I can help for tests.

Please consider supporting custom fields so I can log environment variables like %{SSL_PROTOCOL}e, %{SSL_CIPHER}e and so on.

installed json-c-0.11 but failing with the below error

error: Failed dependencies:
json-c is needed by libapache2-mod-gelf-0.1.0-1.x86_64

Hi
Is there a way of capturing the x-forwarded-for header though this mod?

I have an elastic loadbalancer and then varnish in front of apache so the only remote ip's I see in graylog are the varnish servers.

In our apache conf we have

SetEnvIf REMOTE_ADDR "(.+)" CLIENTIP=$1
  SetEnvIf X-Forwarded-For "^([0-9.]+)" CLIENTIP=$1
  LogFormat "%{CLIENTIP}e %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" trueip_combined

and the ip is being logged fine to file at the moment just not to graylog.

I tried using mod_remoteip to set the client value from the x-forwarded-for but no change on the graylog side.
Are there any plans to let headers be captured as well?

Hello,

its fine you has remove the dot, but its still a string ;)
here a output from elasticsearch-mappings (look at type:long/string)

"request_duration_ms":{"type":"long"} <<-- i need
"request_duration_us":{"type":"string","index":"not_analyzed"} <<-- i get

best regards

Attempting to install this apace-mod_log_gelf on one of the Ubuntu Server 18.04.03 VMs I'm running to send Apache information to another VM that contains the Graylog installation.

When installing the Ubuntu commands, I get hung up on this one:

aaron@maria_dev_lamp:~$ sudo apt-get install libjson-c2 zlib1g
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package libjson-c2 is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Package 'libjson-c2' has no installation candidate

I do see that there is a libjson-c3:

aaron@maria_dev_lamp:~$ sudo apt-get install -y libjson-c3
Reading package lists... Done
Building dependency tree
Reading state information... Done
libjson-c3 is already the newest version (0.12.1-1.3).
libjson-c3 set to manually installed.
You might want to run 'apt --fix-broken install' to correct these.
The following packages have unmet dependencies:
 libapache2-mod-gelf : Depends: libjson-c2 but it is not installable
E: Unmet dependencies. Try 'apt --fix-broken install' with no packages (or specify a solution).

So essentially, I'm a little stuck. Any help would be appreciated.

Hallo,

can you pleae add support for the important error log?

THX!!

When using X-Forwarded-For, GelfHeader and GelfFields (X) works well except when using mod_remoteip (for allow / deny / etc.). When RemoteIPHeader X-Forwarded-For is used with RemoteIPProxiesHeader, mod_remoteip removes the X-Forwarded-For header and records it to %a (Client IP address of the request). As X-Forwarded-For is no longer in the header, it cannot be picked up using the GelfHeader method.
Could a GelfField be created for client IP address / %a?

Hello,

Great module ! May you please support TLS for TCP output ?

Thanks

Scenario
two virtualhosts configured on apache for the same domain: http and https
log_gelf_module forwards only 301 requests (logs from http virtualhost) to Graylog server. logs from https virtoaulhost don not get forwarded to GrayLog

below is the apache server config.

/etc/httpd/conf.modules.d/02-gelf.conf

LoadModule log_gelf_module /usr/lib64/httpd/modules/mod_log_gelf.so
GelfEnabled On
GelfUrl "udp://172.21.0.4:12201"
GelfSource "myserver.am"
GelfFacility "apache-gelf"
GelfTag "apache_all"
GelfCookie "tracking"
GelfFields "ABDhImsvRti"

1. <VirtualHost *:80> -- for forwarding requests to https

*<VirtualHost :80>
...
ServerName www.myserver.am
...
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.myserver.am
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

2. <VirtualHost *:443> -- main virtualhost

**** ServerName www.myserver.am ...

My apache servers are behind a load balancer (AWS ElasticLoadBalancer), and mod_log_gelf is only sending load balancer local IP, instead of the client remote IP. Is there any configuration for this?

We encountered an issue with logging.
If logging is enabled, POST-Requests with small bandwidth got aborted after sometime.
The problem occurs on:
Debian 9 with apache 2.4.25-3+deb9u9 and libapache2-mod-gelf 0.2.0-1
Debian 9 with apache 2.4.25-3+deb9u9 and libapache2-mod-gelf 0.3.0-1
Debian 10 with apache 2.4.38-3+deb10u4 and libapache2-mod-gelf 0.3.0-1
If you upload a File larger than 30MB via a POST-Request with reduced bandwith Fast 3G and lower, the request got aborted after sometime.
Disabling the logging with GelfEnabled Off gets it working again.
Removing the module does also get it working again.

got the messages of apache accesslog ,but they are messy code...
how can i resolve it?

Apache supports multitenant environments. each virtual domain can have its own custom settings for each module. this is done by including module specific settings into <ifmodule [modulename]>
log_gelf_module is not accepting "per-virtualhost" configs.

Scenario:
**mod_log_gelf is configured **
/etc/httpd/conf.modules.d/02-gelf.conf

LoadModule log_gelf_module /usr/lib64/httpd/modules/mod_log_gelf.so
GelfEnabled On
GelfUrl "udp://172.21.0.4:12201"
GelfSource "gadgetshop.am"
GelfFacility "apache-gelf"
GelfTag "apache_all"
GelfCookie "tracking"
GelfFields "ABDhImsvRti"

mod_log_gelf is enabled

[root@vps-a ~]# apachectl -M | grep gelf
log_gelf_module (shared)
[root@vps-a ~]#

Virtualhost is configured with log_gelf_module settings

<VirtualHost *:80>
ServerName www.myserver.am
...

GelfEnabled On
GelfUrl "udp://172.21.0.4:12201"
GelfSource "gadgetshop.am"
GelfFacility "apache-gelf"
GelfTag "apache_nossl"
GelfCookie "tracking"
GelfFields "ABDhImsvRti"g

Issus:
only logs with "apache_all" tag are getting forwarded to GrayLog

When trying to load the mod_log_gelf.so on my dev box
Server version: Apache/2.2.15 (Unix)
Server built: Oct 16 2014 14:48:21
CentOS release 6.6 (Final)

i get the error:
/etc/httpd/modules/mod_log_gelf.so: undefined symbol: ap_log_perror_
when i try to startup the httpd

I tried version 0.1.0 and 0.2.0