I was trying to collect Apache access and error logs. My configuration was:
# Apache access file: $ModLoad imfile $InputFileName /var/log/apache2/access.log $InputFileTag apache-access: $InputFileStateFile stat-apache-access $InputFileSeverity info $InputRunFileMonitor #Apache Error file: $InputFileName /var/log/apache2/error.log $InputFileTag apache-errors: $InputFileStateFile stat-apache-error $InputFileSeverity error $InputRunFileMonitor $InputFilePollInterval 10 if $programname == 'apache-access' then @192.168.x.x if $programname == 'apache-errors' then @192.168.x.x
Now it shows the Event Name as "Linux login messages Message" and Low Level Category "stored".
Why is it so?
Also is there any way to collect the access logs in real time? I did it with error logs but cant be able to do so with access logs.