We are currently running a apache2/mod-php site on docker, deployed to google kubernetes. In order to leverage the severity level filtering of google cloud logging I've created a LogFormat
in our apache.conf that writes the logs output as structured JSON. Now I'm seeing two access log outputs in our logs. 1 is the correctly formatted CustomLog and the other seems to be a default access log of some sort.
Here's the apache conf:
1 LogLevel info
2
3 LogFormat "{\"message\": \"%{X-Forwarded-For}i %l %u %t '%r' %>s %b '%{Referer}i' '%{User-Agent}i'\", \"severity\": \"INFO\"}" common
4 CustomLog /dev/stderr common
5
6
7 ErrorLogFormat "{\"message\": \"[%t] [%l] [pid %P] %F: %E: [client %a] %M\", \"severity\": \"ERROR\"}"
8 ErrorLog /dev/stderr
9
10 <VirtualHost *:80>
11 ServerName myhost.com
12 ServerAlias myhost.com
13 DocumentRoot /var/www/html/public/
14
15 <Directory />
16 AllowOverride All
17 Order allow,deny
18 Allow from all
19
20 RewriteEngine on
21 RewriteCond %{REQUEST_FILENAME} !-d
22 RewriteCond %{REQUEST_FILENAME} !-f
23 RewriteRule ^(.*)$ index.php?%{QUERY_STRING} [L]
24 </Directory>
25
26 <Directory ~ "\.svn">
27 Order allow,deny
28 Deny from all
29 </Directory>
30
31 <Directory ~ "\.git">
32 Order allow,deny
33 Deny from all
34 </Directory>
35
36 RemoteIPHeader X-Forwarded-For
37 RemoteIPTrustedProxy 10.0.0.0/24
38
39 </VirtualHost>
My error logs and info logs are showing up correctly in google cloud storage. However I keep seeing other access log entries.
Samples:
This log should not show up
::1 - - [13/May/2016:23:32:06 +0000] "GET /server-status?auto HTTP/1.1" 404 2970 "-" "Sysdig Agent/1.0"
This log should show up
{"message": "- - - [13/May/2016:23:32:06 +0000] 'GET /server-status?auto HTTP/1.1' 404 2720 '-' 'Sysdig Agent/1.0'", "severity": "INFO"}
I've tried a number of different configurations and none of them seem to fix the problem. Any idea where this unwanted access log output is coming from?