################################################################################
#
# local added from apache
# facility:local6
#

###############################################
#
# destination
#
destination d_httpd_access { file("/var/log/httpd/access.apache.$YEAR$MONTH$DAY.log"); };
destination d_httpd_error { file("/var/log/httpd/error.apache.$YEAR$MONTH$DAY.log"); };

###############################################
#
# filters
#
filter f_httpd_access {
  facility(local6)
  and level(info)
  and not message("internal dummy connection")
  and not message("server-status")
  and not message("nagios-plugins")
  and not message("apcstat")
  and not message("\.png HTTP")
  and not message("\.jpg HTTP")
  and not message("\.gif HTTP")
  and not message("\.swf HTTP")
  and not message("\.css HTTP")
  and not message("\/css\/ HTTP")
  and not message("\.js HTTP");
};              
filter f_httpd_error {
  facility(local6)
  and level(notice..emerg);
};

###############################################
#
# outputs
#
log { source(s_sys); filter(f_httpd_access); destination(d_httpd_access); };
log { source(s_sys); filter(f_httpd_error); destination(d_httpd_error); };


################################################################################
#
# remote receive from app
# facility:local5
#
source s_remote {
  tcp(ip(0.0.0.0) port(514));
};

################
# destinations
destination d_app_access   { file("/var/log/httpd/access.$PROGRAM.$YEAR$MONTH$DAY.log"); };
destination d_app_notice   { file("/var/log/httpd/notice.$PROGRAM.$YEAR$MONTH$DAY.log"); };
destination d_app_error    { file("/var/log/httpd/error.$PROGRAM.$YEAR$MONTH$DAY.log"); };

################
# filters
filter f_app_access {
  level(info);
  and not message("internal dummy connection")
  and not message("server-status")
  and not message("nagios-plugins")
  and not message("apcstat")
  and not message("\.png HTTP")
  and not message("\.jpg HTTP")
  and not message("\.gif HTTP")
  and not message("\.swf HTTP")
  and not message("\.css HTTP")
  and not message("\/css\/ HTTP")
  and not message("\.js HTTP");
};
filter f_app_notice {
  level(notice);
};
filter f_app_error {
  level(warn..emerg)
  and not message("favicon\.ico");
};

################
# outputs
log { source(s_remote); filter(f_app_access); destination(d_app_access); };
log { source(s_remote); filter(f_app_notice); destination(d_app_notice); };
log { source(s_remote); filter(f_app_error);  destination(d_app_error); };