#!/usr/bin/perl
#
# This script will take a combined Web server access
# log file and break its contents into separate files.
# It assumes that the first field of each line is the
# virtual host identity (put there by "%v"), and that
# the logfiles should be named that+".log" in the current
# directory.
#
# The combined log file is read from stdin. Records read
# will be appended to any existing log files.
#
%is_open = ();

$apachelogdir = "/var/log/apache";

$logdir = "/home";

while ($log_line = <STDIN>) {
   #
   # Get the first token from the log record; it's the
   # identity of the virtual host to which the record
   # applies.
   #
   ($vhost) = split (/\s/, $log_line);
   #
   # Normalize the virtual host name to all lowercase.
   # If it's blank, the request was handled by the default
   # server, so supply a default name.  This shouldn't
   # happen, but caution rocks.
   #
   $vhost = lc ($vhost) or "access";
   #
   # if the vhost contains a "/" or "\", it is illegal so just use
   # the default log to avoid any security issues due if it is interprted
   # as a directory separator.
   # log to apache access log if no vhost!
   $logfile = "$apachelogdir/access.log";
   #
   if ($vhost =~ m#[/\\]#) { 
     $vhost = "access";
   } else 
   {
     $logfile = "$logdir/$vhost/access.log";
   }
   #
   # If the log file for this virtual host isn't opened
   # yet, do it now.
   #
   if (! $is_open{$vhost}) {
       open $vhost, ">> $logfile"
           or die ("Can't open $logfile");
       $is_open{$vhost} = 1;
   }
   #
   # Strip off the first token (which may be null in the
   # case of the default server), and write the edited
   # record to the current log file.
   #
   $log_line =~ s/^\S*\s+//;
   printf $vhost "%s", $log_line;
}
exit 0;