Project

General

Profile

Actions

Feature #602

closed

availability for http.log output - identical to apache log format

Added by Peter Manev about 12 years ago. Updated over 11 years ago.

Status:
Closed
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

It would be beneficial if http.log, can be customized to output identical to apache2 access.log format.
That way - http.log would be immediately parable by all log parser programs that do that for apache - and there are quite a few.

To quickly check if the format of the output is the same - one could use "goaccess" (a top/htop like tool but for access.log in apache) -
sudo apt-get install goaccess

Example of use:
goaccess -f /var/log/apache2/access.log

If goaccess can parse the output of http.log (when customized for apache output format) - then any apache log parser would be able to parse the http.log i think.

Please find exemplary output of apache log customized and http.log customized with the same config lines:

apache2.conf:
LogFormat "%h l %u %t \"%r\" %>s %O \"{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h l %u %t \"%r\" %>s %O" common
LogFormat "\"
{X-Forwarded-For}i\" h %l %u %t \"%r\" %>s %O \"{Referer}i\" \"%{User-Agent}i\"" combined_xforward

The yaml equivalent:
customformat: "%h l %u %t \"%r\" %>s %O \"{Referer}i\" \"%{User-Agent}i\""
customformat: "%h l %u %t \"%r\" %>s %O"
customformat: "\"
{X-Forwarded-For}i\" h %l %u %t \"%r\" %>s %O \"{Referer}i\" \"%{User-Agent}i\""

and the results/differences attached.

Thank you


Files

apache_http_log.tar.gz (8.5 KB) apache_http_log.tar.gz Peter Manev, 10/15/2012 05:00 AM

Related issues 1 (0 open1 closed)

Related to Suricata - Bug #600: literal \t (x09) in mod_log_configClosedIgnacio Sanchez10/11/2012Actions
Actions

Also available in: Atom PDF