Skip to content
This repository has been archived by the owner on Nov 1, 2023. It is now read-only.

Home

Jump to bottom
OlegKunitsyn edited this page Dec 8, 2012 · 3 revisions

If you like eslogd share your REGEX, FIELDS and a log sample with other administrators!

Apache access log

# 10.0.0.1 - - [11/Nov/2012:08:31:01 +0200] "GET /album/show/category/39/id/757 HTTP/1.1" 200 70023 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" "-"
FIELDS='host:string username password time:datetime method uri protocol version status bytes:integer referer agent vhost'
REGEX='^(\S+) (\S+) (\S+) \[(\S+ \S+)\] \"(\S+) (.*?) (\S+)\/(\S+)\" (\S+) (\S+) "([^"]*)" "([^"]*)" "([^"]*)"$'

Apache error log 
# [Sun Dec  2 11:33:29 2012] [error] [client 10.0.0.1] File does not exist: /var/www/apple-touch-icon-precomposed.png
FIELDS='time:datetime level message'
REGEX='^\[(\S+ \S+  \S+ \S+ \S+)\] \[(\S+)\] (.*)$'
Clone this wiki locally