search

allinurl / goaccess

GoAccess is a real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems or through your browser.
https://goaccess.io
MIT License
17.88k stars 1.09k forks source link

Token '[04/Jan/2021:22:59:18' doesn't match specifier '%h' #2053

Closed frakman1 closed 3 years ago

frakman1 commented 3 years ago

I want to use goaccess with the logs from my Nginx Proxy Manager (docker: jlesage/nginx-proxy-manager) using the standard configuration.

/etc/nginx/nginx.conf contains the following log format and log location

log_format standard '[$time_local] $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] "$http_user_agent" "$http_referer"';
access_log /config/log/default.log proxy;

Sample log from /config/log/default.log:

[11/Mar/2021:19:16:29 -0500] 400 - GET http x.x.x.x "/config/getuser?index=0" [Client y.y.y.y] [Length 252] [Gzip -] "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0" "-"

When I copied the default.log file to the host and ran it against goaccess, I get this error:

# cat default.log | docker run --rm -i -e LANG=$LANG allinurl/goaccess -a -o html --log-format COMBINED - > report.html
Digest: sha256:55435cc4797a7b5b93bcaff18f0387ede06919a711f0f7f04f6a08b737f21160
Status: Downloaded newer image for allinurl/goaccess:latest
 [SETTING UP STORAGE -] {0} @ {0/s}
==1== GoAccess - Copyright (C) 2009-2020 by Gerardo Orellana
==1== https://goaccess.io - <hello@goaccess.io>
==1== Released under the MIT License.
==1==
==1== FILE: -
==1== Parsed 10 lines producing the following errors:
==1==
==1== Token '[04/Jan/2021:22:34:18' doesn't match specifier '%h'
==1== Token '[04/Jan/2021:22:41:42' doesn't match specifier '%h'
==1== Token '[04/Jan/2021:22:52:10' doesn't match specifier '%h'
==1== Token '[04/Jan/2021:22:52:23' doesn't match specifier '%h'
==1== Token '[04/Jan/2021:22:59:09' doesn't match specifier '%h'
==1== Token '[04/Jan/2021:22:59:11' doesn't match specifier '%h'
==1== Token '[04/Jan/2021:22:59:11' doesn't match specifier '%h'
==1== Token '[04/Jan/2021:22:59:16' doesn't match specifier '%h'
==1== Token '[04/Jan/2021:22:59:17' doesn't match specifier '%h'
==1== Token '[04/Jan/2021:22:59:18' doesn't match specifier '%h'
==1==
==1== Format Errors - Verify your log/date/time format
read unix @->/var/run/docker.sock: read: connection reset by peer

I know that I need to somehow change the --log-format parameter but I have no idea how. I don't know what the corresponding goaccess log format syntax should be.

frakman1 commented 3 years ago

Answering my own question ...

In the documentation there is a reference to the translating script I need: https://github.com/stockrt/nginx2goaccess image

I used it to output the correct log format:

./nginx2goaccess.sh '[$time_local] $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] "$http_user_agent" "$http_referer"'

- Generated goaccess config:

time-format %T
date-format %d/%b/%Y
log_format [%d:%t %^] %s - %m %^ %v "%U" [Client %h] [Length %b] [Gzip %^] "%u" "%R"

I then ran the command using ' around the values like this:

cat default.log | docker run --rm -i -e LANG=$LANG allinurl/goaccess -a -o html --log-format='[%d:%t %^] %s - %m %^ %v "%U" [Client %h] [Length %b] [Gzip %^] "%u" "%R"' --date-format='%d/%b/%Y' --time-format='%T' - > report.html

and got a beautiful html dashboard view.

The other way I tried was to install it on my Mac using brew and copy and paste the ginx2goaccess.sh output into ~/.goaccessrc and run with goaccess default.log to see the terminal view.

allinurl commented 3 years ago

Awesome, glad that solved your question.

Feel free to reopen it if needed.