search

allinurl / goaccess

GoAccess is a real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems or through your browser.
https://goaccess.io
MIT License
17.88k stars 1.09k forks source link

Token '[23/Mar/2021:19:02:45' doesn't match specifier '%t' #2061

Closed mauvehed closed 3 years ago

mauvehed commented 3 years ago

I've tried so hard to self resolve this. Initially the problem was about '%h" not matching. I dug enough to discover I needed to enable --no-ip-validation, which didn't exist in my goaccess (I was on v1.2), I upgraded to v1.4.6, and now I have this time error. I'm not custom logformat expert, so I'm a bit stuck now and I feel like I'm super close.

# goaccess --version
GoAccess - 1.4.6.
For more details visit: https://goaccess.io/
Copyright (C) 2009-2020 by Gerardo Orellana

Build configure arguments:
  --enable-utf8
  --enable-geoip=mmdb
  --with-openssl
# grep LogFormat /etc/apache2/apache2.conf
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# grep -v \# /etc/goaccess.conf |head -8
time-format %H:%M:%S
date-format %d/%b/%Y
log-format %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"
# goaccess --no-ip-validation -p /etc/goaccess.conf /home/admin/access_mvh.log
==24857== GoAccess - Copyright (C) 2009-2020 by Gerardo Orellana
==24857== https://goaccess.io - <hello@goaccess.io>
==24857== Released under the MIT License.
==24857==
==24857== FILE: /home/admin/access_mvh.log
==24857== Parsed 10 lines producing the following errors:
==24857==
==24857== Token '[23/Mar/2021:19:02:45' doesn't match specifier '%t'
==24857== Token '[23/Mar/2021:19:02:47' doesn't match specifier '%t'
==24857== Token '[23/Mar/2021:19:02:49' doesn't match specifier '%t'
==24857== Token '[23/Mar/2021:19:02:49' doesn't match specifier '%t'
==24857== Token '[23/Mar/2021:19:02:50' doesn't match specifier '%t'
==24857== Token '[23/Mar/2021:19:02:50' doesn't match specifier '%t'
==24857== Token '[23/Mar/2021:19:02:51' doesn't match specifier '%t'
==24857== Token '[23/Mar/2021:19:02:51' doesn't match specifier '%t'
==24857== Token '[23/Mar/2021:19:02:54' doesn't match specifier '%t'
==24857== Token '[23/Mar/2021:19:02:55' doesn't match specifier '%t'
==24857==
==24857== Format Errors - Verify your log/date/time format
# head -10 /home/admin/access_mvh.log
my.host.name - - [23/Mar/2021:19:02:45 -0400] "GET /ourwebserver.css HTTP/1.1" 200 700 "https://ourwebserver.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0"
my.host.name - - [23/Mar/2021:19:02:47 -0400] "GET /~mauvehed/ HTTP/1.1" 200 4145 "https://ourwebserver.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0"
my.host.name - - [23/Mar/2021:19:02:49 -0400] "GET /folder2/aol.html HTTP/1.1" 200 2163 "https://ourwebserver.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0"
my.host.name - - [23/Mar/2021:19:02:49 -0400] "GET /folder2/folder2.jpg HTTP/1.1" 200 9920 "https://ourwebserver.org/folder2/aol.html" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0"
my.host.name - - [23/Mar/2021:19:02:50 -0400] "GET /folder1/company/ HTTP/1.1" 200 6906 "https://ourwebserver.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0"
my.host.name - - [23/Mar/2021:19:02:50 -0400] "GET /folder1/company/othercompanies.png HTTP/1.1" 200 6080 "https://ourwebserver.org/folder1/company/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0"
my.host.name - - [23/Mar/2021:19:02:51 -0400] "GET /folder1/company/yahoo02.html HTTP/1.1" 200 2029 "https://ourwebserver.org/folder1/company/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0"
my.host.name - - [23/Mar/2021:19:02:51 -0400] "GET /folder1/company/yahoo-private-key.jpg HTTP/1.1" 200 46883 "https://ourwebserver.org/folder1/company/yahoo02.html" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0"
my.host.name - - [23/Mar/2021:19:02:54 -0400] "GET /folder2/aol.html HTTP/1.1" 200 2163 "https://ourwebserver.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0"
my.host.name - - [23/Mar/2021:19:02:55 -0400] "GET /folder2/0553.html HTTP/1.1" 200 1071 "https://ourwebserver.org/folder2/aol.html" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0"
allinurl commented 3 years ago

This should do it:

goaccess access.log --log-format=COMBINED --no-ip-validation

Let me know how it goes.

mauvehed commented 3 years ago

This should do it:

goaccess access.log --log-format=COMBINED --no-ip-validation

Let me know how it goes.

That worked! And wow was that simple :-) Initially our log format was slightly different, so I decided to simplify it back to NCSA.