search

allinurl / goaccess

GoAccess is a real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems or through your browser.
https://goaccess.io
MIT License
17.78k stars 1.09k forks source link

xff ips Incomplete #2651

Closed pospos369 closed 3 months ago

pospos369 commented 3 months ago

log-format %^[%d:%t %^] "%r" %s %b "%R" - %^"%u" "~h{ }"

logs: 10.x.x.x - - [21/Feb/2024:11:46:47 +0800] "GET /admin/public/captcha?=254 HTTP/1.1" 200 889 "https://abc.com/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36" "113.74.169.84" 10.x.x.x - - [21/Feb/2024:11:46:49 +0800] "GET /admin/public/captcha?=9660 HTTP/1.1" 200 784 "https://abc.com/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36" "113.74.169.84" 10.x.x.x - - [21/Feb/2024:11:46:50 +0800] "GET /admin/public/captcha?=1267 HTTP/1.1" 200 880 "https://abc.com/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36" "113.74.169.84" 10.x.x.x - - [21/Feb/2024:16:52:01 +0800] "GET / HTTP/1.1" 200 789 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36" "182.92.159.112" 10.x.x.x - - [21/Feb/2024:16:52:01 +0800] "GET /portal/v2/index/splash HTTP/1.1" 200 927 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36" "182.92.159.112"

Why is the first part of the IP address incomplete? 20240325192635 20240325193030

allinurl commented 3 months ago

The following format works for the sample lines you posted:

# goaccess access.log --log-format='%^[%d:%t %^] "%r" %s %b "%R" "%u" "~h{ }"' --date-format=%d/%b/%Y --time-format=%T

2024-03-26-175928_547x443_scrot

pospos369 commented 3 months ago

That's solved, thank you very much.