Closed pospos369 closed 3 months ago
The following format works for the sample lines you posted:
# goaccess access.log --log-format='%^[%d:%t %^] "%r" %s %b "%R" "%u" "~h{ }"' --date-format=%d/%b/%Y --time-format=%T
That's solved, thank you very much.
log-format %^[%d:%t %^] "%r" %s %b "%R" - %^"%u" "~h{ }"
logs: 10.x.x.x - - [21/Feb/2024:11:46:47 +0800] "GET /admin/public/captcha?=254 HTTP/1.1" 200 889 "https://abc.com/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36" "113.74.169.84" 10.x.x.x - - [21/Feb/2024:11:46:49 +0800] "GET /admin/public/captcha?=9660 HTTP/1.1" 200 784 "https://abc.com/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36" "113.74.169.84" 10.x.x.x - - [21/Feb/2024:11:46:50 +0800] "GET /admin/public/captcha?=1267 HTTP/1.1" 200 880 "https://abc.com/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36" "113.74.169.84" 10.x.x.x - - [21/Feb/2024:16:52:01 +0800] "GET / HTTP/1.1" 200 789 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36" "182.92.159.112" 10.x.x.x - - [21/Feb/2024:16:52:01 +0800] "GET /portal/v2/index/splash HTTP/1.1" 200 927 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36" "182.92.159.112"
Why is the first part of the IP address incomplete?
![20240325193030](https://github.com/allinurl/goaccess/assets/38270028/f87e28d2-8de6-44e8-91dd-fb4cbc58cb47)