The file .apache-modsec.alias contains many convenient aliases for parsing log files. However, the aliases are very complicated to understand and must be rather difficult to maintain due to their complexity.
It seems to me that most of the complexity stems from the fact that they have to isolate a single element from the log without taking the position of the element in the logged line into account. If the position were to be taken into account and the line separated into its individual elements as an intermediate step, the code would be greatly simplified and easier to maintain.
Here is an example of what it would look like after it is simplified. The result can then easily be further processed. (copy to file and execute)
This of course is just an example and has only been tested with this line log entry. But it would be relatively easy to adapt this for other log formats.
The file
.apache-modsec.alias
contains many convenient aliases for parsing log files. However, the aliases are very complicated to understand and must be rather difficult to maintain due to their complexity.It seems to me that most of the complexity stems from the fact that they have to isolate a single element from the log without taking the position of the element in the logged line into account. If the position were to be taken into account and the line separated into its individual elements as an intermediate step, the code would be greatly simplified and easier to maintain.
Here is an example of what it would look like after it is simplified. The result can then easily be further processed. (copy to file and execute)
The result looks as follows:
This of course is just an example and has only been tested with this line log entry. But it would be relatively easy to adapt this for other log formats.