Closed sumdog closed 6 years ago
I'm pretty sure you need to have only one IP address in the first field of your log format in order for awstats to understand it. No commas or spaces.
If you have two different fields separated by a space (for example client IP and a proxy IP), then you should use something like LogFormat="%host %other <rest of the fields here>"
in your awstats.conf
.
You're right, this isn't really an awstats issue, and it's actually good it fails here rather than discarding bad log entries.
For future reference for others who experience this issue hand happen to be using HAProxy, I fixed it by adding the following to my HAProxy frontend:
http-request set-header X-Forwarded-For %[src]
and removing the following from the default section:
option forwardfor
That replaces the X-Forwarded-For header instead of appending a second one.
I started seeing the following when running awstats to parse logs:
I was on a Ubuntu docker image running awstats v7.4, so I updated to
ubuntu:artsy
so I could get awstats 7.6 (specificallyAWStats version 7.6 (build 20161204)
) and got the same error. The problem comes from lines like the following:Is the common log format suppose to allow for separating out hosts and their proxies with commas? I've got the following in my awstats configuration:
My HAProxy is setting up an
X-Forwarded-For
header by using the following option:...and nginx seems to be passing it on straight through using the following log format:
Is this a bug in awstats (should it be able to handle those source addresses that are separated by a comma and a space) or should haproxy not be reporting x-forwarded-for in that format?