search

globalmac / KnuckleLog

PHP Nginx access log parser
MIT License
11 stars 5 forks source link

Doesn't work with default logs #1

Closed jrichet closed 5 years ago

jrichet commented 5 years ago 
Uncaught Exception: Error parsing line, check offset and limits in .../KnuckleLog.php:108
globalmac commented 5 years ago

Hi!

Mar  8 06:25:07 ip-... haproxy[2168]: IP:PORT [08/Mar/2019:06:25:07.063] http-in cluster_name/api2 0/0/0/1/1 200 1825 - - ---- 2/2/0/0/0 0/0 "GET //api/misc/form HTTP/1.1"

This is not default format...

I recommend use 'combined plus' example:

1) Add a new log_format (or modify your own) in /etc/nginx/nginx.conf:

http {
        ...
        log_format combined_plus '$remote_addr - $remote_user [$time_local]'
                                 ' "$request" $status $body_bytes_sent "$http_referer"'
                                 ' "$http_user_agent" $request_time $upstream_cache_status'
                                 ' [$upstream_response_time]';
        ...
}

2) Specify this format for each access_log directive in Nginx configuration. In simple cases, you only need to do this in /etc/nginx/nginx.conf:

http {
        ...
        access_log /var/log/nginx/access.log combined_plus;
        ...
}