jensvoid
commented
9 years ago what is lorg's error message? Is it `cannot auto-detect input type'?
it looks like you use a custom log format. lorg will not be able to handle it, until you tell it how to (by adding an appropriate regular expression in $allowed_input_types, matching your custom format).
another quick workaround to convert your format into the 'common' format might be something like:
cat /path/to/access_log | awk '{print $1" "$2" - [01/Jan/1970:00:00:00 +0000] \""$3" "$4" "$5"\" "200" "0}' > /tmp/access_log.convertedjust for the interest: which web server is used (apache? iis? ...) and are there really no quotes or line breaks in the provided logline sample?
I want to run this tool. I have create a clone and also create log file in the same lorg directory
./lorg -d phpids -u -g /path/to/access_log{AttackerIP} - GET / HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Connection: keep-alive Host: {Our IP} User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0 this is one log sample I have made from my data. Kindly help mw out.