arberg
commented
10 months ago This has been fixed in latest commit from 2021. It now reads:
\[(?:%{WORD:[apache][error][module]})?:%{LOGLEVEL:[log][level]}\]
Closed jordi-domingo closed 10 months ago
arberg
commented
10 months ago This has been fixed in latest commit from 2021. It now reads:
\[(?:%{WORD:[apache][error][module]})?:%{LOGLEVEL:[log][level]}\]
Issue description
For Apache 2.4 error logs, if the module string is empty, the HTTPD24_ERRORLOG grok pattern fails (
_grokparsefailure).Example log entry:
[Tue Apr 14 14:27:52.605084 2020] [:error] [pid 5688] [client XX.XX.XX.XX:8196] script '/XXX/wp-login.php' not found or unable to statWorkaround
Expand
%{HTTPD24_ERRORLOG}and replace this part:\[%{WORD:module}:%{LOGLEVEL:loglevel}\]with this:
\[(%{WORD:module})?:%{LOGLEVEL:loglevel}\]Details for fast resolution