Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Hopefully fix some apache parsing issues

  • Loading branch information...
commit 06f91394c6ef92c38f05b514291bb4ea30608957 1 parent 57e1690
@jordansissel jordansissel authored
Showing with 11 additions and 2 deletions.
  1. +1 −1  patterns/grok-patterns
  2. +10 −1 spec/examples/parse-apache-logs.rb
View
2  patterns/grok-patterns
@@ -91,7 +91,7 @@ QS %{QUOTEDSTRING}
# Log formats
SYSLOGBASE %{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:
-COMBINEDAPACHELOG %{IPORHOST:clientip} %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] "(?:%{WORD:verb} %{URIPATHPARAM:request}(?: HTTP/%{NUMBER:httpversion})?|-)" %{NUMBER:response} (?:%{NUMBER:bytes}|-) "(?:%{URI:referrer}|-)" %{QS:agent}
+COMBINEDAPACHELOG %{IPORHOST:clientip} %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] "(?:%{WORD:verb} %{URIPATHPARAM:request}(?: HTTP/%{NUMBER:httpversion})?|-)" %{NUMBER:response} (?:%{NUMBER:bytes}|-) %{QS:referrer} %{QS:agent}
# Log Levels
LOGLEVEL ([D|d]ebug|DEBUG|[N|n]otice|NOTICE|[I|i]nfo|INFO|[W|w]arn?(?:ing)?|WARN?(?:ING)?|[E|e]rr?(?:or)?|ERR?(?:OR)?|[C|c]rit?(?:ical)?|CRIT?(?:ICAL)?|[F|f]atal|FATAL)
View
11 spec/examples/parse-apache-logs.rb
@@ -48,10 +48,19 @@
insist { subject["httpversion"] } == "1.1"
insist { subject["response"] } == "200"
insist { subject["bytes"] } == "3638"
- insist { subject["referrer"] }.nil?
+ insist { subject["referrer"] } == '"-"'
insist { subject["agent"] } == "\"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:14.0) Gecko/20100101 Firefox/14.0.1\""
# Verify date parsing
insist { subject.timestamp } == "2012-08-30T00:17:38.000Z"
end
+
+ sample '61.135.248.195 - - [26/Sep/2012:11:49:20 -0400] "GET /projects/keynav/ HTTP/1.1" 200 18985 "" "Mozilla/5.0 (compatible; YodaoBot/1.0; http://www.yodao.com/help/webmaster/spider/; )"' do
+ reject { subject["@tags"] }.include?("_grokparsefailure")
+ insist { subject["clientip"] } == "61.135.248.195"
+ end
+
+ sample '72.14.164.185 - - [25/Sep/2012:12:05:02 -0400] "GET /robots.txt HTTP/1.1" 200 - "www.brandimensions.com" "BDFetch"' do
+ reject { subject["@tags"] }.include?("_grokparsefailure")
+ end
end
Please sign in to comment.
Something went wrong with that request. Please try again.