You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was reading grok patterns and found your pattern to parse combined apache log
your pattern to parse combined apache log, namely the NCSA log format, does not accept spaces in the authuser field:
I think we should open a conversation here on this subject, in one hand we either have a lot of people doing the same thing wrong, on the other hand we'll have hard times finding a clean way to encode authuser without dropping information, and convincing Apache, Microsoft, and Varnish, nginx, etc... to change their log handling code to change this...
The text was updated successfully, but these errors were encountered:
I was reading grok patterns and found your pattern to parse combined apache log
your pattern to parse combined apache log, namely the NCSA log format, does not accept spaces in the
authuser
field:I read every documentations I could find on the subject, even NCSA HTTPd source code, and could not find any reference of escaping, forbidding, or replacing spaces in the
authuser
field.Yet a lot of people do it wrong too (starting by me, I personally have the habit to split my NCSA log lines on space, or use
awk
,cut
, etc on them).I personally thought at first I was right (to split on spaces, use awk, etc...), so I even opened a ticket on Varnish bug tracker.
I think we should open a conversation here on this subject, in one hand we either have a lot of people doing the same thing wrong, on the other hand we'll have hard times finding a clean way to encode authuser without dropping information, and convincing Apache, Microsoft, and Varnish, nginx, etc... to change their log handling code to change this...
The text was updated successfully, but these errors were encountered: