Apache error.log

colttt · August 24, 2021, 9:19am

Hi, here is my grok-pattern to parse the error log from apache, for me it works with a lot of error messages, also theses with no IP.

\[%{HTTPDERROR_DATE:timestamp}\] \[%{DATA:apache_error_module}:%{LOGLEVEL:log_level}\] \[pid %{POSINT:pid}(:tid %{NUMBER:tid})?\] (%{NOTSPACE:apache_error_file}:)?( )?(\[client %{IPORHOST:source_address}( )?(:%{NUMBER:source_port})?\])?( )?%{GREEDYDATA:message}

after you edit it, just add this to HTTPD_ERRORLOG, which should look like %{HTTPD20_ERRORLOG}|%{HTTPD24_ERRORLOG}|%{APACHE_ERRORLOG}

Topic		Replies	Views
Problems with Grok Pattern for Apache 2.4 Error logs Graylog Central (peer support)	11	2741	September 4, 2018
Grok pattern for apache2 error log Graylog Central (peer support)	3	1740	July 6, 2021
Trouble with Apache 2.4 error log Graylog Central (peer support)	1	334	June 3, 2020
Pipeline Grok function errors Graylog Central (peer support) pipeline-rules , route-to-streampl	8	1500	October 24, 2018
Grok Pattern Extractor Error Graylog Central (peer support)	5	1259	July 14, 2021

Apache error.log

Related Topics