Hello,
I have been using graylog for a little while now and have apache2 access and error logs feeding into graylog ok. The access log is being formatted correctly using the COMBINEDAPACHELOG grok pattern however i cannot get the error log to format correctly. I have found a few grok patterns on this forum and the internet but none of them seem to work (i have very limited knowledge of grok and regex but have been learning…
Here is a sample error message coming into graylog:
[Mon Jun 21 15:37:42.947020 2021] [php7:warn] [pid 32118] [client 123.123.171.19:0] PHP Warning: Creating default object from empty value in /var/www/www.abc.xwy/public_html/templates/somefile.php on line 117
I found two grok patterns online i have added but when i test the APACHE_ERROR_LOG pattern against the sample message it doesnt work (i just get an error asking to check the parameters):
APACHE_ERROR_TIME
%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}
APACHE_ERROR_LOG
[%{APACHE_ERROR_TIME:timestamp}] [%{LOGLEVEL:loglevel}] (?:[client %{IPORHOST:clientip}] ){0,1}%{GREEDYDATA:errormsg}
Any help would be much appreciated, i would have thought there would have been prebuilt grok patterns or pipelines for the apache error log but cannot find anything online that works.
