Trouble with Apache 2.4 error log

nicolacontu · May 20, 2020, 12:50pm

Hello,
I am trying to create a grok pattern for this kind of message :

[Wed May 20 12:02:23.129491 2020] [php7:notice] [pid 13854:tid 139987422476032] [client 10.151.2.142:48670] Missing circuit id/?!=services|segment|new&circuit_id=999999&ordinal=74, referer https://domain.domain/?!=orders|extended_circuit|view|999999&order_id=8888888 domain.domain

Here is the pattern :
[%{HTTPDERROR_DATE:timestamp_error}] [%{WORD:module_error}:%{LOGLEVEL:loglevel_error}] [pid %{POSINT:pid}:tid %{NUMBER:tid}]( (%{POSINT:proxy_errorcode})%{DATA:proxy_errormessage}:)?( [client %{IPORHOST:client}:%{POSINT:clientport}])? %{DATA:errorcode}: %{GREEDYDATA:message_error} %{IPORHOST:vhost_error}

But I am not able because of the referer.
If no referer, the pattern works.

Can anyone help?

Thanks

system · June 3, 2020, 12:50pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Problems with Grok Pattern for Apache 2.4 Error logs Graylog Central (peer support)	11	2900	September 4, 2018
Grok pattern for apache2 error log Graylog Central (peer support)	3	2059	July 6, 2021
Apache error.log grok Templates	0	908	August 24, 2021
EXTRACTOR: How to extract domain name from referrer field of Apache access logs? Graylog Central (peer support)	8	3270	October 17, 2018
Grok Pattern Extractor Error Graylog Central (peer support)	5	1447	July 14, 2021

Trouble with Apache 2.4 error log

Related topics