Trouble with Apache 2.4 error log

nicolacontu · May 20, 2020, 12:50pm

Hello,
I am trying to create a grok pattern for this kind of message :

[Wed May 20 12:02:23.129491 2020] [php7:notice] [pid 13854:tid 139987422476032] [client 10.151.2.142:48670] Missing circuit id/?!=services|segment|new&circuit_id=999999&ordinal=74, referer https://domain.domain/?!=orders|extended_circuit|view|999999&order_id=8888888 domain.domain

Here is the pattern :
[%{HTTPDERROR_DATE:timestamp_error}] [%{WORD:module_error}:%{LOGLEVEL:loglevel_error}] [pid %{POSINT:pid}:tid %{NUMBER:tid}]( (%{POSINT:proxy_errorcode})%{DATA:proxy_errormessage}:)?( [client %{IPORHOST:client}:%{POSINT:clientport}])? %{DATA:errorcode}: %{GREEDYDATA:message_error} %{IPORHOST:vhost_error}

But I am not able because of the referer.
If no referer, the pattern works.

Can anyone help?

Thanks

system · June 3, 2020, 12:50pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Problems with Grok Pattern for Apache 2.4 Error logs Graylog Central (peer support)	11	2735	September 4, 2018
Grok pattern for apache2 error log Graylog Central (peer support)	3	1732	July 6, 2021
Apache error.log grok Templates	0	800	August 24, 2021
EXTRACTOR: How to extract domain name from referrer field of Apache access logs? Graylog Central (peer support)	8	3054	October 17, 2018
Grok Pattern Extractor Error Graylog Central (peer support)	5	1248	July 14, 2021

Trouble with Apache 2.4 error log

Related Topics