Parser not working correctly for nginx error logs

[b2cc]

Hello,

we encountered a problem when parsing nginx error logs. It seems some parts of the log entries are not parsed correctly and always output None, e.g.:

./modsec-log-parser.py --delim ';' --summary="client,matchMessage,file,line,msg,data,hostname,uri" /var/log/nginx/error.log

produces this output (notice the two "None" entries in the front)

None;None;/usr/local/kong/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf";992";Request content type is not allowed by policy";application/ocsp-request";212.1.2.3";/"

The log entries look like this:

2020/06/24 10:03:23 [info] 24979#0: *16025 ModSecurity: Warning. Matched "Operator `Rx' with parameter `^application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/soap+xml|application/x-amf|application/json|application/octet-stream|application/csp-report|application/xss- (26 characters omitted)' against variable `TX:0' (Value: `application/ocsp-request' ) [file "/usr/local/modsecurity/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "992"] [id "920420"] [rev ""] [msg "Request content type is not allowed by policy"] [data "application/ocsp-request"] [severity "2"] [ver "OWASP_CRS/3.1.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/CONTENT_TYPE_NOT_ALLOWED"] [tag "WASCTC/WASC-20"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/EE2"] [tag "PCI/12.1"] [hostname "10.11.11.11"] [uri "/"] [unique_id "159298580377.868567"] [ref "o0,24v50,24"], client: 10.2.3.4, server: _, request: "POST / HTTP/1.0", host: "ocsp.example.com"

Also it would be nice to be able to print the part with this information: client: 10.2.3.4, server: _, request: "POST / HTTP/1.0", host: "ocsp.example.com from the end of the logfile.

Could you fix it so it prints nginx error logs correctly? Thanks!