allinurl
log format identification
Hi, I'm having a hard time identifying my log format.
This is the log format:
185.000.000.000 - - [05/Mar/2025:16:44:16 -0500] "GET / HTTP/1.1" 200 2379 "http://184.000.000.000:80/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36"
I did change all the ip. I should be using nginx's default log format so when i tried the following command:
sudo goaccess -o /var/www/html/report_apps.html --real-time-html -f /var/log/nginx/access/apps.selfhost.log -f /var/log/nginx/errors/ha.selfhost.log --port=9071 --log-format=COMBINED
I am getting the following error:
[PARSING /var/log/nginx/errors/ha.selfhost.log] {0} @ {0/s}
Cleaning up resources...
==1176520== GoAccess - version 1.9.3 - Jun 4 2024 22:49:46
==1176520== Config file: /etc/goaccess/goaccess.conf
==1176520== https://goaccess.io - <[email protected]>
==1176520== Released under the MIT License.
==1176520==
==1176520== FILE: /var/log/nginx/errors/ha.selfhost.log
==1176520== Parsed 10 lines producing the following errors:
==1176520==
==1176520== Token '2024/12/22' doesn't match specifier '%h'
==1176520== Token '2024/12/22' doesn't match specifier '%h'
==1176520== Token '2024/12/22' doesn't match specifier '%h'
==1176520== Token '2024/12/22' doesn't match specifier '%h'
==1176520== Token '2024/12/22' doesn't match specifier '%h'
==1176520== Token '2024/12/22' doesn't match specifier '%h'
==1176520== Token '2024/12/22' doesn't match specifier '%h'
==1176520== Token '2024/12/22' doesn't match specifier '%h'
==1176520== Token '2024/12/22' doesn't match specifier '%h'
==1176520== Token '2024/12/22' doesn't match specifier '%h'
==1176520==
==1176520== Format Errors - Verify your log/date/time format
So I tried to use a custom format like so:
sudo goaccess -o /var/www/html/report_apps.html --real-time-html -f /var/log/nginx/access/apps.selfhost.log -f /var/log/nginx/errors/ha.selfhost.log --port=9071 --log-format='%h - - [% x] %r' --datetime-format '%d/%b/%Y:%H:%M:%S %z'
Sadly I am getting this error:
[PARSING /var/log/nginx/errors/ha.selfhost.log] {0} @ {0/s}
Cleaning up resources...
==1188418== GoAccess - version 1.9.3 - Jun 4 2024 22:49:46
==1188418== Config file: /etc/goaccess/goaccess.conf
==1188418== https://goaccess.io - <[email protected]>
==1188418== Released under the MIT License.
==1188418==
==1188418== FILE: /var/log/nginx/errors/ha.selfhost.log
==1188418== Parsed 10 lines producing the following errors:
==1188418==
==1188418== Token '2024/12/22' doesn't match specifier '%h'
==1188418== Token '2024/12/22' doesn't match specifier '%h'
==1188418== Token '2024/12/22' doesn't match specifier '%h'
==1188418== Token '2024/12/22' doesn't match specifier '%h'
==1188418== Token '2024/12/22' doesn't match specifier '%h'
==1188418== Token '2024/12/22' doesn't match specifier '%h'
==1188418== Token '2024/12/22' doesn't match specifier '%h'
==1188418== Token '2024/12/22' doesn't match specifier '%h'
==1188418== Token '2024/12/22' doesn't match specifier '%h'
==1188418== Token '2024/12/22' doesn't match specifier '%h'
==1188418==
==1188418== Format Errors - Verify your log/date/time format
COMBINED does the job. Are you sure you have the correct format and proper IPs? Here’s what I get with your sample line. Feel free to attach part of the log if it doesn’t work
Ok so I just checked both log files, turns out the error logs format is different:
2025/03/03 08:53:02 [error] 929#929: *92935 connect() failed (111: Connection refused) while connecting to upstream, client: 141.255.166.90, server: ha.selfhost.domain.com, request: "GET /cgi-bin/luci/;stok=/locale HTTP/1.1", upstream: "http://192.168.0.16:8123/cgi-bin/luci/;stok=/locale", host: "184.000.000.000", referrer: "http://184.000.000.000:80/cgi-bin/luci/;stok=/locale"
Issue is nowhere in my nginx config am i defining any log formats. is there any way to fix that?
You need to parse both logs separately. Are you currently writing them to the same file?
no, i have one file for errors and one file for regualar logs. but they're both for the same service so i want them in the same goaccess instance.