-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
trouble parsing nginx log #121
Comments
Hi there, The following works for me (assuming you do not have quotes between the request)
Let me know if that works for you! |
unfortunately it didn't work, but i don't know what you mean by "(assuming you do not have quotes between the request)" so maybe i need to do something different. what i posted above are exact copies except ip addresses and stuff have been changed. everything else is exact. thanks for the help. |
I wasn't sure if each log entry is enclosed in double quotes (first and last char in this case), so if your log entry looks exactly like this:
Then I'd use these formats:
Also, I don't see a double quote in your sample entry before |
oh, ok. i don't have double quotes around the log entries. those were meant to mean "exact copy in here" but i screwed that up b/c this "## Log format: i'm not sure what's wrong. what do the "%^" 's mean in your log-format version? |
What flags are you using to run goaccess? Could you try running only the sample entry you posted?This is how I ran your sample:
Then I selected the third option
The |
ok, i ran your command above against the test.log and it was successful. excellent! i then edited my goaccess config to have the "%^" before the referrer on the NCSA combined log format entry and ran "goaccess -f /srv/http/www-logs/supersite.net-access.log -a" and it ran successfully. however, the command+flags i was trying to run previously was "goaccess -f /srv/http/www-logs/supersite.net-access.log -a > report.html" and i get a permisssion denied on that. i ran it in a directory owned by user http. what user does goaccess run as? also, why are we telling goaccess to ignore the referrer? Thanks for all the help. that ncurses is pretty sporty, btw... |
Typically goaccess should be run as root or whoever owns The |
oh, ok. i just wasn't thinking clearly on the whole permissions issue. i'll take care of that. thanks, though. so, how come we're telling goaccess to ignore the $server_name? do i not have it formatted properly or something? |
Good point, If you are able to generate the report/output with valid data then your format should be fine. Currently goaccess does not use |
well, now that i think about it, i don't need $server_name anyways as my logs are separated by site already. |
Glad it worked!. You should be able to generate monthly html reports for each individual site by grepping the virtualhost part (if log entries are stored in the same log) and piping it to goaccess. So a cronjob that looks like the following should do it:
Currently you can get raw statistics by generating a Thanks for all the suggestions, will definitely be adding more options to goaccess. |
I would like to configure nginx in such was that goaccess would recognize the log format without having to configure it. What would you recommend? Also added at http://serverfault.com/questions/702587/what-would-be-a-portable-nignx-http-access-log-format-to-use-with-nginx |
Quoting from this post:
|
see carefully locale. |
really looking forward to trying out goaccess but i'm having trouble getting my nginx log parsed. goaccesss reports "Message: Nothing valid to process."
an example log entry: "192.168.1.1 - - [08/Jun/2014:14:50:58 -0400] "GET /some_slug HTTP/1.1" 200 5082 localhost"http://192.168.1.2/some_slug2" "Mozilla/5.0 (X11; $(X11; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0""
and my relevant nginx.conf stuff: "## Log format:
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent ''$server_name'
'"$http_referer" "$http_user_agent" ';"
what i have right now in goaccess.conf: "log-format %a - %u [%d/%b/%Y:%T -%z ] "%r" %s %b $v "%R" "%U""
and for date-format in goaccess.conf: "date-format %d/%b/%Y:%T %z"
thanks in advance
The text was updated successfully, but these errors were encountered: