Unable to detect date format from nginx log files #9

New issue

Closed

opened 2017-05-15 17:12:16 +02:00 by matorban · 1 comment

matorban commented

2017-05-15 17:12:16 +02:00

HOST - - [29/Sep/2015:19:52:02 +0200] "GET http://blabla HTTP/1.1" 200 4551 "-" "sfFeedReader/0.9"

This kind of format (nginx servor log) seems to not support by ttail.
I get some huge anonymize log for test..

HOST - - [29/Sep/2015:19:52:02 +0200] "GET http://blabla HTTP/1.1" 200 4551 "-" "sfFeedReader/0.9" This kind of format (nginx servor log) seems to not support by ttail. I get some huge anonymize log for test..

yannweb referenced this issue from a commit

2017-05-15 18:07:29 +02:00

Fix #9 add nginx date format to ttail.h

yannweb closed this issue

2017-05-15 18:07:29 +02:00

yannweb commented

2017-05-15 18:11:28 +02:00

Owner

Thank's for the comment.

In fact ttail was not able to autodetect nginx date format. But the programm should work using those options :

ttail -Er "^[^\[]+\[" -f "%d/%B/%Y:%H:%M:%S" -d "#-1h" /path/to/logs/access.log

There was 2 reason for autodetection not working problem :

the format "%d/%B/%Y:%H:%M:%S" is not in the list of format that ttail will try when autodetecting formats
there is a prefix before the date

I added the "%d/%B/%Y:%H:%M:%S" to the list of formats (in src/include/ttail.h ), but you will still have to give the -E -r prefix arguments !

Thank's for the comment. In fact ttail was not able to autodetect nginx date format. But the programm should work using those options : <pre> ttail -Er "^[^\[]+\[" -f "%d/%B/%Y:%H:%M:%S" -d "#-1h" /path/to/logs/access.log </pre> There was 2 reason for autodetection not working problem : - the format "%d/%B/%Y:%H:%M:%S" is not in the list of format that ttail will try when autodetecting formats - there is a prefix before the date I added the "%d/%B/%Y:%H:%M:%S" to the list of formats (in src/include/ttail.h ), but you will still have to give the -E -r prefix arguments !