elB4RTO/LogDoctor
elB4RTO/LogDoctor
2
2
Fork 0
Code Issues 5 Pull requests Projects 1 Releases 9 Wiki Activity

Improvements

Browse source 
Added new method 'parseNginxEscapes'.
Added rich text and colors for the log sample generation.
This commit is contained in:
Valentino Orlandi 2022-08-06 00:20:47 +02:00
parent 9a7b3472b6
commit 85e2560b1a
Signed by: elB4RTO
GPG key ID: 1719E976DB2D4E71
2 changed files with 231 additions and 377 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

403
logdoctor/tools/craplog/modules/formats.cpp
View file

@ -6,174 +6,11 @@
FormatOps::FormatOps()
{
/*
/////////////////
//// APACHE2 ////
// access logs fields formats (only the ones considered)
this->APACHE_ALF["\%h"] = "client";
this->APACHE_ALF["\%t"] = "date_time_ncsa";
this->APACHE_ALF["\%r"] = "request_full";
this->APACHE_ALF["\%H"] = "request_protocol";
this->APACHE_ALF["\%m"] = "request_method";
this->APACHE_ALF["\%U"] = "request_uri";
this->APACHE_ALF["\%q"] = "request_query";
this->APACHE_ALF["\%s"] = "response_code";
this->APACHE_ALF["\%>s"] = "response_code";
this->APACHE_ALF["\%O"] = "bytes_sent";
this->APACHE_ALF["\%I"] = "bytes_received";
this->APACHE_ALF["\%T"] = "time_taken_s";
this->APACHE_ALF["\%D"] = "time_taken_ms";
// composed items (only the ones considered)
this->APACHE_ALF_V["h"] = { {"c", "client"} };
this->APACHE_ALF_V["t"] = { {"sec", "date_time_epoch_s"},
{"msec", "date_time_epoch_ms"},
{"usec", "date_time_epoch_us"},
{"\%b", "date_time_month_str"},
{"\%B", "date_time_month_str"},
{"\%c", "date_time_mcs"},
{"\%d", "date_time_day"},
{"\%D", "date_time_MMDDYY"},
{"\%e", "date_time_day"},
{"\%F", "date_time_YYYYMMDD"},
{"\%h", "date_time_month_str"},
{"\%H", "date_time_hour"},
{"\%m", "date_time_month"},
{"\%M", "date_time_minute"},
//{"\%p", "date_time_clock_meridian"},
{"\%r", "date_time_clock_12"},
{"\%R", "date_time_clock_short"},
{"\%S", "date_time_second"},
{"\%T", "date_time_clock_24"},
{"\%x", "date_time_MMDDYY"},
{"\%X", "date_time_clock_24"},
{"\%y", "date_time_year_short"},
{"\%Y", "date_time_year"} };
this->APACHE_ALF_V["i"] = { {"Cookie", "cookie"},
{"User-agent", "user_agent"},
{"Referer", "referer"} };
this->APACHE_ALF_V["T"] = { {"s", "time_taken_s"},
{"ms", "time_taken_ms"},
{"us", "time_taken_us"} };
// not in use, will be discarded
this->APACHE_ALF["\%a"] = "NONE";
this->APACHE_ALF["\%A"] = "NONE";
this->APACHE_ALF["\%b"] = "NONE";
this->APACHE_ALF["\%B"] = "NONE";
this->APACHE_ALF["\%f"] = "NONE";
this->APACHE_ALF["\%k"] = "NONE";
this->APACHE_ALF["\%l"] = "NONE";
this->APACHE_ALF["\%L"] = "NONE";
this->APACHE_ALF["\%p"] = "NONE";
this->APACHE_ALF["\%P"] = "NONE";
this->APACHE_ALF["\%R"] = "NONE";
this->APACHE_ALF["\%S"] = "NONE";
this->APACHE_ALF["\%u"] = "NONE";
this->APACHE_ALF["\%v"] = "NONE";
this->APACHE_ALF["\%V"] = "NONE";
this->APACHE_ALF["\%X"] = "NONE";
this->APACHE_ALF["\%{x-forwarded-for}"] = "NONE";
// composed not in use
this->APACHE_ALF_V["a"] = {};
this->APACHE_ALF_V["c"] = {};
this->APACHE_ALF_V["e"] = {};
this->APACHE_ALF_V["n"] = {};
this->APACHE_ALF_V["o"] = {};
this->APACHE_ALF_V["p"] = {};
this->APACHE_ALF_V["P"] = {};
this->APACHE_ALF_V["^ti"] = {};
this->APACHE_ALF_V["^to"] = {};
// error logs fields formats (only the ones considered)
this->APACHE_ELF["\%a"] = "client:port";
this->APACHE_ELF["\%l"] = "error_level";
this->APACHE_ELF["\%M"] = "error_message";
this->APACHE_ELF["\%F"] = "source_file";
this->APACHE_ELF["\%t"] = "date_time_mcs";
// composed
this->APACHE_ELF_V["t"] = { {"u", "date_time_mcs"},
{"cu","date_time_iso_mcs"}};
// not in use, will be discarded
this->APACHE_ELF["\%A"] = "NONE";
this->APACHE_ELF["\%E"] = "NONE";
this->APACHE_ELF["\%F"] = "NONE";
this->APACHE_ELF["\%k"] = "NONE";
this->APACHE_ELF["\%L"] = "NONE";
this->APACHE_ELF["\%m"] = "NONE";
this->APACHE_ELF["\%P"] = "NONE";
this->APACHE_ELF["\%T"] = "NONE";
this->APACHE_ELF["\%v"] = "NONE";
this->APACHE_ELF["\%V"] = "NONE";
// composed not in use
this->APACHE_ELF_V["a"] = {};
this->APACHE_ELF_V["e"] = {};
this->APACHE_ELF_V["i"] = {};
this->APACHE_ELF_V["L"] = {};
this->APACHE_ELF_V["n"] = {};
this->APACHE_ELF_V["T"] = {};
///////////////
//// NGINX ////
// access logs fields formats (only the ones considered)
this->NGINX_ALF["$remote_addr"] = "client";
this->NGINX_ALF["$time_local"] = "date_time_ncsa";
this->NGINX_ALF["$time_iso8601"] = "date_time_iso";
this->NGINX_ALF["msec"] = "date_time_epoch_s.ms";
this->NGINX_ALF["$request"] = "request_full";
this->NGINX_ALF["$status"] = "response_code";
this->NGINX_ALF["$bytes_sent"] = "bytes_sent";
this->NGINX_ALF["$request_length"] = "bytes_received";
this->NGINX_ALF["$request_time"] = "time_taken_s.ms";
this->NGINX_ALF["$http_referer"] = "referer";
this->NGINX_ALF["$http_user_agent"] = "user_agent";
// not in use, will be discarded
this->NGINX_ALF["$remote_user"] = "NONE";
this->NGINX_ALF["$gzip_ratio"] = "NONE";
this->NGINX_ALF["$connection"] = "NONE";
this->NGINX_ALF["$connection_requests"] = "NONE";
this->NGINX_ALF["pipe"] = "NONE";
// error logs fields formats (only the ones considered)
this->NGINX_ELF["$time_iso8601"] = "date_time_iso";
this->NGINX_ELF["$error_level"] = "error_level";
this->NGINX_ELF["$error_message"] = "error_message";
this->NGINX_ELF["$pid"] = "NONE";
this->NGINX_ELF["$cid"] = "NONE";
/////////////
//// IIS ////
// access logs fields formats (only the ones considered)
this->IIS_ALF["c-ip"] = "client";
this->IIS_ALF["date"] = "date_time_utc_d";
this->IIS_ALF["time"] = "date_time_utc_t";
this->IIS_ALF["cs-version"] = "request_protocol";
this->IIS_ALF["cs-method"] = "request_method";
this->IIS_ALF["cs-uri-stem"] = "request_uri";
this->IIS_ALF["cs-uri-query"] = "request_query";
this->IIS_ALF["sc-status"] = "response_code";
this->IIS_ALF["sc-bytes"] = "bytes_sent";
this->IIS_ALF["cs-bytes"] = "bytes_received";
this->IIS_ALF["time-taken"] = "time_taken_ms";
this->IIS_ALF["cs(Referrer)"] = "referer";
this->IIS_ALF["cs(Cookie)"] = "cookie";
this->IIS_ALF["cs(User-Agent)"] = "user_agent";
// not in use, will be discarded
this->IIS_ALF["s-sitename"] = "NONE";
this->IIS_ALF["s-computername"] = "NONE";
this->IIS_ALF["s-ip"] = "NONE";
this->IIS_ALF["s-port"] = "NONE";
this->IIS_ALF["cs-username"] = "NONE";
this->IIS_ALF["cs-host"] = "NONE";
this->IIS_ALF["sc-substatus"] = "NONE";
this->IIS_ALF["sc-win32-status"] = "NONE";
this->IIS_ALF["streamid"] = "NONE";
// error logs fields formats (only the ones considered)
this->IIS_ELF[""] = "";
// not in use, will be discarded
this->IIS_ELF[""] = "NONE";*/
}
std::string FormatOps::parseApacheEscapes( const std::string& string )
// process escapes like apache
const std::string FormatOps::parseApacheEscapes( const std::string& string )
{
int i = 0,
max = string.size()-1;
@ -230,8 +67,8 @@ std::string FormatOps::parseApacheEscapes( const std::string& string )
str2.push_back( '\t' );
i++;
} else {
if ( cc == '%' ) {
// backslashed percent sign results in a backslash + percent sign
if ( cc != '"' ) {
// any other backslashed characters result in a backslash+character, except for double-quotes
str2.push_back( c );
}
str2.push_back( cc );
@ -246,6 +83,57 @@ std::string FormatOps::parseApacheEscapes( const std::string& string )
return str2;
}
// process escapes like nginx
const std::string FormatOps::parseNginxEscapes( const std::string& string )
{
int i = 0,
max = string.size()-1;
char c, cc;
std::string str = "";
// parse once
while (true) {
if ( i >= max ) {
// no need to check the final char
if ( i == max ) {
str.push_back( string.at( i ) );
}
break;
}
c = string.at( i );
cc = string.at( i+1 );
if ( c == '\\' ) {
// just the ones supported by nginx
if ( cc == '\\' ) {
str.push_back( c );
i++;
} else if ( cc == 'n' ) {
str.push_back( '\n' );
i++;
} else if ( cc == 'r' ) {
str.push_back( '\r' );
i++;
} else if ( cc == 't' ) {
str.push_back( '\t' );
i++;
} else if ( cc == '\'' || cc == '"' ) {
str.push_back( cc );
i++;
} else {
// not a control-character, resulting in a backslash+character
str.push_back( c );
str.push_back( cc );
i++;
}
} else {
str.push_back( c );
}
i++;
}
return str;
}
const FormatOps::LogsFormat FormatOps::processApacheFormatString( const std::string& f_str, const int l_type )
{
@ -277,6 +165,10 @@ const FormatOps::LogsFormat FormatOps::processApacheFormatString( const std::str
// start after the last found field
start = stop;
cur_sep = "";
if ( cur_fld == "date_time_ncsa" ) {
// NCAS time format is always enclosed inside brackets
cur_sep += "]";
}
while (true) {
// loop until a valid field is found (doens't matter if considered or not)
while (true) {
@ -408,6 +300,10 @@ const FormatOps::LogsFormat FormatOps::processApacheFormatString( const std::str
if ( f_map->find( aux_fld ) != f_map->end() ) {
// valid
cur_fld = f_map->at( aux_fld );
if ( cur_fld == "date_time_ncsa" ) {
// NCAS time format is always enclosed inside brackets
cur_sep += "[";
}
stop = aux_stop;
break;
} else {
@ -531,27 +427,6 @@ const FormatOps::LogsFormat FormatOps::processNginxFormatString( const std::stri
// not found, skip to the next
continue;
}
if ( aux > 0 ) {
if ( f_str.at(aux-1) == '\\' ) {
// backslashed, may be a false positive
int n_slashes = 1, j=aux-2;
while (true) {
if ( j < 0 ) {
break;
}
if ( f_str.at( j ) == '\\' ) {
n_slashes ++;
j --;
} else {
break;
}
}
if ( n_slashes % 2 == 1 ) {
// odd number of BS, supposed to result in a backslashed keyword
continue;
}
}
}
if ( aux < min_dist ) {
// a nearer field has been found
min_dist = aux;
@ -566,12 +441,12 @@ const FormatOps::LogsFormat FormatOps::processNginxFormatString( const std::stri
// break if no more fields was found
if ( cur_fld == "" ) {
// append the last section as final separator
final = f_str.substr( start );
final = this->parseNginxEscapes( f_str.substr( start ) );
break;
}
// get the current separator
cur_sep = f_str.substr( start, min_dist-start );
cur_sep = this->parseNginxEscapes( f_str.substr( start, min_dist-start ) );
if ( n_fld == 0 ) {
// first field found, assign the separator as the initial one
initial = cur_sep;
@ -582,13 +457,13 @@ const FormatOps::LogsFormat FormatOps::processNginxFormatString( const std::stri
n_fld++;
// append the current field, converted
if ( f_map->at( cur_fld ) == "client:port" ) {
/*if ( f_map->at( cur_fld ) == "client:port" ) {
fields.push_back( "client" );
separators.push_back( ":" );
fields.push_back( "port" );
} else {
} else {*/
fields.push_back( f_map->at( cur_fld ) );
}
/*}*/
// step at the end of the current field for the next start
stop = min_dist + cur_fld.size();
}
@ -627,7 +502,9 @@ const QString FormatOps::getNginxLogSample( const LogsFormat& log_format, const
sample += QString::fromStdString( log_format.separators.at( i ) );
}
// add the last field
sample += map->at( log_format.fields.back() );
if ( log_format.fields.size() > 0 ) {
sample += map->at( log_format.fields.back() );
}
// and the final characters
sample += QString::fromStdString( log_format.final );
return sample;
@ -637,105 +514,75 @@ const QString FormatOps::getNginxLogSample( const LogsFormat& log_format, const
const FormatOps::LogsFormat FormatOps::processIisFormatString( const std::string& f_str, const int l_mod )
{
int n_fld=0,
start, aux=0, stop=0,
min_dist=0, max_dist=f_str.size()-1;
std::string cur_fld, cur_sep;
std::string initial="", final="";
std::vector<std::string> separators, fields;
const std::unordered_map<std::string, std::string> &f_map = this->IIS_ALF;
const std::vector<std::string> &f_flds = this->I_ALFs;
switch ( l_mod ) {
case 1:
case 2:
// IIS logging module
final = ",";
separators = {", ",", ",", ",", ",", ",", ",", ",", ",", ",", ",", ",", ",", ",", "};
fields = {"client","NONE","date_time_MMDDYY","date_time_clock_24","NONE","NONE","NONE","time_taken_ms","bytes_received","bytes_sent","response_code","NONE","request_method","request_uri","request_query"};
fields = {"client","NONE","date_time_MDYY","date_time_utc_t","NONE","NONE","NONE","time_taken_ms","bytes_received","bytes_sent","response_code","NONE","request_method","request_uri","request_query"};
break;
case 2:
case 1:
// NCSA logging module
separators = {" "," "," [","] "," \"","\" "," "};
separators = {" "," "," [","] \"","\" "," "};
fields = {"client","NONE","NONE","date_time_ncsa","request_full","response_code","bytes_sent"};
break;
case 3:
case 0:
// W3C logging module
// parse the string to convert keyargs in craplog's fields format
// find and convert any field
while (true) {
// start after the last found field
start = stop;
cur_fld = "";
min_dist = max_dist;
// find the next field
for ( const std::string& fld : f_flds ) {
// run untill a valid field is found
aux = f_str.find( fld, start );
if ( aux < 0 || aux > min_dist ) {
// not found, skip to the next
continue;
if ( f_str.size() > 0 ) {
bool finished = false;
int start, stop=0,
max=f_str.size()-1;
std::string aux_fld, cur_sep;
const std::unordered_map<std::string, std::string> &f_map = this->IIS_ALF;
const std::vector<std::string> &f_flds = this->I_ALFs;
// parse the string to convert keyargs in craplog's fields format
while (true) {
// start after the last found separator
start = stop;
cur_sep = " ";
// find the next separator, which is always a single whitespace, in this case
stop = f_str.find( " ", start );
if ( stop < 0 || stop > max ) {
// not found, this is the last field
stop = max+1;
finished = true;
}
if ( aux > 0 ) {
if ( f_str.at(aux-1) == '\\' ) {
// backslashed, may be a false positive
int n_slashes = 1, j=aux-2;
while (true) {
if ( j < 0 ) {
break;
}
if ( f_str.at( j ) == '\\' ) {
n_slashes ++;
j --;
} else {
break;
}
}
if ( n_slashes % 2 == 1 ) {
// odd number of BS, supposed to result in a backslashed keyword
continue;
}
// set the current field
aux_fld = f_str.substr( start, stop-start );
// step over the separator
stop++;
// check if the module is valid
if ( f_map.find( aux_fld ) != f_map.end() ) {
// valid, append
fields.push_back( f_map.at( aux_fld ) );
if ( finished == false ) {
separators.push_back( cur_sep );
} else {
// this was the last field
break;
}
} else {
// shouldn't be here, but...
// invalid, append all as separator and restart searching
if ( finished == false ) {
// not the last one, append to the last separator
separators.at( separators.size()-1 ) += aux_fld + " ";
} else {
// no more separators, set the last one as final
final = separators.at( separators.size()-1 ) + aux_fld;
separators.pop_back();
break;
}
}
if ( aux < min_dist ) {
// a nearer field has been found
min_dist = aux;
cur_fld = fld;
}
if ( min_dist == start ) {
// starter position, closest field found
break;
}
}
// break if no more fields was found
if ( cur_fld == "" ) {
// append the last section as final separator
final = f_str.substr( start );
break;
}
// get the current separator
cur_sep = f_str.substr( start, min_dist-start );
if ( n_fld == 0 ) {
// first field found, assign the separator as the initial one
initial = cur_sep;
} else {
// append to separators list
separators.push_back( cur_sep );
}
n_fld++;
// append the current field, converted
if ( f_map.at( cur_fld ) == "client:port" ) {
fields.push_back( "client" );
separators.push_back( ":" );
fields.push_back( "port" );
} else {
fields.push_back( f_map.at( cur_fld ) );
}
// step at the end of the current field for the next start
stop = min_dist + cur_fld.size();
}
// outside search loop, killing the switch
break;
default:
// shouldn't be here
throw (&"Unexpected LogModule for IIS: "[l_mod]);
@ -774,7 +621,9 @@ const QString FormatOps::getIisLogSample( const LogsFormat& log_format/*, const
sample += QString::fromStdString( log_format.separators.at( i ) );
}
// add the last field
sample += map.at( log_format.fields.back() );
if ( log_format.fields.size() > 0 ) {
sample += map.at( log_format.fields.back() );
}
// and the final characters
sample += QString::fromStdString( log_format.final );
return sample;

205
logdoctor/tools/craplog/modules/formats.h
View file

@ -22,9 +22,9 @@ public:
std::vector<std::string> fields;
};
const LogsFormat processApacheFormatString(const std::string& formatted_string, const int log_type );
const LogsFormat processNginxFormatString(const std::string& formatted_string, const int log_type );
const LogsFormat processIisFormatString(const std::string& formatted_string, const int log_module );
const LogsFormat processApacheFormatString( const std::string& formatted_string, const int log_type );
const LogsFormat processNginxFormatString( const std::string& formatted_string, const int log_type );
const LogsFormat processIisFormatString( const std::string& formatted_string, const int log_module );
const QString getApacheLogSample( const LogsFormat& log_format, const int log_type );
const QString getNginxLogSample( const LogsFormat& log_format, const int log_type );
@ -32,7 +32,8 @@ public:
private:
std::string parseApacheEscapes( const std::string& string );
const std::string parseApacheEscapes( const std::string& string );
const std::string parseNginxEscapes( const std::string& string );
/*std::unordered_map<std::string, std::string>
APACHE_ALF, APACHE_ELF,
@ -72,7 +73,7 @@ private:
const std::vector<std::string> N_ALFs = {"$remote_addr", "$time_local", "$time_iso8601", "$msec", "$request", "$status", "$bytes_sent", "$request_length", "$request_time", "$http_referer", "$http_user_agent",
/*NOT IN USE->*/"$remote_user", "$gzip_ratio", "$connection", "$connection_requests", "$pipe"};
const std::vector<std::string> I_ALFs = {"c-ip", "time", "cs-version", "cs-method", "cs-uri-stem", "cs-uri-query", "sc-status", "sc-bytes", "cs-bytes", "time-taken", "cs(Referrer)", "cs(Cookie)", "cs(User-Agent)",
const std::vector<std::string> I_ALFs = {"c-ip", "date", "time", "cs-version", "cs-method", "cs-uri-stem", "cs-uri-query", "sc-status", "sc-bytes", "cs-bytes", "time-taken", "cs(Referrer)", "cs(Cookie)", "cs(User-Agent)",
/*NOT IN USE->*/"s-sitename", "s-computername", "s-ip", "s-port", "cs-username", "cs-host", "sc-substatus", "sc-win32-status", "streamid"};
// list error logs fields formats
@ -128,26 +129,26 @@ private:
{"t", { {"sec", "date_time_epoch_s"},
{"msec", "date_time_epoch_ms"},
{"usec", "date_time_epoch_us"},
{"\%b", "date_time_month_str"},
{"\%B", "date_time_month_str"},
{"\%c", "date_time_mcs"},
{"\%d", "date_time_day"},
{"\%D", "date_time_MMDDYY"},
{"\%e", "date_time_day"},
{"\%F", "date_time_YYYYMMDD"},
{"\%h", "date_time_month_str"},
{"\%H", "date_time_hour"},
{"\%m", "date_time_month"},
{"\%M", "date_time_minute"},
//{"\%p", "date_time_clock_meridian"},
{"\%r", "date_time_clock_12"},
{"\%R", "date_time_clock_short"},
{"\%S", "date_time_second"},
{"\%T", "date_time_clock_24"},
{"\%x", "date_time_MMDDYY"},
{"\%X", "date_time_clock_24"},
{"\%y", "date_time_year_short"},
{"\%Y", "date_time_year"} } },
{"\%b", "date_time_month_str"},
{"\%B", "date_time_month_str"},
{"\%c", "date_time_mcs"},
{"\%d", "date_time_day"},
{"\%D", "date_time_MMDDYY"},
{"\%e", "date_time_day"},
{"\%F", "date_time_YYYYMMDD"},
{"\%h", "date_time_month_str"},
{"\%H", "date_time_hour"},
{"\%m", "date_time_month"},
{"\%M", "date_time_minute"},
//{"\%p", "date_time_clock_meridian"},
{"\%r", "date_time_clock_12"},
{"\%R", "date_time_clock_short"},
{"\%S", "date_time_second"},
{"\%T", "date_time_clock_24"},
{"\%x", "date_time_MMDDYY"},
{"\%X", "date_time_clock_24"},
{"\%y", "date_time_year_short"},
{"\%Y", "date_time_year"} } },
{"i", { {"Cookie", "cookie"},
{"User-agent", "user_agent"},
{"Referer", "referer"} } },
@ -167,40 +168,40 @@ private:
// access logs fields formats samples
const std::unordered_map<std::string, QString> APACHE_ALF_SAMPLES = {
{"NONE", "DISCARDED"},
{"date_time_epoch_s", "946771199"},
{"date_time_epoch_ms", "946771199000"},
{"date_time_epoch_us", "946771199000000"},
{"date_time_ncsa", "[01/Jan/2000:23:59:59 +0000]"},
{"date_time_mcs", "Sat Jan 01 23:59:59 2000"},
{"date_time_YYYYMMDD", "2000-01-01"},
{"date_time_MMDDYY", "01/01/00"},
{"date_time_year", "2000"},
{"date_time_year_short", "00"},
{"date_time_month_str", "January"},
{"date_time_month", "01"},
{"date_time_day", "01"},
{"date_time_clock_12", "11:59:59 pm"},
{"date_time_clock_24", "23:59:59"},
{"date_time_clock_short", "23:59"},
{"date_time_hour", "23"},
{"date_time_minute", "59"},
{"date_time_second", "59"},
{"request_full", "GET /index.php?query=x HTTP/1.1"},
{"request_protocol", "HTTP/1.1"},
{"request_method", "GET"},
{"request_uri", "/index.php"},
{"request_query", "query=x"},
{"response_code", "404"},
{"bytes_sent", "1234"},
{"bytes_received", "123"},
{"time_taken_s", "1"},
{"time_taken_ms", "1000"},
{"time_taken_us", "1000000"},
{"referer", "http://www.referrer.site"},
{"cookie", "aCookie=abc123"},
{"user_agent", "UserAgent/3.0 (Details stuff) Info/123"},
{"client", "192.168.1.123"} };
{"NONE", "<span style=\"color:#7f7f7f\">DISCARDED</span>"},
{"date_time_epoch_s", "<b><span style=\"color:#00cc6f\">946771199</span></b>"},
{"date_time_epoch_ms", "<b><span style=\"color:#00cc6f\">946771199000</span></b>"},
{"date_time_epoch_us", "<b><span style=\"color:#00cc6f\">946771199000000</span></b>"},
{"date_time_ncsa", "<b><span style=\"color:#00cc6f\">01/Jan/2000:23:59:59 +0000</span></b>"},
{"date_time_mcs", "<b><span style=\"color:#00cc6f\">Sat Jan 01 23:59:59 2000</span></b>"},
{"date_time_YYYYMMDD", "<b><span style=\"color:#00cc6f\">2000-01-01</span></b>"},
{"date_time_MMDDYY", "<b><span style=\"color:#00cc6f\">01/01/00</span></b>"},
{"date_time_year", "<b><span style=\"color:#00cc6f\">2000</span></b>"},
{"date_time_year_short", "<b><span style=\"color:#00cc6f\">00</span></b>"},
{"date_time_month_str", "<b><span style=\"color:#00cc6f\">January</span></b>"},
{"date_time_month", "<b><span style=\"color:#00cc6f\">01</span></b>"},
{"date_time_day", "<b><span style=\"color:#00cc6f\">01</span></b>"},
{"date_time_clock_12", "<b><span style=\"color:#00cc6f\">11:59:59 pm</span></b>"},
{"date_time_clock_24", "<b><span style=\"color:#00cc6f\">23:59:59</span></b>"},
{"date_time_clock_short", "<b><span style=\"color:#00cc6f\">23:59</span></b>"},
{"date_time_hour", "<b><span style=\"color:#00cc6f\">23</span></b>"},
{"date_time_minute", "<b><span style=\"color:#00cc6f\">59</span></b>"},
{"date_time_second", "<b><span style=\"color:#00cc6f\">59</span></b>"},
{"request_full", "<b><span style=\"color:#00cc6f\">GET /index.php?query=x HTTP/1.1</span></b>"},
{"request_protocol", "<b><span style=\"color:#00cc6f\">HTTP/1.1</span></b>"},
{"request_method", "<b><span style=\"color:#00cc6f\">GET</span></b>"},
{"request_uri", "<b><span style=\"color:#00cc6f\">/index.php</span></b>"},
{"request_query", "<b><span style=\"color:#00cc6f\">query=x</span></b>"},
{"response_code", "<b><span style=\"color:#00cc6f\">404</span></b>"},
{"bytes_sent", "<b><span style=\"color:#00cc6f\">1234</span></b>"},
{"bytes_received", "<b><span style=\"color:#00cc6f\">123</span></b>"},
{"time_taken_s", "<b><span style=\"color:#00cc6f\">1</span></b>"},
{"time_taken_ms", "<b><span style=\"color:#00cc6f\">1000</span></b>"},
{"time_taken_us", "<b><span style=\"color:#00cc6f\">1000000</span></b>"},
{"referer", "<b><span style=\"color:#00cc6f\">http://www.referrer.site</span></b>"},
{"cookie", "<b><span style=\"color:#00cc6f\">aCookie=abc123</span></b>"},
{"user_agent", "<b><span style=\"color:#00cc6f\">UserAgent/3.0 (Details stuff) Info/123</span></b>"},
{"client", "<b><span style=\"color:#00cc6f\">192.168.1.123</span></b>"} };
// error logs fields formats
const std::unordered_map<std::string, std::string> APACHE_ELF = {
@ -235,14 +236,14 @@ private:
// error logs fields formats samples
const std::unordered_map<std::string, QString> APACHE_ELF_SAMPLES = {
{"NONE", "DISCARDED"},
{"date_time_mcs", "Sat Jan 01 23:59:59.123456 0000"},
{"date_time_iso_mcs", "2000-01-01 23:59:59.123456"},
{"client", "192.168.1.123"},
{"port", "54321"},
{"error_level", "group:level"},
{"error_message", "AH00123: some infoes: some details"},
{"source_file", "file.c"} };
{"NONE", "<span style=\"color:#7f7f7f\">DISCARDED</span>"},
{"date_time_mcs", "<b><span style=\"color:#00cc6f\">Sat Jan 01 23:59:59.123456 0000</span></b>"},
{"date_time_iso_mcs", "<b><span style=\"color:#00cc6f\">2000-01-01 23:59:59.123456</span></b>"},
{"client", "<b><span style=\"color:#00cc6f\">192.168.1.123</span></b>"},
{"port", "<b><span style=\"color:#00cc6f\">54321</span></b>"},
{"error_level", "<b><span style=\"color:#00cc6f\">group:level</span></b>"},
{"error_message", "<b><span style=\"color:#00cc6f\">AH00123: some infoes: some details</span></b>"},
{"source_file", "<b><span style=\"color:#00cc6f\">file.c</span></b>"} };
///////////////
@ -250,7 +251,7 @@ private:
// access logs fields formats (only the ones considered)
const std::unordered_map<std::string, std::string> NGINX_ALF = {
{"$remote_addr", "client"},
{"$time_local", "date_time_ncsa"},
{"$time_local", "date_time_mcs"},
{"$time_iso8601", "date_time_iso"},
{"msec", "date_time_epoch_s.ms"},
{"$request", "request_full"},
@ -265,22 +266,23 @@ private:
{"$gzip_ratio", "NONE"},
{"$connection", "NONE"},
{"$connection_requests", "NONE"},
{"$http_x_forwardef_for", "NONE"},
{"pipe", "NONE"} };
// nginx logs fields formats samples
const std::unordered_map<std::string, QString> NGINX_ALF_SAMPLES = {
{"NONE", "DISCARDED"},
{"date_time_epoch_s.ms", "946771199.000"},
{"date_time_iso", "2000-01-01T23:59:59+00:00]"},
{"date_time_mcs", "Sat Jan 01 23:59:59 2000"},
{"request_full", "GET /index.php?query=x HTTP/1.1"},
{"response_code", "404"},
{"bytes_sent", "1234"},
{"bytes_received", "123"},
{"time_taken_s.ms", "1.000"},
{"referer", "http://www.referrer.site"},
{"user_agent", "UserAgent/3.0 (Details stuff) Info/123"},
{"client", "192.168.1.123"} };
{"NONE", "<span style=\"color:#7f7f7f\">DISCARDED</span>"},
{"date_time_epoch_s.ms", "<b><span style=\"color:#00cc6f\">946771199.000</span></b>"},
{"date_time_iso", "<b><span style=\"color:#00cc6f\">2000-01-01T23:59:59+00:00]</span></b>"},
{"date_time_mcs", "<b><span style=\"color:#00cc6f\">Sat Jan 01 23:59:59 2000</span></b>"},
{"request_full", "<b><span style=\"color:#00cc6f\">GET /index.php?query=x HTTP/1.1</span></b>"},
{"response_code", "<b><span style=\"color:#00cc6f\">404</span></b>"},
{"bytes_sent", "<b><span style=\"color:#00cc6f\">1234</span></b>"},
{"bytes_received", "<b><span style=\"color:#00cc6f\">123</span></b>"},
{"time_taken_s.ms", "<b><span style=\"color:#00cc6f\">1.000</span></b>"},
{"referer", "<b><span style=\"color:#00cc6f\">http://www.referrer.site</span></b>"},
{"user_agent", "<b><span style=\"color:#00cc6f\">UserAgent/3.0 (Details stuff) Info/123</span></b>"},
{"client", "<b><span style=\"color:#00cc6f\">192.168.1.123</span></b>"} };
// error logs fields formats (only the ones considered)
const std::unordered_map<std::string, std::string> NGINX_ELF = {
@ -293,10 +295,10 @@ private:
// error logs fields formats samples
const std::unordered_map<std::string, QString> NGINX_ELF_SAMPLES = {
{"NONE", "DISCARDED"},
{"date_time_iso", "2000-01-01T23:59:59+00:00]"},
{"error_level", "[level]"},
{"error_message", "123#456: some infoes"} };
{"NONE", "<span style=\"color:#7f7f7f\">DISCARDED"},
{"date_time_iso", "<b><span style=\"color:#00cc6f\">2000-01-01T23:59:59+00:00]</span></b>"},
{"error_level", "<b><span style=\"color:#00cc6f\">level</span></b>"},
{"error_message", "<b><span style=\"color:#00cc6f\">123#456: some infoes</span></b>"} };
/////////////
@ -313,7 +315,7 @@ private:
{"sc-bytes", "bytes_sent"},
{"cs-bytes", "bytes_received"},
{"time-taken", "time_taken_ms"},
{"cs(Referrer)", "referer"},
{"cs(Referer)", "referer"},
{"cs(Cookie)", "cookie"},
{"cs(User-Agent)", "user_agent"},
{"c-ip", "client"},
@ -330,21 +332,24 @@ private:
// access logs fields formats samples
const std::unordered_map<std::string, QString> IIS_ALF_SAMPLES = {
{"NONE", "DISCARDED"},
{"date_time_utc_d", "2000-01-01"},
{"date_time_utc_t", "23:59:59"},
{"request_protocol", "HTTP/1.1"},
{"request_method", "GET"},
{"request_uri", "/index.php"},
{"request_query", "query=x"},
{"response_code", "404"},
{"bytes_sent", "1234"},
{"bytes_received", "123"},
{"time_taken_ms", "1000"},
{"referer", "http://www.referrer.site"},
{"cookie", "aCookie=abc123"},
{"user_agent", "UserAgent/3.0+(Details+stuff)+Info/123"},
{"client", "192.168.1.123"} };
{"NONE", "<span style=\"color:#7f7f7f\">DISCARDED</span>"},
{"date_time_ncsa", "<b><span style=\"color:#00cc6f\">01/Jan/2000:23:59:59 +0000</span></b>"},
{"date_time_MDYY", "<b><span style=\"color:#00cc6f\">1/1/00</span></b>"},
{"date_time_utc_d", "<b><span style=\"color:#00cc6f\">2000-01-01</span></b>"},
{"date_time_utc_t", "<b><span style=\"color:#00cc6f\">23:59:59</span></b>"},
{"request_full", "<b><span style=\"color:#00cc6f\">GET /index.php?query=x HTTP/1.1</span></b>"},
{"request_protocol", "<b><span style=\"color:#00cc6f\">HTTP/1.1</span></b>"},
{"request_method", "<b><span style=\"color:#00cc6f\">GET</span></b>"},
{"request_uri", "<b><span style=\"color:#00cc6f\">/index.php</span></b>"},
{"request_query", "<b><span style=\"color:#00cc6f\">query=x</span></b>"},
{"response_code", "<b><span style=\"color:#00cc6f\">404</span></b>"},
{"bytes_sent", "<b><span style=\"color:#00cc6f\">1234</span></b>"},
{"bytes_received", "<b><span style=\"color:#00cc6f\">123</span></b>"},
{"time_taken_ms", "<b><span style=\"color:#00cc6f\">1000</span></b>"},
{"referer", "<b><span style=\"color:#00cc6f\">http://www.referrer.site</span></b>"},
{"cookie", "<b><span style=\"color:#00cc6f\">aCookie=abc123</span></b>"},
{"user_agent", "<b><span style=\"color:#00cc6f\">UserAgent/3.0+(Details+stuff)+Info/123</span></b>"},
{"client", "<b><span style=\"color:#00cc6f\">192.168.1.123</span></b>"} };
// error logs fields formats
const std::unordered_map<std::string, std::string> IIS_ELF = {