|
1
|
|
|
<?php declare(strict_types=1); |
|
2
|
|
|
|
|
3
|
|
|
/** |
|
4
|
|
|
* ___ _ |
|
5
|
|
|
* | _ \ __ _ _ _ ___ ___ | | ___ __ _ |
|
6
|
|
|
* | _// _` || '_|(_-</ -_)| |/ _ \/ _` | |
|
7
|
|
|
* |_| \__,_||_| /__/\___||_|\___/\__, | |
|
8
|
|
|
* |___/ |
|
9
|
|
|
* |
|
10
|
|
|
* (c) Kristuff <[email protected]> |
|
11
|
|
|
* |
|
12
|
|
|
* For the full copyright and license information, please view the LICENSE |
|
13
|
|
|
* file that was distributed with this source code. |
|
14
|
|
|
* |
|
15
|
|
|
* @version 0.2.0 |
|
16
|
|
|
* @copyright 2017-2020 Kristuff |
|
17
|
|
|
*/ |
|
18
|
|
|
|
|
19
|
|
|
namespace Kristuff\Parselog\Software; |
|
20
|
|
|
|
|
21
|
|
|
use Kristuff\Parselog\Core\LogEntryFactoryInterface; |
|
22
|
|
|
|
|
23
|
|
|
/** |
|
24
|
|
|
* ApacheErrorLogParser |
|
25
|
|
|
* |
|
26
|
|
|
* Default format from software doc [%t] [%l] [pid %P] %F: %E: [client %a] %M |
|
27
|
|
|
* |
|
28
|
|
|
* Depending on the version and error it could be |
|
29
|
|
|
* 2.2: [Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1] client denied by server configuration: /export/home/live/ap/htdocs/test |
|
30
|
|
|
* 2.4: [Thu Jun 27 11:55:44.569531 2013] [core:info] [pid 4101:tid 2992634688] [client 1.2.3.4:46652] |
|
31
|
|
|
* 2.4 (no client): [Fri Sep 25 20:23:41.378709 2020] [mpm_prefork:notice] [pid 10578] AH00169: caught SIGTERM, shutting down |
|
32
|
|
|
* 2.4 (perfork): [Mon Dec 23 07:49:01.981912 2013] [:error] [pid 3790] [client 204.232.202.107:46301] script '/var/www/timthumb.php' not found or unable to |
|
33
|
|
|
* Reference: https://github.com/fail2ban/fail2ban/issues/268 |
|
34
|
|
|
* |
|
35
|
|
|
* @see https://httpd.apache.org/docs/2.4/fr/mod/core.html#errorlogformat |
|
36
|
|
|
* |
|
37
|
|
|
*/ |
|
38
|
|
|
class ApacheErrorLogParser extends SoftwareLogParser |
|
39
|
|
|
{ |
|
40
|
|
|
/** |
|
41
|
|
|
* Constructor |
|
42
|
|
|
* |
|
43
|
|
|
* @access public |
|
44
|
|
|
* @param string $format |
|
45
|
|
|
* @param LogEntryFactoryInterface $factory |
|
46
|
|
|
* |
|
47
|
|
|
* @return void |
|
48
|
|
|
*/ |
|
49
|
|
|
public function __construct(string $format = null, LogEntryFactoryInterface $factory = null) |
|
50
|
|
|
{ |
|
51
|
|
|
$this->software = 'Apache'; |
|
52
|
|
|
$this->prettyName = 'Apache Error'; |
|
53
|
|
|
$this->defaultFormat = '%t %l %P %E: %a %M'; |
|
54
|
|
|
$this->addFormat('default', '%t %l %P %E: %a %M'); |
|
55
|
|
|
|
|
56
|
|
|
$this->addPath("/var/log/"); |
|
57
|
|
|
$this->addPath("/var/log/apache/"); |
|
58
|
|
|
$this->addPath("/var/log/apache2/"); |
|
59
|
|
|
$this->addPath("/var/log/httpd/"); |
|
60
|
|
|
$this->addPath("/usr/local/var/log/apache/"); |
|
61
|
|
|
$this->addPath("/usr/local/var/log/apache2/"); |
|
62
|
|
|
$this->addPath("/usr/local/var/log/httpd/"); |
|
63
|
|
|
$this->addPath("/opt/local/apache/logs/"); |
|
64
|
|
|
$this->addPath("/opt/local/apache2/logs/"); |
|
65
|
|
|
$this->addPath("/opt/local/httpd/logs/"); |
|
66
|
|
|
$this->addPath("C:/wamp/logs/"); |
|
67
|
|
|
|
|
68
|
|
|
$this->addFile('error.log'); |
|
69
|
|
|
$this->addFile('error_log'); |
|
70
|
|
|
$this->addFile("apache_error.log"); |
|
71
|
|
|
|
|
72
|
|
|
$this->addColumn('%%' , 'percent', '', '(?P<percent>\%)'); |
|
73
|
|
|
$this->addColumn('%t' , 'time', 'Date', '\[(?P<time>(?:Mon|Tue|Wed|Thu|Fri|Sat|Sun) (?:Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{2} \d{2}:\d{2}:\d{2}(\.\d{6}|) \d{4})\]'); |
|
74
|
|
|
|
|
75
|
|
|
// %a Client IP address and port of the request |
|
76
|
|
|
$this->addColumn('%a' , 'remoteIP', 'IP', '\[client (?P<remoteIp>{{PATTERN_IP_ALL}})(:[\d]+|)\]', false); |
|
77
|
|
|
|
|
78
|
|
|
$this->addColumn('%A', 'localIP', 'Local IP', '(?P<localIp>{{PATTERN_IP_ALL}})', false); |
|
79
|
|
|
|
|
80
|
|
|
// %l Loglevel of the message |
|
81
|
|
|
$this->addColumn('%l', 'level', 'Level', '\[(?P<level>[\w:]+)\]'); |
|
82
|
|
|
|
|
83
|
|
|
// %P Process ID of current process (since apache 2.4?) |
|
84
|
|
|
$this->addColumn('%P', 'pid', 'PID', '\[pid (?P<pid>\d+)\]', false); |
|
85
|
|
|
|
|
86
|
|
|
// %E APR/OS error status code and string |
|
87
|
|
|
$this->addColumn('%E:' , 'errorCode', 'Error', '(?P<errorCode>[\w\d\s:]+):', false); |
|
88
|
|
|
|
|
89
|
|
|
// %M The actual log message |
|
90
|
|
|
$this->addColumn('%M', 'message', 'Message', '(?P<message>.+?)'); |
|
91
|
|
|
|
|
92
|
|
|
parent::__construct($format, $factory); |
|
93
|
|
|
} |
|
94
|
|
|
} |
kristuff /
parselog
