Apache access log parser
#!/usr/bin/env ruby | |
# Helpful link: http://httpd.apache.org/docs/2.4/logs.html | |
require 'date' | |
line_count = 0 | |
File.open(ARGV[0]).readlines.each do |line| | |
line_count += 1 | |
result = /^(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}).*\[(.*)\].*(GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT)\s(.*)\"\s(\d+)\s(\d+)(.*)$/.match(line) | |
if result.nil? | |
puts "PARSE FAILED [#{line_count}]: #{line}" | |
next | |
end | |
ip = result[1] | |
date = Date.parse(result[2].split(':',2).first) | |
hour, minute, second = result[2].split(':',2).last.split(' ').first.split(':') | |
time = Time.gm(date.year, date.month, date.mday, hour, minute, second) | |
offset_raw = result[2].split(' ').last | |
offset_char = (offset_raw.include?('-') ? '-' : '+') | |
offset = offset_raw.gsub(offset_char,'').to_i / 100 * 3600 | |
# Looks wrong but add seconds behind to get GMT or subtract seconds ahead. | |
time = (offset_char == '-' ? time + offset : time - offset) | |
method = result[3] | |
resource = result[4].split(' ').first | |
protocol = result[4].split(' ').last | |
status_code = result[5] | |
size = result[6] | |
leftover = result[7] | |
puts "IP: #{ip}\nDate/Time: #{time.strftime("%Y/%m/%d %H:%M:%S GMT")}\nMethod: #{method}\nResource: #{resource}\nProtocol: #{protocol}\nStatus Code: #{status_code}\nSize: #{size}\nLeftover: #{leftover}\n\n" | |
end | |
puts "#{line_count} lines parsed." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment