fradee/aws_alb_log_parser.py

## aws_alb_log_parser.py
#!/usr/bin/env python3
# coding=utf8
#
# AUTHOR: Jardel Weyrich <jweyrich at gmail dot com>
#
from __future__ import print_function
import re, sys

def parse_alb_log_file(file_path):
	fields = [
		"type",
		"timestamp",
		"alb",
		"client_ip",
		"client_port",
		"backend_ip",
		"backend_port",
		"request_processing_time",
		"backend_processing_time",
		"response_processing_time",
		"alb_status_code",
		"backend_status_code",
		"received_bytes",
		"sent_bytes",
		"request_verb",
		"request_url",
		"request_proto",
		"user_agent",
		"ssl_cipher",
		"ssl_protocol",
		"target_group_arn",
		"trace_id",
		"domain_name",
		"chosen_cert_arn",
		"matched_rule_priority",
		"request_creation_time",
		"actions_executed",
		"redirect_url",
		"new_field",
	]
	# Note: for Python 2.7 compatibility, use ur"" to prefix the regex and u"" to prefix the test string and substitution.
	# REFERENCE: https://docs.aws.amazon.com/athena/latest/ug/application-load-balancer-logs.html#create-alb-table
	regex = r"([^ ]*) ([^ ]*) ([^ ]*) ([^ ]*):([0-9]*) ([^ ]*)[:-]([0-9]*) ([-.0-9]*) ([-.0-9]*) ([-.0-9]*) (|[-0-9]*) (-|[-0-9]*) ([-0-9]*) ([-0-9]*) \"([^ ]*) ([^ ]*) (- |[^ ]*)\" \"([^\"]*)\" ([A-Z0-9-]+) ([A-Za-z0-9.-]*) ([^ ]*) \"([^\"]*)\" \"([^\"]*)\" \"([^\"]*)\" ([-.0-9]*) ([^ ]*) \"([^\"]*)\" ($|\"[^ ]*\")(.*)"

	with open(file_path, 'r') as file:
		for line in file:
			matches = re.search(regex, line)
			if matches:
				for i, field in enumerate(fields):
					end = ", " if i < len(fields)-1 else "\n"
					print("%s=\"%s\"" % (field, matches.group(i+1)), end=end)


if __name__ == '__main__':
	if len(sys.argv) != 2:
		sys.exit("usage: %s <log_file_path>" % sys.argv[0])
	parse_alb_log_file(sys.argv[1])
	#!/usr/bin/env python3
	# coding=utf8
	#
	# AUTHOR: Jardel Weyrich <jweyrich at gmail dot com>
	#
	from __future__ import print_function
	import re, sys

	def parse_alb_log_file(file_path):
	fields = [
	"type",
	"timestamp",
	"alb",
	"client_ip",
	"client_port",
	"backend_ip",
	"backend_port",
	"request_processing_time",
	"backend_processing_time",
	"response_processing_time",
	"alb_status_code",
	"backend_status_code",
	"received_bytes",
	"sent_bytes",
	"request_verb",
	"request_url",
	"request_proto",
	"user_agent",
	"ssl_cipher",
	"ssl_protocol",
	"target_group_arn",
	"trace_id",
	"domain_name",
	"chosen_cert_arn",
	"matched_rule_priority",
	"request_creation_time",
	"actions_executed",
	"redirect_url",
	"new_field",
	]
	# Note: for Python 2.7 compatibility, use ur"" to prefix the regex and u"" to prefix the test string and substitution.
	# REFERENCE: https://docs.aws.amazon.com/athena/latest/ug/application-load-balancer-logs.html#create-alb-table
	regex = r"([^ ]) ([^ ]) ([^ ]) ([^ ]):([0-9]) ([^ ])[:-]([0-9]) ([-.0-9]) ([-.0-9]) ([-.0-9]) (\|[-0-9]) (-\|[-0-9]) ([-0-9]) ([-0-9]) \"([^ ]) ([^ ]) (- \|[^ ])\" \"([^\"])\" ([A-Z0-9-]+) ([A-Za-z0-9.-]) ([^ ]) \"([^\"])\" \"([^\"])\" \"([^\"])\" ([-.0-9]) ([^ ]) \"([^\"])\" ($\|\"[^ ]\")(.)"

	with open(file_path, 'r') as file:
	for line in file:
	matches = re.search(regex, line)
	if matches:
	for i, field in enumerate(fields):
	end = ", " if i < len(fields)-1 else "\n"
	print("%s=\"%s\"" % (field, matches.group(i+1)), end=end)


	if __name__ == '__main__':
	if len(sys.argv) != 2:
	sys.exit("usage: %s <log_file_path>" % sys.argv[0])
	parse_alb_log_file(sys.argv[1])