Instantly share code, notes, and snippets.
Last active
December 20, 2023 14:44
-
Star
(1)
1
You must be signed in to star a gist -
Fork
(1)
1
You must be signed in to fork a gist
-
Save notyal/4dbc03c6c943a3e6b5f3e6e34c19cd9c to your computer and use it in GitHub Desktop.
lnav log format definition for NGINX access.log (netdata vhost format) and NGINX error.log
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "nginx_access_log" : { | |
| "title" : "NGINX NetData Access Log", | |
| "description" : "NGINX NetData Access Log Format", | |
| "url" : "https://github.com/netdata/netdata/blob/master/collectors/python.d.plugin/web_log/web_log.conf", | |
| "multiline" : false, | |
| "regex" : { | |
| "netdata_vhost" : { | |
| "pattern" : "(?P<host>[a-zA-Z\\d.-_\\[\\]]+)\\s+(?P<server_port>\\d+)\\s+(?P<remote_addr>[\\da-f.:]+)\\s+[\\w\\.\\-]+\\s+(?<remote_user>\\S+)\\s+\\[(?<timestamp>[^\\]]+)\\]\\s+\"(?:\\-|(?<request>\\w+) (?<request_uri>[^ \\?]+)(?:\\?(?<request_uri_query>[^ ]*))? (?<request_version>[\\w\\\/\\.]+))\"\\s+(?P<status>[1-9]\\d{2})\\s+(?P<body_bytes_sent>\\d+)\\s+(?P<request_length>\\d+)\\s+(?P<request_time>\\d+(?:.\\d+)?)\\s+(?:\\-|(?P<upstream_response_time>\\d+(?:.\\d+)?))\\s+\"(?<http_referer>[^\"]+)\"\\s+\"(?<http_user_agent>[^\"]+)\"" | |
| } | |
| }, | |
| "level-field": "status", | |
| "level" : { | |
| "error" : "^[^123].*" | |
| }, | |
| "opid-field" : "remote_addr", | |
| "value" : { | |
| "host" : { | |
| "kind" : "string", | |
| "identifier" : true, | |
| "description" : "Requested host name from 'Host' request header" | |
| }, | |
| "server_port" : { | |
| "kind" : "integer", | |
| "identifier" : true, | |
| "description" : "Port of the server which accepted a request" | |
| }, | |
| "remote_addr" : { | |
| "kind" : "string", | |
| "collate" : "ipaddress", | |
| "identifier" : true, | |
| "description" : "The client IP address" | |
| }, | |
| "remote_user" : { | |
| "kind" : "string", | |
| "identifier" : true, | |
| "description" : "Username supplied with the Basic authentication" | |
| }, | |
| "request" : { | |
| "kind" : "string", | |
| "identifier" : true, | |
| "description" : "The request method" | |
| }, | |
| "request_uri" : { | |
| "kind" : "string", | |
| "identifier" : true, | |
| "description" : "The path part of the request URI" | |
| }, | |
| "request_uri_query" : { | |
| "kind" : "string", | |
| "description" : "The query parameters in the request URI" | |
| }, | |
| "request_version" : { | |
| "kind" : "string", | |
| "identifier" : true, | |
| "description" : "The client's HTTP version" | |
| }, | |
| "status" : { | |
| "kind" : "integer", | |
| "foreign-key" : true, | |
| "rewriter" : ";SELECT :sc_status || ' (' || (SELECT message FROM http_status_codes WHERE status = :sc_status) || ') '", | |
| "description" : "The status code returned by the server" | |
| }, | |
| "body_bytes_sent" : { | |
| "kind" : "integer", | |
| "description" : "The number of bytes sent to the client" | |
| }, | |
| "request_length" : { | |
| "kind" : "integer", | |
| "description" : "The number of bytes requested by the client" | |
| }, | |
| "request_time" : { | |
| "kind" : "float", | |
| "description" : "Request processing time" | |
| }, | |
| "upstream_response_time" : { | |
| "kind" : "float", | |
| "description" : "Time spent on receiving the response from the upstream server" | |
| }, | |
| "http_referer" : { | |
| "kind" : "string", | |
| "identifier" : true, | |
| "description" : "The client's referrer" | |
| }, | |
| "http_user_agent" : { | |
| "kind" : "string", | |
| "identifier" : true, | |
| "description" : "The client's HTTP agent" | |
| } | |
| }, | |
| "sample" : [ | |
| { | |
| "line" : "10.1.0.1 443 172.17.0.1 - - [12\/Aug\/2019:05:20:46 +0000] \"GET \/client?q=1 HTTP\/2.0\" 200 44 74 0.001 0.004 \"-\" \"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/76.0.3809.100 Safari\/537.36\"", | |
| "level" : "info" | |
| }, | |
| { | |
| "line" : "10.1.0.1 443 172.17.0.1 - - [12\/Aug\/2019:05:20:46 +0000] \"GET \/client?q=1 HTTP\/2.0\" 404 44 74 0.001 0.004 \"-\" \"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/76.0.3809.100 Safari\/537.36\"", | |
| "level" : "error" | |
| } | |
| ] | |
| }, | |
| "error_log" : { | |
| "title" : "NGINX Error Log", | |
| "description" : "The default web error log format for NGINX.", | |
| "regex" : { | |
| "nginx" : { | |
| "pattern" : "^(?P<timestamp>[\\d+\\\/ :]+) \\[(?P<error_level>.+)\\] (?P<pid>\\d+)#(?P<thread_id>\\d+): \\*(?P<connection_id>\\d+) (?P<message>.+), client: (?P<client>.+), server: (?P<server>.+), request: \"(?:\\-|(?<request>\\w+) (?<request_uri>[^ \\?]+)(?:\\?(?<request_uri_query>[^ ]*))? (?<request_version>[\\w\\\/\\.]+))?\",(?: upstream: \"(?:(?P<upstream_scheme>\\w+):\\\/\\\/(?P<upstream_server>.+?)(?::(?P<upstream_port>\\d+))?)(?:(?<upstream_request_uri>\\\/[^ \\?]+)(?:\\?(?<upstream_request_uri_query>[^ ]*)))?\",)? host: \"(?P<host>.+)\"" | |
| } | |
| }, | |
| "level-field": "error_level", | |
| "opid-field" : "connection_id", | |
| "value": { | |
| "pid": { | |
| "kind" : "string", | |
| "identifier" : true | |
| }, | |
| "thread_id": { | |
| "kind" : "integer", | |
| "identifier" : true | |
| }, | |
| "connection_id": { | |
| "kind" : "integer", | |
| "identifier" : true | |
| }, | |
| "message": { | |
| "kind" : "string" | |
| }, | |
| "client" : { | |
| "kind" : "string", | |
| "collate" : "ipaddress", | |
| "identifier" : true, | |
| "description" : "The client IP address" | |
| }, | |
| "server" : { | |
| "kind" : "string", | |
| "collate" : "ipaddress", | |
| "identifier" : true, | |
| "description" : "The server IP address" | |
| }, | |
| "request" : { | |
| "kind" : "string", | |
| "identifier" : true, | |
| "description" : "The request method" | |
| }, | |
| "request_uri" : { | |
| "kind" : "string", | |
| "identifier" : true, | |
| "description" : "The path part of the request URI" | |
| }, | |
| "request_uri_query" : { | |
| "kind" : "string", | |
| "description" : "The query parameters in the request URI" | |
| }, | |
| "request_version" : { | |
| "kind" : "string", | |
| "identifier" : true, | |
| "description" : "The client's HTTP version" | |
| }, | |
| "upstream_scheme" : { | |
| "kind" : "string", | |
| "identifier" : true, | |
| "description" : "The upstream request scheme" | |
| }, | |
| "upstream_server" : { | |
| "kind" : "string", | |
| "collate" : "ipaddress", | |
| "identifier" : true, | |
| "description" : "The upstream IP address" | |
| }, | |
| "upstream_request" : { | |
| "kind" : "string", | |
| "identifier" : true, | |
| "description" : "The upstream request method" | |
| }, | |
| "upstream_request_uri" : { | |
| "kind" : "string", | |
| "identifier" : true, | |
| "description" : "The path part of the upstream request URI" | |
| }, | |
| "upstream_request_uri_query" : { | |
| "kind" : "string", | |
| "description" : "The query parameters in the upstream request URI" | |
| }, | |
| "host" : { | |
| "kind" : "string", | |
| "collate" : "ipaddress", | |
| "identifier" : true, | |
| "description" : "The host IP address" | |
| } | |
| }, | |
| "sample" : [ | |
| { | |
| "line" : "2019\/08\/11 17:11:25 [error] 24782#24782: *252114 upstream timed out (110: Connection timed out) while connecting to upstream, client: 172.17.0.1, server: _, request: \"GET \/api HTTP\/2.0\", upstream: \"http:\/\/127.0.0.1:80\/api\", host: \"api.local.lan\"", | |
| "level" : "error" | |
| }, | |
| { | |
| "line": "2019\/08\/11 06:25:50 [error] 24782#24782: *246465 open() \"\/usr\/share\/nginx\/html\/status\" failed (2: No such file or directory), client: 127.0.0.1, server: 127.0.0.1, request: \"GET \/status?full&json HTTP\/1.1\", host: \"127.0.0.1\"", | |
| "level" : "error" | |
| } | |
| ] | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment