trueheart78/apache-access-log-parser.rb

## apache-access-log-parser.rb
#!/usr/bin/env ruby
# Helpful link: http://httpd.apache.org/docs/2.4/logs.html

require 'date'

line_count = 0
File.open(ARGV[0]).readlines.each do |line|
  line_count += 1

  result = /^(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}).*\[(.*)\].*(GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT)\s(.*)\"\s(\d+)\s(\d+)(.*)$/.match(line)
  if result.nil?
    puts "PARSE FAILED [#{line_count}]: #{line}"
    next
  end

  ip = result[1]

  date = Date.parse(result[2].split(':',2).first)
  hour, minute, second = result[2].split(':',2).last.split(' ').first.split(':')
  time = Time.gm(date.year, date.month, date.mday, hour, minute, second)

  offset_raw = result[2].split(' ').last
  offset_char = (offset_raw.include?('-') ? '-' : '+')
  offset = offset_raw.gsub(offset_char,'').to_i / 100 * 3600

  # Looks wrong but add seconds behind to get GMT or subtract seconds ahead.
  time = (offset_char == '-' ? time + offset : time - offset)

  method = result[3]
  resource = result[4].split(' ').first
  protocol = result[4].split(' ').last
  status_code = result[5]
  size = result[6]
  leftover = result[7]

  puts "IP: #{ip}\nDate/Time: #{time.strftime("%Y/%m/%d %H:%M:%S GMT")}\nMethod: #{method}\nResource: #{resource}\nProtocol: #{protocol}\nStatus Code: #{status_code}\nSize: #{size}\nLeftover: #{leftover}\n\n"
end
puts "#{line_count} lines parsed."
	#!/usr/bin/env ruby
	# Helpful link: http://httpd.apache.org/docs/2.4/logs.html

	require 'date'

	line_count = 0
	File.open(ARGV[0]).readlines.each do \|line\|
	line_count += 1

	result = /^(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}).\[(.)\].(GET\|HEAD\|POST\|PUT\|DELETE\|TRACE\|CONNECT)\s(.)\"\s(\d+)\s(\d+)(.*)$/.match(line)
	if result.nil?
	puts "PARSE FAILED [#{line_count}]: #{line}"
	next
	end

	ip = result[1]

	date = Date.parse(result[2].split(':',2).first)
	hour, minute, second = result[2].split(':',2).last.split(' ').first.split(':')
	time = Time.gm(date.year, date.month, date.mday, hour, minute, second)

	offset_raw = result[2].split(' ').last
	offset_char = (offset_raw.include?('-') ? '-' : '+')
	offset = offset_raw.gsub(offset_char,'').to_i / 100 * 3600

	# Looks wrong but add seconds behind to get GMT or subtract seconds ahead.
	time = (offset_char == '-' ? time + offset : time - offset)

	method = result[3]
	resource = result[4].split(' ').first
	protocol = result[4].split(' ').last
	status_code = result[5]
	size = result[6]
	leftover = result[7]

	puts "IP: #{ip}\nDate/Time: #{time.strftime("%Y/%m/%d %H:%M:%S GMT")}\nMethod: #{method}\nResource: #{resource}\nProtocol: #{protocol}\nStatus Code: #{status_code}\nSize: #{size}\nLeftover: #{leftover}\n\n"
	end
	puts "#{line_count} lines parsed."