goaccess iis w3c 自定义log 格式参考

时间:2023-03-09 04:38:18
goaccess iis w3c 自定义log 格式参考

goaccess 支持强大的自定义log 格式,比如我们需要分析iis w3c 格式日志

参考iis w3c 字段

date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status time-taken

对应log format 定义

log-format %d %t %^ %m %U %q %^ %^ %h %u %s %^ %^ %T

参考格式说明

  • %x A date and time field matching the time-format and date-format variables. This is used when a timestamp is given instead of the date and time being in two separate variables.
  • %t time field matching the time-format variable.
  • %d date field matching the date-format variable.
  • %v The server name according to the canonical name setting (Server Blocks or Virtual Host).
  • %e This is the userid of the person requesting the document as determined by HTTP authentication.
  • %h host (the client IP address, either IPv4 or IPv6)
  • %r The request line from the client. This requires specific delimiters around the request (single quotes, double quotes, etc) to be parsable. Otherwise, use a combination of special format specifiers such as %m, %U, %q and %H to parse individual fields.
    Note: Use either %r to get the full request OR %m, %U, %q and %H to form your request, do not use both.
  • %m The request method.
  • %U The URL path requested.
    Note: If the query string is in %U, there is no need to use %q. However, if the URL path, does not include any query string, you may use %q and the query string will be appended to the request.
  • %q The query string.
  • %H The request protocol.
  • %s The status code that the server sends back to the client.
  • %b The size of the object returned to the client.
  • %R The "Referer" HTTP request header.
  • %u The user-agent HTTP request header.
  • %D The time taken to serve the request, in microseconds.
  • %T The time taken to serve the request, in seconds with milliseconds resolution.
  • %L The time taken to serve the request, in milliseconds as a decimal number.
  • %^ Ignore this field.
  • %~ Move forward through the log string until a non-space (!isspace) char is found.
  • ~h The host (the client IP address, either IPv4 or IPv6) in a X-Forwarded-For (XFF) field.

说明

demo 比较简单,实际可以参考自己的情况进行修改,同时结合log 的format 指南,我们可以方便的开发灵活的log 解析处理

参考资料

https://github.com/rongfengliang/goaccess-geoip-docker-compose-demo
https://goaccess.io/man#custom-log