Timestamps not enclosed by brackets not parsing

[NickSifniotis]

Anonymised extract from my log files :-

10.0.0.0 - anonymous 01/May/2022:07:27:52 +1000 "GET /some/uri/page.html HTTP/1.1" 200 238734 "-" "UserAgent/String"

Using the COMBINED format string, the parser is unable to process the above. It works perfectly when the timestamp is enclosed by square brackets, like so

10.0.0.0 - anonymous [01/May/2022:07:27:52 +1000] "GET /some/uri/page.html HTTP/1.1" 200 238734 "-" "UserAgent/String"

Not sure if bug or feature

[jwodder]

@NickSifniotis Your log file entry technically doesn't follow the COMBINED format. That format uses the %t directive, and the Apache docs say that this directive, when used without a sub-format string, always includes brackets in its expansion, so apachelogs expects brackets. If you need to match a timestamp without brackets, you have to rewrite COMBINED with the timestamp specified as %{%d/%b/%Y:%H:%M:%S %z}t.

Proof of concept:

>>> from apachelogs import LogParser
>>> parser = LogParser("%h %l %u %{%d/%b/%Y:%H:%M:%S %z}t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"")
>>> entry = parser.parse('10.0.0.0 - anonymous 01/May/2022:07:27:52 +1000 "GET /some/uri/page.html HTTP/1.1" 200 238734 "-" "UserAgent/String"')
>>> entry.request_time
datetime.datetime(2022, 5, 1, 7, 27, 52, tzinfo=datetime.timezone(datetime.timedelta(seconds=36000)))

[NickSifniotis]

Ah, that's what I did wrong. RTFM Nick.
Thanks mate