File tree 2 files changed +19
-1
lines changed
2 files changed +19
-1
lines changed Original file line number Diff line number Diff line change @@ -8,7 +8,7 @@ HTTPD_COMBINEDLOG %{HTTPD_COMMONLOG} "(?:-|%{DATA:[http][request][referrer]})" "
88
99# Error logs
1010HTTPD20_ERRORLOG \[%{HTTPDERROR_DATE:timestamp}\] \[%{LOGLEVEL:[log][level]}\] (?:\[client %{IPORHOST:[source][address]}\] )?%{GREEDYDATA:message}
11- HTTPD24_ERRORLOG \[%{HTTPDERROR_DATE:timestamp}\] \[(?:%{WORD:[apache][error][module]})?:%{LOGLEVEL:[log][level]}\] \[pid %{POSINT:[process][pid]:int}(:tid %{INT:[process][thread][id]:int})?\](?: \(%{POSINT:[apache][error][proxy][error][code]? }\)%{DATA:[apache][error][proxy][error][message]}:)?(?: \[client %{IPORHOST:[source][address]}(?::%{POSINT :[source][port]:int})?\])?(?: %{DATA:[error][code]}:)? %{GREEDYDATA:message}
11+ HTTPD24_ERRORLOG \[%{HTTPDERROR_DATE:timestamp}\] \[(?:%{WORD:[apache][error][module]})?:%{LOGLEVEL:[log][level]}\] \[pid %{POSINT:[process][pid]:int}(:tid %{INT:[process][thread][id]:int})?\](?: \(%{POSINT:[apache][error][proxy][error][code]}\)%{DATA:[apache][error][proxy][error][message]}:)?(?: \[client %{IPORHOST:[source][address]}(?::%{NONNEGINT :[source][port]:int})?\])?(?: %{DATA:[error][code]}:)? %{GREEDYDATA:message}
1212# :long - %{INT:[process][thread][id]:int}
1313HTTPD_ERRORLOG %{HTTPD20_ERRORLOG}|%{HTTPD24_ERRORLOG}
1414
Original file line number Diff line number Diff line change 279279 end
280280 end
281281
282+ context "a httpd 2.4 proxy message" do
283+ let ( :message ) do
284+ "[Fri Sep 13 20:16:16.614584 2024] [proxy_fcgi:error] [pid 74738:tid 74765] (70008)Partial results are valid but processing is incomplete: [client 203.0.113.1:0] AH01075: Error dispatching request to : (reading input brigade)"
285+ end
286+
287+ it "matches" do
288+ expect ( grok ) . to include ( 'timestamp' => 'Fri Sep 13 20:16:16.614584 2024' )
289+ if ecs_compatibility?
290+ expect ( grok ) . to include ( "apache" => { "error" => { "module" => "proxy_fcgi" , "proxy" => { "error" => { "code" => "70008" , "message" => "Partial results are valid but processing is incomplete" } } } } )
291+ expect ( grok ) . to include ( "log" => { "level" => "error" } )
292+ expect ( grok ) . to include ( "process" => { "pid" => 74738 , "thread" => { "id" => 74765 } } )
293+ expect ( grok ) . to include ( "source" => { "address" => "203.0.113.1" , "port" => 0 } )
294+ expect ( grok ) . to include ( "error" => { "code" => "AH01075" } )
295+ expect ( grok ) . to include ( "message" => [ message , "Error dispatching request to : (reading input brigade)" ] )
296+ end
297+ end
298+ end
299+
282300 context 'a debug message' do
283301 let ( :message ) do
284302 '[Fri Feb 01 22:03:08.319124 2019] [authz_core:debug] [pid 9:tid 140597881775872] mod_authz_core.c(820): [client 172.17.0.1:50752] AH01626: authorization result of <RequireAny>: granted'
You can’t perform that action at this time.
0 commit comments