Skip to content
This repository has been archived by the owner on Feb 13, 2024. It is now read-only.

[BUG] log parser space issue #381

Open
jazzl0ver opened this issue Feb 9, 2024 · 0 comments
Open

[BUG] log parser space issue #381

jazzl0ver opened this issue Feb 9, 2024 · 0 comments
Assignees
@dwisiswant0
Labels
Status: On Hold Type: Bug Something isn't working

Comments

@jazzl0ver
Copy link

Describe the bug

teler cannot parse log having two spaces in a raw. Log example:

Feb  9 09:00:00 192.168.1.1:42814 [09/Feb/2024:08:59:58.051] lb-useast~ backend/api-elb5 0/2000/0/0/1/12/2013 ---- 27/27/2/0/0 0/0 "POST /location HTTP/1.1" 200 {||||||506|Dalvik/2.1.0 (Linux; U; Android 13)} ireq_size=831 resp_size=123 172.31.43.71:4443 192.168.4.169:443 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2

To Reproduce

Steps to reproduce the behavior:

log_format: |
  $x $x $x $remote_addr:$x [$time_local] $x $x $x $x $x $x "$request_method $request_uri $request_protocol" $status {$x} $x $x $x $x $x $x
$ ./teler -c ./teler.haproxy.yaml -i ./3.txt

          __      __
         / /____ / /__ ____
        / __/ -_) / -_) __/
        \__/\__/_/\__/_/
                        v2.0.0-dev.3

        infosec@kitabisa.com

[WRN] This tool is under development!
[WRN] Please submit a report if an error occurs.
[INF] Analyzing...
[INF] Listening dashboard on http://localhost:9080
[WRN] No logs analyzed, did you write log format correctly?
[INF] Done!

Expected behavior

By removing the space between Feb and 9, things are getting to work:

$ cat 3.txt
Feb 9 09:00:00 192.168.1.1:42814 [09/Feb/2024:08:59:58.051] lb-useast~ backend/api-elb5 0/2000/0/0/1/12/2013 ---- 27/27/2/0/0 0/0 "POST /location HTTP/1.1" 200 {||||||506|Dalvik/2.1.0 (Linux; U; Android 13)} ireq_size=831 resp_size=123 172.31.43.71:4443 192.168.4.169:443 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2
$ ./teler -c ./teler.haproxy.yaml -i ./3.txt

          __      __
         / /____ / /__ ____
        / __/ -_) / -_) __/
        \__/\__/_/\__/_/
                        v2.0.0-dev.3

        infosec@kitabisa.com

[WRN] This tool is under development!
[WRN] Please submit a report if an error occurs.
[INF] Analyzing...
[INF] Listening dashboard on http://localhost:9080
[INF] Done!

Environment (please complete the following information):

Linux host 4.14.322-246.539.amzn2.x86_64 #1 SMP Wed Sep 6 22:22:06 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
  • teler Version [teler v2.0.0-dev.3]
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@dwisiswant0 dwisiswant0

Labels
Status: On Hold Type: Bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jazzl0ver @dwisiswant0