[Oisf-users] http.log log format
Geert Alberghs
alberghs.g at gmail.com
Thu Apr 5 08:14:27 UTC 2012
Hello,
http logging has been enabled in our environment. The purpose is to parse
these logs for URL's up to and including the path. (so no query and/or
fragment part) The problem is that in http.log I encounter 2 log formats:
1. TIMESTAMP HOSTNAME [**] COMPLETE URL [**]
2. TIMESTAMP HOSTNAME [**] URL without SCHEME&HOSTNAME [**]
In case 1 I only need COMPLETE URL and strip of query and/or fragment
In case 2 I need to concat "SCHEME", "HOSTNAME" and "URL without
SCHEME&HOSTNAME" and then strip of query and/or fragment.
Is there any logic in why there are 2 different cases? Personally I think
log format 1 is preferable.
Best Regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120405/7f887703/attachment-0002.html>
More information about the Oisf-users
mailing list