This repository was archived by the owner on Feb 13, 2024. It is now read-only.
This repository was archived by the owner on Feb 13, 2024. It is now read-only.
[BUG] log parser space issue #381
Description
Describe the bug
teler cannot parse log having two spaces in a raw. Log example:
Feb 9 09:00:00 192.168.1.1:42814 [09/Feb/2024:08:59:58.051] lb-useast~ backend/api-elb5 0/2000/0/0/1/12/2013 ---- 27/27/2/0/0 0/0 "POST /location HTTP/1.1" 200 {||||||506|Dalvik/2.1.0 (Linux; U; Android 13)} ireq_size=831 resp_size=123 172.31.43.71:4443 192.168.4.169:443 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2
To Reproduce
Steps to reproduce the behavior:
log_format: |
$x $x $x $remote_addr:$x [$time_local] $x $x $x $x $x $x "$request_method $request_uri $request_protocol" $status {$x} $x $x $x $x $x $x$ ./teler -c ./teler.haproxy.yaml -i ./3.txt
__ __
/ /____ / /__ ____
/ __/ -_) / -_) __/
\__/\__/_/\__/_/
v2.0.0-dev.3
infosec@kitabisa.com
[WRN] This tool is under development!
[WRN] Please submit a report if an error occurs.
[INF] Analyzing...
[INF] Listening dashboard on http://localhost:9080
[WRN] No logs analyzed, did you write log format correctly?
[INF] Done!
Expected behavior
By removing the space between Feb and 9, things are getting to work:
$ cat 3.txt
Feb 9 09:00:00 192.168.1.1:42814 [09/Feb/2024:08:59:58.051] lb-useast~ backend/api-elb5 0/2000/0/0/1/12/2013 ---- 27/27/2/0/0 0/0 "POST /location HTTP/1.1" 200 {||||||506|Dalvik/2.1.0 (Linux; U; Android 13)} ireq_size=831 resp_size=123 172.31.43.71:4443 192.168.4.169:443 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2
$ ./teler -c ./teler.haproxy.yaml -i ./3.txt
__ __
/ /____ / /__ ____
/ __/ -_) / -_) __/
\__/\__/_/\__/_/
v2.0.0-dev.3
infosec@kitabisa.com
[WRN] This tool is under development!
[WRN] Please submit a report if an error occurs.
[INF] Analyzing...
[INF] Listening dashboard on http://localhost:9080
[INF] Done!
Environment (please complete the following information):
Linux host 4.14.322-246.539.amzn2.x86_64 #1 SMP Wed Sep 6 22:22:06 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
- teler Version [teler v2.0.0-dev.3]