Can I use Chainsaw to view httpd access and error log?

Question

Chainsaw seems to be a very powerful logviewer. However, I could not find the correct settings to open a httpd standard logfile.

A line in the log looks like

123.65.15.255 - - [04/Jan/2015:03:38:12 +0100] "GET /index.html
 HTTP/1.1" 200 - "-" "Mozilla/5.0 (compatible)"

Does anybody know what I need to set in "Log File Format type and format?

Answer 1

I tried with pattern %X{IP} %X{ident} %X{UserID} [%d] %m and timestamp format dd/MMM/yyyy:HH:mm:ss Z, but the parsing was not correct (date and message are wrong), I don't know why. I personally prefer using the logviewer "LogMX": I tried the same pattern in LogMX and it works like a charm: %X{IP} %X{ident} %X{UserID} [%d{dd/MMM/yyyy:HH:mm:ss Z}] %m (here, the date format is included in the pattern):

If you want, you can also parse each specific field after "GET": HTTP status code, user-agent string, ... to have a new column for each field. Also see:

• http://httpd.apache.org/docs/1.3/logs.html (and your httpd config file) for httpd logs format
• http://logging.apache.org/log4j/2.0/manual/layouts.html#PatternLayout for Log4j v2 patterns,
• https://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/PatternLayout.html for Log4j v1 patterns
• http://docs.oracle.com/javase/7/docs/api/java/text/SimpleDateFormat.html for date formats

Answer 2

I was able to load your example log entry using the latest developer snapshot of Chainsaw available at http://people.apache.org/~sdeboy:

Process:

• Start Chainsaw
• Select the file, load Chainsaw configuration option
• Select the Process a log file option
• Hit 'open file' to select to your log file from the file dialog

Configuration options:

Log file format type

• LogFilePatternReceiver LogFormat

Log file format

• PROP(IP) PROP(IDENT) PROP(REMOTE_USER) [TIMESTAMP] "PROP(REQUEST)" PROP(STATUS_CODE) PROP(SIZE) "PROP(REFERER)" "PROP(USER_AGENT)"

Log file timestamp format

• dd/MMM/yyyy:HH:mm:ss ZZZZZ

You can choose to select the 'Save configuration as' button to save this configuration as an xml Chainsaw config file for later use, and optionally select the 'always start Chainsaw with this configuration' checkbox, to have Chainsaw use this configuration on each start.

A new tab should be created containing log events for the log file.

To display the columns and update the timestamp format output:

• Right-click in the table and select 'Tab preferences'.
• In the dialog that opens, select formatting section, change 'Time zone of events' to CET (CET seems to match the timezone offset as it is in that example log entry)
• Select the 'columns' section and click in the boxes for IP, IDENT, REMOTE_USER, REQUEST, STATUS_CODE, SIZE, REFERER AND USER_AGENT properties so they are displayed on-screen (you can probably deselect the others).