Kraken Log File Parser
Log File Parser project contains various log parsers and normalizers for text log file.
Apache Web Log
Parser
| descriptor | raw log field |
| %a | client_ip |
| %A | server_ip |
| %B | resp_bytes |
| %b | resp_bytes_clf |
| %C | cookie |
| %D | duration_msec |
| %e | env |
| %f | file |
| %h | remote_host |
| %H | protocol |
| %i | req_header |
| %l | login |
| %m | method |
| %n | note |
| %o | resp_header |
| %P | pid |
| %p | server_port |
| %q | query |
| %r | request |
| %s | status |
| %t | date |
| %T | duration_sec |
| %u | user |
| %U | url |
| %v | canonical_name |
| %V | server_name |
| %X | connection |
| %I | rcvd |
| %O | sent |
Normalization
| normalized field | original log field |
| date | date |
| category | "web" hard-coded |
| method | method |
| url | url |
| status | status |
| src_ip | client_ip |
| dst_ip | server_ip |
| dst_port | server_port |
| rcvd | rcvd |
| sent | sent |
OpenSSH
Normalization
| normalized field | original log field |
| category | "login" hard-coded |
| date | date |
| result | result |
| account | account |
| src_ip | src_ip |
| src_port | src_port |
| protocol | protocol |
