Strange "pattern not match" error on fluentd

apache logging fluentd
nixmind picture nixmind · Jul 31, 2015 · Viewed 7.3k times · Source

Can someone tell if its normal that fluentd raise this error in td-agent.log file?

2015-07-31 13:15:19 +0000 [warn]: pattern not match: "- - - [31/Jul/2015:13:15:19 +0000] GET http://172.31.108.218/ HTTP/1.1 200 0 \"-\" \"ELB-HealthChecker/1.0\""

While this is a well formated apache2 log:

- - - [31/Jul/2015:13:15:19 +0000] GET http://172.31.108.218/ HTTP/1.1 200 0 \"-\" \"ELB-HealthChecker/1.0\"

And here is the source configuration:

<source>
  type tail
  format apache2
  path /var/log/varnish/varnishncsa.log
  pos_file /var/log/td-agent/tmp/access.log.pos
  tag "apache2.varnish-access"
</source>

I can't figure out what's wrong there above.

Answer

nixmind picture nixmind · Jul 31, 2015

The problem is that these ELB-HealthChecker line log has an empty referer ip field. And then the log doesn't match apache2 log format for fluentd.

So the way to fix that is to filter logs with ELB-HealthChecker user-agent.

Related questions

how to make log4j to write to the console as well

Is there any way to tell to log4j to write its log to the file and to the console? thanks there are my properties: log4j.rootLogger=DEBUG,console,R log4j.rootLogger=INFO, FILE log4j.appender.CONSOLE=…

Read More
Best way to log POST data in Apache?

Imagine you have a site API that accepts data in the form of GET requests with parameters, or as POST requests (say, with standard url-encoded, &-separated POST data). If you want to log and analyze API calls, the GET …

Read More
Best way to rotate Apache log files

I've got an Apache server that has one access log file that is topping 600MB. This makes it really hard to search the file or parse it. What software or modules for Apache are available that will make a daily …

Read More