On Tue, Jul 2, 2024 at 6:54 PM Dominic Humphries <dominic@xxxxxxxxxx.invalid> wrote: > > As per https://httpd.apache.org/docs/current/mod/mod_log_config.html#format-notes we see special characters getting represented in our logs by their hexadecimal representation - \xhh > > However, we output our logs in a json format, and this representation results in invalid JSON, which gives us problems when we forward them to Logstash. > > A path of /abc gives us the expected output: "@message": "GET /abc HTTP/1.1" > which is valid JSON > But a path of e.g. /abcé results in: "@message": "GET /abc\xc3\xa9 HTTP/1.1" > which results in jq reporting parse error: Invalid escape > > Ideally, we'd like to disable the hex representation and just have the original string in our logs. Failing that, adding additional backslashes to escape the inserted hex seems like it should work, and I thought piping the log via sed would allow for this, but for some reason > > CustomLog "|$/usr/bin/sed 's/old/new/g' >> logfile" logstash_ext_json > > just results in nothing being logged to the file - no errors anywhere, just no logging happening. sed may buffer input/output, so it might take a while before anything is written to the logfile. > Any advice on how to fix the logging so every special character doesn't break JSON parsing would be appreciated! The correct solution - proper JSON-style escaping is currently stuck in this Pull request: https://github.com/apache/httpd/pull/429 If you build httpd yourself anyway, you can just apply that patch locally, test it, and report your resuts in the pull request. That may help it move towards getting merged into the 2.4 branch. As a workaround, substitute \x with % in your log pipeline. Rainer --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|