mstoeck3/nginx_to_jsonl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nginx_to_jsonl.py hinzugefügt

Browse Source
This commit is contained in:
Mario Stöckl 2025-07-30 10:47:51 +00:00
parent f8083beb9d
commit 6f008a18af
1 changed files with 101 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
nginx_to_jsonl.py Normal file
View File

@ -0,0 +1,101 @@
import re, json, datetime, gzip, glob, os
def convert_logs_to_jsonl():
# Define log types and their patterns
log_types = {
'access': {
'pattern': 'access.log*',
'output': 'timesketch_access.jsonl',
'desc': 'HTTP Request Time'
},
'error': {
'pattern': 'error.log*',
'output': 'timesketch_error.jsonl',
'desc': 'Error Event Time'
},
'redirect': {
'pattern': 'redirect-access.log*',
'output': 'timesketch_redirect.jsonl',
'desc': 'Redirect Request Time'
}
}
# Regex pattern for nginx logs
pattern = r'(\S+) (\S+) (\S+) \[([^\]]+)\] "([^"]*)" (\d+) (\S+) "([^"]*)" "([^"]*)"(?:\s+"([^"]*)")?'
for log_type, config in log_types.items():
files = sorted(glob.glob(config['pattern']))
if not files:
continue
print(f"Processing {len(files)} {log_type} files...")
with open(config['output'], 'w') as out:
for log_file in files:
print(f" Processing: {log_file}")
# Handle compressed files
if log_file.endswith('.gz'):
opener = gzip.open
mode = 'rt'
else:
opener = open
mode = 'r'
try:
with opener(log_file, mode) as f:
for line_num, line in enumerate(f):
match = re.match(pattern, line.strip())
if match:
groups = match.groups()
ip = groups[0]
remote_ident = groups[1] if groups[1] != '-' else None
remote_user = groups[2] if groups[2] != '-' else None
timestamp = groups[3]
request = groups[4]
status = groups[5]
size = groups[6]
referer = groups[7] if groups[7] != '-' else None
user_agent = groups[8]
additional = groups[9] if len(groups) > 9 and groups[9] else None
# Parse HTTP request
request_parts = request.split(' ')
method = request_parts[0] if len(request_parts) > 0 else None
uri = request_parts[1] if len(request_parts) > 1 else None
protocol = request_parts[2] if len(request_parts) > 2 else None
# Convert timestamp
dt = datetime.datetime.strptime(timestamp, '%d/%b/%Y:%H:%M:%S %z')
event = {
"message": line.strip(),
"datetime": dt.isoformat(),
"timestamp_desc": config['desc'],
"source_file": log_file,
"log_type": log_type,
"source_ip": ip,
"remote_ident": remote_ident,
"remote_user": remote_user,
"http_method": method,
"http_uri": uri,
"http_protocol": protocol,
"http_request_full": request,
"status_code": int(status),
"response_size": int(size) if size.isdigit() else 0,
"referer": referer,
"user_agent": user_agent,
"additional_field": additional,
"data_type": f"web:{log_type}:log"
}
# Remove None values
event = {k: v for k, v in event.items() if v is not None}
out.write(json.dumps(event) + '\n')
except Exception as e:
print(f" Error processing {log_file}: {e}")
print(f" Output: {config['output']}")
convert_logs_to_jsonl()