http://qs321.pair.com?node_id=1131036


in reply to Re^8: Question about the most efficient way to read Apache log files without All-In-One Modules from CPAN (personal learning exercise)
in thread Question about the most efficient way to read Apache log files without All-In-One Modules from CPAN (personal learning exercise)

nor does it guarantee that the HTTP command field always consists of exactly 3 space-separated components (hint: it doesn't).

You read the wrong spec, or you misread the right one:

The Request-Line begins: -- with a method token, -- followed by the Request-URI -- and the protocol version, -- and ending with CRLF. The elements are separated by SP characters. No CR or LF is allowed except in the final CRLF sequence. Request-Line = Method SP Request-URI SP HTTP-Version CRLF

With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
"Science is about questioning the status quo. Questioning authority".
In the absence of evidence, opinion is indistinguishable from prejudice.
I'm with torvalds on this Agile (and TDD) debunked I told'em LLVM was the way to go. But did they listen!
div class=

Replies are listed 'Best First'.
Re^10: Question about the most efficient way to read Apache log files without All-In-One Modules from CPAN (personal learning exercise)
by wrog (Friar) on Jun 18, 2015 at 21:39 UTC
    1. That's the HTTP spec, which is all very nice but is not the Apache Log spec.
    2. Just assuming for the sake of argument that the HTTP command line is indeed being copied verbatim into that field, there's also the question of whether all of the clients out there will be actually following the spec — we live in a world with script kiddies and DDOS hobbyists, after all (hint: I'm guessing there's a reason the Apache folks saw fit to double-quote that field)

    In other news, in my real-live Apache 2.4 webserver using the default-format log, I see lines like this:

    10.54.33.35 - - [18/Jun/2015:09:05:55 -0700] "-" 408 0
      In other news, in my real-live Apache 2.4 webserver using the default-format log, I see lines like this: ...

      Then you've got a problem. (Hint: That would break Apache::Log::Parser amongst most other 'proper parsers')


      With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
      Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
      "Science is about questioning the status quo. Questioning authority".
      In the absence of evidence, opinion is indistinguishable from prejudice.
      I'm with torvalds on this Agile (and TDD) debunked I told'em LLVM was the way to go. But did they listen!
        if so, that would be remarkably b0rken behavior for Apache::Log::Parser -- oddly enough, a quick glance of the source reveals that it indeed knows how to handle double-quoted fields; it's not doing a simple split. I'll bet an entire pitcher of beer that it handles this just fine.

        408, BTW, is Request Timeout; connection is opened but no actual command ever gets sent before the server closes it down. So yeah, perhaps a problem there, but not with the server.