# Common Log Formats

This page is a glossary of common log formats that can be parsed with the [Tail input plugin](broken://pages/-LR7PNxnK7pp6OKiK7fu).

* Apache Access Log

  Use `format apache2` as shown below:

  ```
    <source>
        @type tail
        format apache2
        tag apache.access
        path /var/log/apache2/access.log
    </source>
  ```
* Apache Error Log

  Use a regular expression. See the `format` field in the following sample configuration.

  ```
    <source>
        @type tail
        format /^\[[^ ]* (?<time>[^\]]*)\] \[(?<level>[^\]]*)\] \[pid (?<pid>[^\]]*)\] \[client (?<client>[^\]]*)\] (?<message>.*)$/
        tag apache.error
        path /var/log/apache2/error.log
    </source>
  ```

  Depending on your particular error log format, you may need to adjust the regular expression above. You can test your format using [fluentd-ui's in\_tail editor](/0.12/deployment/fluentd-ui.md#intail-setting) or [Fluentular](http://fluentular.herokuapp.com).
* Maillog

  Use a regular expression. See the `format` field in the following sample configuration.

  ```
    <source>
        @type tail
        format /^(?<time>[^ ]+) (?<host>[^ ]+) (?<process>[^:]+): (?<message>((?<key>[^ :]+)[ :])? ?((to|from)=<(?<address>[^>]+)>)?.*)$/
        tag postfix.maillog
        path /var/log/maillog
    </source>
  ```
* Nginx Access Log

  Use `format nginx` as shown below:

  ```
    <source>
        @type tail
        format nginx
        tag nginx.access
        path /var/log/nginx/access.log
    </source>
  ```
* Nginx Error Log

  Use the `format*` and `multiline_flush_interval` fields in the following sample configuration. Applications running under Nginx can output multi-line errors including stack traces, so the multiline mode is a good fit.

  ```
    <source>
        @type tail
        tag nginx.error
        path /var/log/nginx/error.log

        format multiline
        format_firstline /^\d{4}/\d{2}/\d{2} \d{2}:\d{2}:\d{2} \[\w+\] (?<pid>\d+).(?<tid>\d+): /
        format1 /^(?<time>\d{4}/\d{2}/\d{2} \d{2}:\d{2}:\d{2}) \[(?<log_level>\w+)\] (?<pid>\d+).(?<tid>\d+): (?<message>.*)/
        multiline_flush_interval 3s
    </source>
  ```

  If you know your error log will only contain single lines, you can use the below simpler configuration with just a `format`.

  ```
    <source>
        @type tail
        format /^(?<time>\d{4}/\d{2}/\d{2} \d{2}:\d{2}:\d{2}) \[(?<log_level>\w+)\] (?<pid>\d+).(?<tid>\d+): (?<message>.*)$/
        tag nginx.error
        path /var/log/nginx/error.log
    </source>
  ```
* GlusterFS Logs

  Use the [GlusterFS input plugin.](/0.12/articles/collect-glusterfs-logs.md)

## Do you not see what you are looking for?

Give us a shout on [GitHub](https://github.com/fluent/fluentd-docs-gitbook/issues?state=open), [Twitter](http://twitter.com/fluentd) or [the mailing list](https://groups.google.com/forum/#!forum/fluentd). Better yet, we always welcome a [pull request](https://github.com/fluent/fluentd-docs-gitbook/pulls)!

If this article is incorrect or outdated, or omits critical information, please [let us know](https://github.com/fluent/fluentd-docs-gitbook/issues?state=open). [Fluentd](http://www.fluentd.org/) is a open source project under [Cloud Native Computing Foundation (CNCF)](https://cncf.io/). All components are available under the Apache 2 License.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.fluentd.org/0.12/articles/common-log-formats.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.