Log Formats

Supported formats and custom configuration

Automatic Format Detection

When you open a log file, Logfile Expert automatically analyzes the first few lines to detect the format. This works seamlessly for all built-in formats.

If automatic detection fails or selects the wrong format, you can manually select a format from the Format dropdown in the toolbar.

Format selection dropdown

Web Server Logs

Apache/nginx Access Logs

Supports Apache and nginx access logs in Common Log Format (CLF) and Combined Log Format.

Example (Combined Log Format):

192.168.1.1 - - [30/Jan/2026:14:23:15 +0000] "GET /api/users HTTP/1.1" 200 4238 "-" "Mozilla/5.0"

Parsed Fields:

  • IP Address
  • Timestamp
  • HTTP Method
  • Request Path
  • HTTP Version
  • Status Code
  • Response Size
  • Referrer
  • User Agent

Apache Error Logs

Parses Apache error log entries with severity levels and module information.

Example:

[Fri Jan 30 14:23:15.432 2026] [core:error] [pid 1234] [client 192.168.1.1:54321] File does not exist: /var/www/html/missing.html

Parsed Fields:

  • Timestamp
  • Module
  • Log Level
  • Process ID
  • Client IP
  • Message

System Logs

Syslog

Standard syslog format used by most Linux distributions.

Example:

Jan 30 14:23:15 server sshd[1234]: Accepted publickey for user from 192.168.1.1 port 54321 ssh2

Parsed Fields: Timestamp, Hostname, Process Name, PID, Message

Linux Auth Log

Authentication and authorization events on Linux systems. Parsed with the same structure as syslog, with additional extraction of event type, user, source IP, port, and authentication method.

Example:

Jan 30 14:23:15 server sshd[52770]: login_failure admin 188.166.74.237

Linux Kernel Log

Kernel messages from /var/log/kern.log.

Example:

Jan 30 14:23:15 server kernel: [12345.678] usb 1-1: new high-speed USB device number 3 using xhci_hcd

Linux dmesg

Kernel ring buffer messages.

Example:

[12345.678] usb 1-1: new high-speed USB device number 3 using xhci_hcd

Journald (short-log)

Systemd journal output in short log format.

Example:

Jan 30 14:23:15 server systemd[1]: Started Session 1234 of user root.

macOS Install Log

macOS installation and software update logs.

macOS WiFi Log

macOS WiFi diagnostic and connection logs.

Application Logs

JSON Lines

Each line is a valid JSON object. All JSON fields are automatically extracted into separate columns.

Example:

{"timestamp":"2026-01-30T14:23:15Z","level":"error","message":"Connection timeout","ip":"192.168.1.1"}

Postfix Mail Log

Postfix SMTP server logs.

Example:

Jan 30 14:23:15 mail postfix/smtp[1234]: 5A3B1234: to=<user@example.com>, relay=smtp.example.com[192.168.1.1]:25, delay=0.53, status=sent

Exim Mail Log

Exim mail transfer agent logs.

Example:

2026-01-30 14:23:15 1tABC2-00012a-Kf <= sender@example.com H=mail.example.com [192.168.1.1] P=esmtps S=1234

Fail2ban Log

Fail2ban intrusion prevention logs.

Example:

2026-01-30 14:23:15,123 fail2ban.actions [1234]: NOTICE [sshd] Ban 192.168.1.100

PHP Error Log

PHP application errors and warnings.

Example:

[30-Jan-2026 14:23:15 UTC] PHP Fatal error: Call to undefined function in /var/www/html/index.php on line 42

vsftpd Log

vsftpd FTP server transfer logs.

Example:

Fri Jan 30 14:23:15 2026 [pid 1234] [user] OK UPLOAD: Client "192.168.1.1", "/home/user/file.txt", 1024 bytes

Plain Text

When no structured format is detected, files are displayed as plain text with line numbers. This works for any text file.

Custom Log Formats

If your log format isn't supported out of the box, you can define a custom parser. Select Create Custom Format... from the Format dropdown in the toolbar, or open Preferences → Custom Formats.

The custom format editor supports regex pattern mode and fixed-width mode, with typed columns (Timestamp, IP, Level, String) that enable specialized filters. See the Custom Formats documentation for a complete guide.

Troubleshooting Format Detection

Wrong Format Detected

If Logfile Expert selects the wrong format:

  1. Click the Format dropdown in the toolbar
  2. Manually select the correct format
  3. The file will be re-parsed immediately

Format Not Detected

If no format is detected:

  • Check if your log file uses one of the supported formats
  • Verify the file isn't corrupted or empty
  • Look at the first few lines — they should match a known pattern
  • Create a custom format for proprietary log formats