Can't parse httpd combined logs when ident is set

I have those logs (OVH shared hosting), that set the ident field of log lines to: example.com:443. It's only on a fraction of the logs, most of them set to example.com or www.example.com as they should (I think?).

A full example line :

83.149.9.216 example.com:443 - [24/Feb/2015:23:13:42 +0000] "GET /presentations/logstash-monitorama-2013/images/kibana-search.png HTTP/1.1" 200 203023 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"

tested to fail on latest logstash-patterns-core

It looks like it should be accepted as I far as I understand it from the ident field definition in RFC1413, but I wanted to have confirmation before filling a bug report. It's the first time I saw this ident field set like this and it might well be just the hosting provider doing something non-standard at all?

Should this log line be accepted as a "COMBINED" log?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.