analog-help
Tue, 03 Aug 2004 13:20:51 -0700
Hi
I have multiple Virtual Servers logging to the same log file. How do I
separate them out and report on each. I have tried 'REFINCLUDE
http://web.ebop.in:8030/*' and also 'FILEINCLUDE http://web.ebop.in:8030/*'.
But I do not get any pages being reported.
I am using Microsofts ISA server logs
Example below..
#Software: Microsoft(R) Internet Security and Acceleration Server 2000
#Version: 1.0
#Date: 2004-07-30 00:00:13
#Fields: c-ip cs-username c-agent sc-authenticated date time s-svcname
s-computername cs-referred r-host r-ip r-port time-taken cs-bytes sc-bytes
cs-protocol cs-transport s-operation cs-uri cs-mime-type s-object-source
sc-status s-cache-info rule#1 rule#2
172.16.0.11 celeris\marshal Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.0; .NET CLR 1.0.3705) Y 2004-07-30 00:00:13 w3proxy CELERIS -
www.oldfriends.co.nz 202.21.128.3 80 296 732 25974 http TCP GET
http://www.oldfriends.co.nz/oldfriends/member_profile.asp?oldfriends_member_id=112852
text/html Inet 200 0x42020001 Web Marshal Proxy Web Marshal Proxy
203.99.66.6 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) N
2004-07-30 00:02:02 W3ReverseProxy CELERIS - www.envbop.govt.nz 172.16.0.9
8008 - 414 163 http TCP GET
http://web.ebop.int:8008/images/Pollution-Busters800x600.jpg - Inet 304
0x40001002 EnvBOP -
203.99.66.6 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) N
2004-07-30 00:02:02 W3ReverseProxy CELERIS - www.envbop.govt.nz 172.16.0.9
8008 - 400 162 http TCP GET
http://web.ebop.int:8008/menu/printer_plain.gif - Inet 304 0x40001002
EnvBOP -
203.99.66.6 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) N
2004-07-30 00:02:03 W3ReverseProxy CELERIS - www.envbop.govt.nz 172.16.0.9
8008 16 394 164 http TCP GET http://web.ebop.int:8008/menu/alpha.gif - Inet
304 0x40001002 EnvBOP -
203.99.66.6 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) N
2004-07-30 00:02:03 W3ReverseProxy CELERIS - www.envbop.govt.nz 172.16.0.9
8008 - 394 164 http TCP GET http://web.ebop.int:8008/images/Fav.gif - Inet
304 0x40001002 EnvBOP -
203.99.66.6 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) N
2004-07-30 00:02:03 W3ReverseProxy CELERIS - www.envbop.govt.nz 172.16.0.9
8008 - 394 163 http TCP GET http://web.ebop.int:8008/images/shim.gif - Inet
304 0x40001002 EnvBOP -
203.99.66.6 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) N
2004-07-30 00:02:03 W3ReverseProxy CELERIS - www.envbop.govt.nz 172.16.0.9
8008 - 399 164 http TCP GET http://web.ebop.int:8008/images/tukutuku.gif -
Inet 304 0x40001002 EnvBOP -
210.55.30.52 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
.NET CLR 1.1.4322) N 2004-07-30 00:02:04 W3ReverseProxy CELERIS -
www.easternboprecovery.org.nz 172.16.0.9 8030 - 333 3866 http TCP GET
http://web.ebop.int:8030/ text/html Inet 200 0x40800000 EBOPRecovery -
210.55.30.52 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
.NET CLR 1.1.4322) N 2004-07-30 00:02:05 W3ReverseProxy CELERIS -
www.easternboprecovery.org.nz 172.16.0.9 8030 - 266 13623 http TCP GET
http://web.ebop.int:8030/images/recovery.jpg image/jpeg Inet 200 0x40800000
EBOPRecovery -
210.55.30.52 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
.NET CLR 1.1.4322) N 2004-07-30 00:02:05 W3ReverseProxy CELERIS -
www.easternboprecovery.org.nz 172.16.0.9 8030 16 261 6500 http TCP GET
http://web.ebop.int:8030/Images/wdc.gif image/gif Inet 200 0x40800000
EBOPRecovery -
210.55.30.52 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
.NET CLR 1.1.4322) N 2004-07-30 00:02:05 W3ReverseProxy CELERIS -
www.easternboprecovery.org.nz 172.16.0.9 8030 16 264 7116 http TCP GET
http://web.ebop.int:8030/Images/envbop.gif image/gif Inet 200 0x40800000
EBOPRecovery -
210.55.30.52 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
.NET CLR 1.1.4322) N 2004-07-30 00:02:05 W3ReverseProxy CELERIS -
www.easternboprecovery.org.nz 172.16.0.9 8030 16 261 5068 http TCP GET
http://web.ebop.int:8030/Images/odc.gif image/gif Inet 200 0x40800000
EBOPRecovery -
1
203.97.51.49 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
.NET CLR 1.1.4322) N 2004-07-30 00:02:33 W3ReverseProxy CELERIS -
www.odc.govt.nz 172.16.0.9 8006 - 356 163 http TCP GET
http://web.ebop.int:8006/images/v5_news.jpg - Inet 304 0x40001002 ODC -
203.97.51.49 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
.NET CLR 1.1.4322) N 2004-07-30 00:02:33 W3ReverseProxy CELERIS -
www.odc.govt.nz 172.16.0.9 8006 - 357 163 http TCP GET
http://web.ebop.int:8006/images/v5_logo1.jpg - Inet 304 0x40001002 ODC -
203.97.51.49 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
.NET CLR 1.1.4322) N 2004-07-30 00:02:33 W3ReverseProxy CELERIS -
www.odc.govt.nz 172.16.0.9 8006 - 359 163 http TCP GET
http://web.ebop.int:8006/images/v5_contact.jpg - Inet 304 0x40001002 ODC -
203.97.51.49 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
.NET CLR 1.1.4322) N 2004-07-30 00:02:33 W3ReverseProxy CELERIS -
www.odc.govt.nz 172.16.0.9 8006 - 357 163 http TCP GET
http://web.ebop.int:8006/images/v5_links.jpg - Inet 304 0x40001002 ODC -
203.97.51.49 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
.NET CLR 1.1.4322) N 2004-07-30 00:02:33 W3ReverseProxy CELERIS -
www.odc.govt.nz 172.16.0.9 8006 - 358 163 http TCP GET
http://web.ebop.int:8006/images/v5_spacer.jpg - Inet 304 0x40001002 ODC -
203.97.51.49 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
.NET CLR 1.1.4322) N 2004-07-30 00:02:33 W3ReverseProxy CELERIS -
www.odc.govt.nz 172.16.0.9 8006 - 358 163 http TCP GET
http://web.ebop.int:8006/images/v5_people.jpg - Inet 304 0x40001002 ODC -
Any help appreciated.
---------------------------------------------
Raji Arulambalam
Senior Systems Administrator
Environment Bay of Plenty - Regional Council
5 Quay Street, P O Box 364, Whakatane, New Zealand
