[analog-help] APACHELOGFORMAT and hosts report

Fri, 24 Oct 2008 07:27:45 -0700 

Hello Analog gurus, 

I've been using Analog on-and-off for a while, and I'm a big fan.

I'm trying to get Analog to give me a "hosts" report.  The problem I seem 
to have is that the logs are writing an X-Forwarded-For header which is 
the only way I have of knowing what the actual browser IP address was. 
(lots of network topology in the way....)

So based on the following log format in Apache httpd.conf:
   (I'm pretty sure this is current, but I will double-check)

LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" 
\"%{User-Agent}i\"\"%{Cookie}i\" %D"  webtrends

So in analog.cfg, I have:

APACHELOGFORMAT (%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b 
\"%{Referer}i\" \"%{User-Agent}i\"\"%{Cookie}i\" %D) 

And here's a sample line from the Apache access log:

10.235.166.27 - - [22/Oct/2008:09:22:49 -0500] "GET /wps/portal/xxx 
HTTP/1.1" 400 65536 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 
5.1; SV1; .NET CLR 1.1.4322; .NET CLR 
2.0.50727)""WT_FPC=id=10.234.239.40-2330051872.29954568:lv=1224706655084:ss=1224706491290;
 
JSESSIONID=0000HDRNq7GzVKH0HRzrmcAv123:139i273in; 
erU47MFBA6M2SE7HASZ6CLAGK3341=PWD=&CLX=EnhancedRTE&HMS=ppdapz0131&LGN=MJSW43TFNJZDC;
 
__utma=101953745.1997367580080200200.1221591400.1221591400.1221591400.1; 
__utmz=101953745.1221591400.1.1.utmcsr=<hostname>.com|utmccn=(referral)|utmcmd=referral|utmcct=/wps/portal/!ut/p/c1/04_sb8k8xllm9msszpy8xbz9cp0os3gdfwnvj29dm2mxazmj91avl08jawjq9_piz03vl8h2vaqavxwhdw!!/dl2/d1/l2djqsevuut3qs9zqnb3lzzfme8ws0jlmtyzrda2mkdvskwxmjawmdawmda!/"
 
576318

Finally I get to my question:  how can I get a "hosts" report from this? 

I tried making the APACHELOGFORMAT use %S as the first token, but that 
didn't work. 

Thanks in advance!

Don Jones

Life is not tested or documented to be fair.  Thinking life is fair is not 
supported.
+------------------------------------------------------------------------
|  TO UNSUBSCRIBE from this list:
|    http://lists.meer.net/mailman/listinfo/analog-help
|
|  Analog Documentation: http://analog.cx/docs/Readme.html
|  List archives:  http://www.analog.cx/docs/mailing.html#listarchives
|  Usenet version: news://news.gmane.org/gmane.comp.web.analog.general
+------------------------------------------------------------------------

Reply via email to