In IIS format, the second IP address is used to indicate which IP
address the connection came to. In the vast majority of cases, there is
only one such address involved, and Analog doesn't care about it anyway,
so it can be considered junk.
You're approaching this from the wrong direction - you want to know what
every field is, and then only "junk" the ones you don't want. The other
approach is to assume everything is "junk", and then select the fields
you really care about and "unjunk" them. If you don't know why a field
is important, then it isn't important.
(I realize that from a learning point of view, this isn't necessarily a
good approach. But from a learning point of view, you don't want to use
the IIS log format, which isn't exactly well explained anywhere. Select
the W3C Extended format instead, and see the different fields it gives
you the option of logging, and the explanation for each one).
The User field will only ever be filled in if you restrict anonymous
access, and cause users to "log in" to your server - if this will never
happen, you can junk this field too.
The term "web sites" is somewhat ambiguous (this isn't a criticism of
you - lots of different people use it to mean different things). With
IIS4, you can have multiple Virtual Servers running on a single box,
with a single IP address. Each of these Virtual Servers will have it's
own Logfile. If you have 5 Virtual Servers on your box, you can create a
single Analog Report by specifying all 5 log files as input (5 LOGFILE
lines in the ANALOG.CFG file).
If you mean that you have 5 different "Webs" on a single Virtual server,
then they are all included in your one log file automatically.
Aengus
______________________________ Reply Separator _________________________________
Subject: Re: [analog-help] Demon native Log
Author: [EMAIL PROTECTED] at Internet
Date: 2/25/99 2:39 PM
Log files:
The indiscriminate use of %j for junk still doesn't make sense to me. How
do you know what to identify as junk? In the following response you
formatted this output below with the following format statement.
206.19.211.20, -, 2/22/99, 11:00:35, W3SVC, EHSERV, 169.237.132.82, 942,
>Try this LOGFORMAT command
>LOGFORMAT %S, %u, %m/%d/%y, %h:%n:%j, %j, %j, %j, %b, %j, %j, %c, %j, %j,
%f, %q
That means something obvious like an IP number is junk? also the domain
name (EHSERV)? I thought that might be %v or %f?
I assume I will eventually see something in the %u space? If not what is
the user?
I have 5 web sites on my server so W3SVC%J should be used I guess instead
of %j. What do I need to do to include the other web sites in the logs?
Is that an IIS issue? There is only one setting there either on or off
with variables in there as to size of file or time.
Sorry if I'm dense. I am trying to get the info out of the whole.htm file.
Glen Forister 530-752-4337 FAX 530-752-1819
[EMAIL PROTECTED], [EMAIL PROTECTED]
Environmental Horticulture Dept.,
University of California, Davis, CA 95616
--------------------------------------------------------------------
This is the analog-help mailing list. To unsubscribe from this
mailing list, send mail to [EMAIL PROTECTED]
with "unsubscribe analog-help" in the main BODY OF THE MESSAGE.
--------------------------------------------------------------------
Received: from nmho05u.rohmhaas.com ([136.141.252.23]) by ima1.rohmhaas.com with
SMTP
(IMA Internet Exchange 3.11) id 0012A65E; Thu, 25 Feb 1999 18:02:54 -0500
Received: by nmho05u.rohmhaas.com; id RAA09655; Thu, 25 Feb 1999 17:57:50 -0500
(EST)
Received: from mb3.mailbank.com(209.133.104.8) by nmho05u.rohmhaas.com via smap
(3.2)
id xma009647; Thu, 25 Feb 99 17:57:41 -0500
Received: from gateway1.isite.net (gateway1.isite.net [198.207.204.66])
by mb3.mailbank.com (8.9.1a/8.9.1) with ESMTP id OAA21755
for <[EMAIL PROTECTED]>; Thu, 25 Feb 1999 14:57:20 -0800
Received: from proxy1.noc.isite.net ([172.16.1.11] (may be forged)) by
gateway1.isite.net (8.8.6/8.8) with ESMTP id OAA24370; Thu, 25 Feb 1999 14:48:26
-0800 (PST)
Received: from mail2.noc.isite.net (mail2.noc.isite.net [172.16.1.22]) by
proxy1.noc.isite.net (8.8.6/8.8) with ESMTP id OAA16800; Thu, 25 Feb 1999
14:48:24 -0800 (PST)
Received: (from majordom@localhost) by mail2.noc.isite.net (8.8.6/8.8) id
OAA15339 for analog-help-localoutlist; Thu, 25 Feb 1999 14:48:15 -0800 (PST)
Received: from proxy1.noc.isite.net (proxy1.noc.isite.net [172.16.1.11]) by
mail2.noc.isite.net (8.8.6/8.8) with ESMTP id OAA15335 for
<[EMAIL PROTECTED]>; Thu, 25 Feb 1999 14:48:10 -0800 (PST)
Received: from gateway1.isite.net (gateway1.isite.net [198.207.204.66]) by
proxy1.noc.isite.net (8.8.6/8.8) with ESMTP id OAA16794 for
<[EMAIL PROTECTED]>; Thu, 25 Feb 1999 14:48:09 -0800 (PST)
Received: from pop4.ucdavis.edu (pop4.ucdavis.edu [169.237.105.14]) by
gateway1.isite.net (8.8.6/8.8) with ESMTP id OAA24366 for
<[EMAIL PROTECTED]>; Thu, 25 Feb 1999 14:48:08 -0800 (PST)
Received: from GLEN (eh20.ucdavis.edu [169.237.132.20])
by pop4.ucdavis.edu (8.9.3/UCD3.13.4) with SMTP id OAA08378
for <[EMAIL PROTECTED]>; Thu, 25 Feb 1999 14:48:08 -0800 (PST)
Message-Id: <>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0
Date: Thu, 25 Feb 1999 14:39:17 -0800
To: [EMAIL PROTECTED]
From: "Glen W. Forister" <[EMAIL PROTECTED]>
Subject: Re: [analog-help] Demon native Log
In-Reply-To: <>
References: <>
<>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: [EMAIL PROTECTED]
Precedence: bulk
Reply-To: [EMAIL PROTECTED]
