Michael Maurer wrote:
> My problem by using analog is the MS-Proxy-file format.
> It looks like that: (it's one line and 22 fields)
> ---------------------
> 192.168.100.20, -, -, N, 13/02/99, 05:28:25, 1, -, -, 195.63.104.45, -, 80, 45054,
>381, 73, http, -, -, http://195.63.104.45/images/logout.gif, -, Cache, 10060
> ---------------------
> Is it possible to work with proxy-files?
> I'd try and try it but nothing goes.
> LOGFORMAT (%v, %u, %j, %j, %j, %d.%m.%y, %h:%n:%j, %j, %j, %j, %S, %j, %j, %j, %b,
>%j, %j, %j, %j, %r, %j, %c,)
>
> has somebody an idea?
>
I'm using analog to analyse MS-Proxy logs. The steps I take are as follows.
1: copy the ms-proxy logs onto a Sun (unix) system where I've got analog.
2: run a script for each of the log files to separate the Internet traffic (INet,
VFInet) from the cached information (Cache, VCache, NVCache, NotModified)
3: replace the entries for the local system with the local host's IP address -
ms-proxy seems to fill in all the information fields with the dash symbol.
4: remove all occurrences of commas in the URLs as these cause corrupt lines - see
other threads on the list.
5: run analog with the following LOGFORMAT lines
LOGFORMAT (%S, %u, -, N, %d/%m/%y, %h:%n:%j, 1, -, -, %f, -, %j, %j, %j, %b, %j, -, -,
%r, -, %j, %j, %j)
LOGFORMAT (%S, %u, -, N, %d/%m/%y, %h:%n:%j, 1, -, -, %f, -, %j, -, %j, %b, %j, -, -,
%r, -, %j, %j, %j)
LOGFORMAT (%S, %u, -, N, %d/%m/%y, %h:%n:%j, 1, -, -, %f, -, %j, %j, -, %b, %j, -, -,
%r, -, %j, %j, %j)
LOGFORMAT (%S, %u, -, N, %d/%m/%y, %h:%n:%j, 1, -, -, %f, -, %j, %j, %j, %b, %j, %j,
-, %r, -, %j, %j, %j)
LOGFORMAT (%S, %u, -, N, %d/%m/%y, %h:%n:%j, 1, -, -, %f, -, %j, -, %j, %b, %j, %j, -,
%r, -, %j, %j, %j)
LOGFORMAT (%S, %u, -, N, %d/%m/%y, %h:%n:%j, 1, -, -, %f, -, %j, %j, -, %b, %j, %j, -,
%r, -, %j, %j, %j)
It took me a while to find out what all the fields were. The MS-Proxy documentation
contains some information about the fields, but not the order in which they
come. The installation documentation mentions you can use MS-proxy with access and
SQLserver, and gives a table definition there. The file contains the following
...
CREATE TABLE MSP_LOG_TABLE (
ClientIP varchar(32),
ClientUserName varchar(32),
ClientAgent varchar(128),
ClientAuthenticate varchar(5),
logTime datetime,
service varchar(12),
servername varchar(32),
referredserver varchar(32),
DestHost varchar(32),
DestHostIP varchar(32),
DestHostPort int,
processingtime int,
bytessent int,
bytesrecvd int,
protocol varchar(8),
transport varchar(8),
operation varchar(8),
uri varchar(255),
mimetype varchar(32),
objectsource varchar(10),
resultcode int,
The Object Source field contains the values that say whether a page has been returned
from Cache or Internet, while the Result Code contains a batch of MS specific
codes as well as the usual HTTP codes. I thought this was causing a lot of my corrupt
lines originally.
I only get a handful of corrupt lines using the above. I'm still not 100% convinced
I've got the total Bytes transferred correct (the totals seem low from a 20Mb
logfile).
Hope this is of help.
Best wishes.
Wallace Nicoll.
-
======================================================================
Wallace Nicoll [EMAIL PROTECTED]
City of Edinburgh Council IT Services,
Chesser House, 500 Gorgie Road, Phone : 0131 469 5343
Edinburgh, EH11 3YJ, Scotland Fax : 0131 469 5335
======================================================================
--------------------------------------------------------------------
This is the analog-help mailing list. To unsubscribe from this
mailing list, send mail to [EMAIL PROTECTED]
with "unsubscribe analog-help" in the main BODY OF THE MESSAGE.
--------------------------------------------------------------------
