>> It's only "%...{format}t" that it doesn't understand. (+ documentation)
Fantastic- clearer docs wouldn't hurt, although after re-reading it
again it's actually pretty clear to me. It would still be good for people
(perhaps like myself) who have only a "good enough" understanding of the
apache logformat to begin with.
Along those same lines, I actually tried using it before I ever wrote
to the list. (I'm smarter than *that*) It failed, but not for the reasons
I thought- your response helped me pin that down. The whole problem I was
having all this time was the relation between LOGFORMAT and LOGFILE.
This has been done to death of course, but I've been reading over the
docs and am still not 100% certain I have a good handle on things. Looking
over the list archives this seems to be pretty common. So, let me see give
an example of how I figured out what was happening. Maybe someone with
more knowledge can correct any misunderstandings I may have.
Assume the following- for brevity I've included only relevant info. I
apologize about the length of this message, but that's the way I write-
some things can't be simplified to a one-liner.
I have a custom logformat in apache.conf. It's basically NCSA combined,
but with the virtual host name substituted for the identd lookup field.
> LogFormat "%h %v %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\""
Correspondingly, in analog's default.cfg I have the following:
> APACHELOGFORMAT (%h %v %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\")
> LOGFILE access_log
I can supply example log file lines of this format, but they're way too
long to post effectively via email so I'll skip that unless it's needed.
Trust Apache to do things right- they usually do, so don't blame them
except as a last resort. :)
So, here's the step-by-step (read $: as a generic unix prompt) a single
invocation of analog, followed by the debug/warn responses related to
this issue.
$: analog /logdir/access_log
F: Detect that it's in NCSA combined format
Hm, but remember that the log file is NOT NCSA combined format. Analog
blew it! Well, not really- what it did was fail to understand that when I
said "/logdir/access_log" it should use the same format as "access_log" -
so it made a really good guess about the combined format. Still, no
virtual host report will be possible if this can't be corrected.
This isn't really a problem with Analog- it's just that what I am
telling it to do, and what I want/expect it to do are two different
things. You can look at this as a failure of either- and deciding which
would raise philosophical questions inappropriate to the discussion. :)
It's easier for me to correct a problem with my understanding though.
OK, now I'll try something completely different
$: cd /logdir; analog access_log
And it works just fine! Eureka, we've found the answer- although it's
ugly and inconvenient in a lot of ways. (especially if you have a
situation like mine where you have a lot of different log files on the
same machine and need to run analog against them regularly)
With creative scripting, this can easily be worked around using
customized cfg files for each site. But even that is completely
unnecessary- there are several ways to creatively fix this situation- the
easiest/best I have found is this:
set the LOGFORMAT in default.cfg to "stdin" and execute analog as:
$: cat /logdir/whatever /tmp/whatever.log | analog
So, why do we even have this logformat/logfile association? The key (I
believe) is in the optional third argument to the LOGFILE config- allowing
you to force a hostname to be associated with that file. That means I can
run one "big" analog process to analyse all the domains on a system, each
with their own log files, each in a custom format- in fact, each with
several custom formats- and get a big virtual host report.
It also means that Analog doesn't have to decide for each line in a log
file exactly what format it should use. (a HUGE speed benefit I am sure)
Still, a "default" or "forced" format would be nice- thus allowing
LOGFORMAT w/o a LOGFILE directive. Or maybe a way to specify wildcards in
the LOGFILE directive? (LOGFILE /logs/vhosts/*/log) Maybe there are
reasons not to do this, or better ways using existing commands.
Hopefully my examples/ideas help someone out- even if it's just me. :)
-=Jim=-
------------------------------------------------------------------------
This is the analog-help mailing list. To unsubscribe from this
mailing list, send mail to [EMAIL PROTECTED]
with "unsubscribe analog-help" in the main BODY OF THE MESSAGE.
List archived at http://www.mail-archive.com/[email protected]/
------------------------------------------------------------------------
