Second question on Raptor this week! Thanks for the log excerpt. Looks like
you have the format right, except that the whole thing needs to be in
parentheses. And it looks like you need one more %j on the end, but I'm not
sure if Analog would just say the rest of the string was junk or what.
But the parentheses are what's biting you at the moment. Try that and please
tell us whether it works or not.
Michael
[EMAIL PROTECTED] wrote:
> Is Analog capable of analyzing a log from a firewall named Raptor?.
> The log contents are so much different than Apache logs that
> I'm having a hard time determining what to use for a LOGFORMAT.
> Maybe I'm just trying to do something that Analog was not intended for?
>
> Heres a example of my 50th failed try at a format
> LOGFORMAT %M %d %h:%n:%j %j httpd[%j]: %c %j: duration=%t %j %j rcvd=%b %j
> src=%
> S/%j %j %j %j arg=%r %j %j
>
> I get a error saying there is too many arguments in the config command.
>
> Heres a sample line of data from the log
> May 16 00:00:00.143 xtranet httpd[6110]: 121 Statistics: duration=0.34
> id=ywFFM
> sent=366 rcvd=64 srcif=qfe2 src=257.12.69.451/1237 dstif=le0
> dst=162.152.2.70/80
> op=GET arg=http://www.401k.com/ result="304 Use local copy" proto=http
> rule=9
>
> thanks for any advice
> Larry Theurer SPX Corp
>
> ------------------------------------------------------------------------
> This is the analog-help mailing list. To unsubscribe from this
> mailing list, send mail to [EMAIL PROTECTED]
> with "unsubscribe" in the main BODY OF THE MESSAGE.
> List archived at http://www.mail-archive.com/[email protected]/
> ------------------------------------------------------------------------
------------------------------------------------------------------------
This is the analog-help mailing list. To unsubscribe from this
mailing list, send mail to [EMAIL PROTECTED]
with "unsubscribe" in the main BODY OF THE MESSAGE.
List archived at http://www.mail-archive.com/[email protected]/
------------------------------------------------------------------------
