I need some help with monitoring this one url that shows up with
multiple parameters in the request section.
For example I need to monitor www.abc.com/case/book/buy
The thing is that the url shows up in the logs in multiple formats like
www.a.com - - [01/Jan/2001:00:10:11 -0700] "GET /case/book/buy
HTTP/1.0" 200 11111
www.me.com - - [01/Jan/2001:00:10:11 -0700] "GET /case/book/buy?this=1234
HTTP/1.0" 200 11111
www.him.com - - [01/Jan/2001:00:10:11 -0700] "GET /case/book/buy?here=ABCD
HTTP/1.0" 200 11111
www.her.com - - [01/Jan/2001:00:14:11 -0700] "GET /case/book/buy?hey=SKDSKLDSKDS
HTTP/1.0" 200 11111
etc.
I tried using this
REQINCLUDE /case/book/buy*
REQINCLUDE *cas*
REQINCLUDE *book*
REQINCLUDE */case/book/buy*
REQINCLUDE */case/book/buy?*
PAGEINCLUDE */
This does not work I end up getting a bunch of requests in my report like
/case/book/buy.rm
/this_book
etc.
I tried putting this in along with everything above
FILEINCLUDE /case/book/buy*
Then it complains of this and produces an empty log file.
/usr/bin/analog: analog version 4.16/Unix
/usr/bin/analog: Warning R: Turning off empty time reports
(For help on all errors and warnings, see docs/errors.html)
/usr/bin/analog: Warning R: Turning off empty Request Report
/usr/bin/analog: Warning R: Turning off empty File Type Report
/usr/bin/analog: Warning R: Turning off empty Directory Report
/usr/bin/analog: Warning R: Turning off empty Domain Report
/usr/bin/analog: Warning R: Turning off empty Organisation Report
/usr/bin/analog: Warning R: Turning off empty Search Word Report
/usr/bin/analog: Warning R: Turning off empty Operating System Report
/usr/bin/analog: Warning R: Turning off empty File Size Report
/usr/bin/analog: Warning R: Turning off empty Status Code Report
Any help would be appreciated.
Free, encrypted, secure Web-based email at www.hushmail.com
