Rob Ruth ([EMAIL PROTECTED]):
> In addition to the public traffic (standard combined logs) on our > servers I run a health check that produces the following entry in the > log: > 192.x.x.x - - [24/Nov/2001:22:05:08 -0800] "GET /index.php" 200 14480 > "-" "-" > I have excluded this host w/ the option "HOSTEXCLUDE 10.0.0.1" in my > analog.cfg file Hmmm.. You say 10.0.0.1 and the line above is 192.x.x.x. I assume that's a transcription error, not really your problem. > but I still get the following error when I run Analog: > /usr/bin/analog: Warning L: Large number of corrupt lines in logfile The line above should parse with the built in auto-detected formats. I have no trouble reading it. If you have some LOGFORMAT commands in your analog.cfg then add this one before any LOGFILE commands: LOGFORMAT COMBINED > In addition, my results page indicates an atrocious amount of > corrupt log entries. Do I still need to add a LOGFORMAT variable for > the 10.0.0.1 entries even though they are excluded? What would the > format for those be? Analog needs to be able to parse a log file line before it can apply an EXCLUDE directive. So yes, you'll need something to make sure it detects it. Alternately, you can just leave it as is, if the only lines it's not parsing are those that contain the item you want to exclude. -- Jeremy Wadsack Wadsack-Allen Digital Group +------------------------------------------------------------------------ | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to | http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at | http://www.mail-archive.com/[email protected]/ | http://lists.isite.net/listgate/analog-help/archives/ | http://www.tallylist.com/archives/index.cfm/mlist.7 +------------------------------------------------------------------------
