What if I want to exclude my own company:
HOSTEXCLUDE *.wadsack-allen.com Then the DNS lookup needs to be done first. Now my opinion is that Analog should apply numeric excluded before DNS lookups and non-numeric ones after, which would take care of this confusion. (But I haven't submitted a patch yet... :-) ) -- Jeremy Wadsack Wadsack-Allen Digital Group Keith Fetterman ([EMAIL PROTECTED]): > Jeremy, > You hit it dead on. That specific IP address was mapped to a host name > in the /etc/hosts file on the server. I commented out the entry in the > hosts file and I found the entry in analog's dnscache file and removed > it. When I re-ran the report, the entry disappeared. > So it looks like analog first translates IP addresses to host names (if > it can) before it filters the log file with HOSTEXCLUDE. Thus, > HOSTEXLUDE didn't work for this IP address since it was already mapped > to a host name. > Is this a possible bug in analog? Shouldn't HOSTEXCLUDE work on IP > addresses even though the IP address can be translated to a host name? > Thanks a lot for your help, > Keith > Jeremy Wadsack wrote: >> Keith Fetterman ([EMAIL PROTECTED]): >> >> >>>I ran into an interesting problem with analog. I have the following >>>parameter in my analog.cfg file to block all requests from internal >>>computers: >>> >> >>>HOSTEXCLUDE 10.0.* >>> >> >>>Shouldn't this statement reject all requests from computers coming from >>>the subnet 10.0.0.0 - 10.0.0.255? >>> >> >>>In general it is working, but I noticed that one and only one computer >>>from this subnet is being included in my User report. The computer has >>>the IP address of 10.0.0.4. >>> >> >>>My User report is based on a cookie that is written as the last field in >>>the access_log. To identify the user, the following parameter is >>>defined in analog.cfg: >>> >> >>>USERALIAS REGEXPI:g2m_user=(.*?); $1 >>> >> >>>I recoginized one of the users in the User report to be from a computer >>>located at IP address 10.0.0.4. >>> >> >>>Why isn't this filtered by the HOSTEXCLUDE? Other computers on the same >>>subnet are being filtered out. >>> >> >>>Any ideas? >>> >> >> Try running a report with no HOSTEXCLUDE but a USEREXCLUDE that >> excludes this user. I bet you'll find that the user is appearing the >> the logs from a different IP number (or from a resolved address that >> is not excluded). >> >> +------------------------------------------------------------------------ | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to | http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at | http://www.mail-archive.com/[email protected]/ | http://lists.isite.net/listgate/analog-help/archives/ | http://www.tallylist.com/archives/index.cfm/mlist.7 +------------------------------------------------------------------------
