Aidan Whitehall wrote: > Below is a log file entry together with it's header. > > #Software: Microsoft Internet Information Services 5.0 > #Version: 1.0 > #Date: 2002-07-29 01:01:03 > #Fields: date time c-ip cs-username s-sitename s-computername s-ip > s-port cs-method cs-uri-stem cs-uri-query sc-status sc-win32-status > sc-bytes cs-bytes time-taken cs-version cs-host cs(User-Agent) > cs(Cookie) cs(Referer) > 2002-07-29 01:01:04 217.37.111.57 - W3SVC1 ServerName ServerIP 80 - - > - 404 2 245 97 0 HTTP/1.0 www - - - > 2002-07-29 01:01:04 217.37.111.57 - W3SVC1 ServerName ServerIP 80 - - > - 404 2 245 97 0 HTTP/1.0 www - - - > 2002-07-29 01:01:04 217.37.111.57 - W3SVC1 ServerName ServerIP 80 - - > - 404 2 245 98 0 HTTP/1.0 www - - -
A couple of points - those entries don't seem to match those headers, as far as I can see. In the header, there's only one field after cs-host, but you've got 3 "- - -". The 2nd point is that "cs-method cs-uri-stem cs-uri-query" is shown here as "- - -". I think you mentioned using IIS. You might want to use the URLscan tool that someone else mentioned on the list - it should prevent such malformed entries getting to your server. Lastly, if you simply want Analog to ignore these entries, just add an additional LOGFORMAT that matches these lines, but doesn't match the real lines that you want. For example: LOGFORMAT (%j %j %j %j %j %j %j %j - - - 404 %j) Aengus +------------------------------------------------------------------------ | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to | http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at | http://www.mail-archive.com/[email protected]/ | http://lists.isite.net/listgate/analog-help/archives/ | http://www.tallylist.com/archives/index.cfm/mlist.7 +------------------------------------------------------------------------
