Analog will not calculate both down- and up-load traffic. You can only configure it to do one or the other.
A possible solution is to pre-process the log file with a script that reads both fields and combines them into one (or a new one). In general, log files are not the most effective way to measure bandwidth, because they don't include request and header volume. Something like MRTG can be configured to give a more accurate report (although getting it to split an interface for each virtual host is a challenge). -- Jeremy Wadsack Wadsack-Allen Digital Group Adrianna Pinska <[EMAIL PROTECTED]> (Tuesday, November 04, 2003 7:15 AM): > Hello, > I am trying to use Analog to calculate total traffic per user, from IIS > 5.0 FTP logs. I'm using Analog v 5.91 beta on Windows 2000 professional. > The header of the log file looks like this: > #Fields: date time c-ip cs-username s-sitename s-computername s-ip > s-port cs-method cs-uri-stem cs-uri-query sc-status sc-bytes cs-bytes > time-taken cs-version cs-host cs(User-Agent) cs(Cookie) cs(Referer) > Here are a few representative lines from the file: > 2003-10-18 06:04:17 196.25.19.251 rhodesia MSFTPSVC1 IDEOSPHERE01 > 196.36.153.48 21 [514]USER rhodesia - 331 0 0 0 FTP - - - - > 2003-10-18 08:51:29 196.3.242.158 Xanovia MSFTPSVC1 IDEOSPHERE01 > 196.36.153.48 21 [523]sent /Xanovia/Template.ascx - 226 1630 0 350 FTP - > - - - > What I want from Analog is just a user report. > Now, when I run Analog on the file with no LOGFORMAT specified, > everything is fine except that Analog ignores the sc-bytes and only > takes the cs-bytes into account. I want to see the total traffic, so I > want the sc-bytes and cs-bytes to be added. > I began to experiment with specifying a LOGFORMAT. I discovered that > Analog would reject a LOGFORMAT with two instances of %b. so I wanted > to see if I could get Analog to read just the sc-bytes or just the > cs-bytes, one at a time, planning to combine them in some form later. > Here are the LOGFORMATs I tried: > LOGFORMAT (%Y-%m-%d %h:%n:%j %s %u %j %j %j %j [%j]%j %r - %C %b %j %t > FTP - - - -) > (for just the sc-bytes) > LOGFORMAT (%Y-%m-%d %h:%n:%j %s %u %j %j %j %j [%j]%j %r - %C %b %j %t > FTP - - - -) > (for just the cs-bytes). > As far as I can see, both of these should work - but if I try either, > Analog doesn't recognise the code (%C), and thinks there were no > successful requests, and so I get no results. > I have checked that what I think are spaces are spaces and not tabs, and > I have tried replacing all the spaces in the LOGFORMAT with %w, with no luck > I have spent hours looking for a solution to this problem on the web, > but I've come up with nothing. Can anyone help? I have heard lots of > people mention that they use Analog for FTP log analysis, so I assume > there must be a way to get this to work. > Thank you for your time, > Adrianna Pinska > Ideosphere +------------------------------------------------------------------------ | TO UNSUBSCRIBE from this list: | http://lists.isite.net/listgate/analog-help/unsubscribe.html | | Digest version: http://lists.isite.net/listgate/analog-help-digest/ | Usenet version: news://news.gmane.org/gmane.comp.web.analog.general | List archives: http://www.analog.cx/docs/mailing.html#listarchives +------------------------------------------------------------------------
