RE: [analog-help] LOGFORMAT

Fri, 15 Apr 2005 06:46:09 -0700 

Dear Aengus

Thank you for your advice .

I try to analyze using 2 logformats as follows:

LOGFORMAT %j,%d%M%Y,%h:%n:%j,%j,%j,%j,%j,%j,%j,%j,%j,%s,%u,%j,%j,%r,%j)
LOGFORMAT
%j,%d%M%Y,%h:%n:%j,%j,%j,%j,%j,%j,%j,%j,%j,%s,%u,%j,%j,%j,%j,%j,%j,%r,%j)

I appreciate your help .
Thanks and best regards
Okada


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Aengus
Sent: Friday, April 15, 2005 5:51 PM
To: Support for analog web log analyzer
Subject: Re: [analog-help] LOGFORMAT

On Friday, April 15, 2005 6:28 AM [GMT],
(DIR-Systec) <[EMAIL PROTECTED]> wrote:

> I am working under Linux OS. I have firewall log file .In the analog
> configuration file “analog.cfg” ,
> I defined 2 LOGFORMATs in the config file as follows :
>
>
LOGFORMAT="(%j,%d%M%Y,%h:%n:%j,%j,%j,%j,%j,%j,%j,%j,%j,%s,%u,%j,%j,%r,%j
)"
>
LOGFORMAT="(%j,%d%M%Y,%h:%n:%j,%j,%j,%j,%j,%j,%j,%j,%j,%s,%u,%j,%j,%j,%j
,%j,
> %j,%r,%j)"
>
> Analog tries to analyze each line in the firewall log file using the
> first logformat ,
> However analog doesn’t tries to analyze each line using the second
> logformat .
>
> Could you please tell me how to analyze each line using 2 logformats ?

if those lines are from your Analog.cfg, then Analog is throwing an
"Unknown configuration command" error message, and just using a default
logformat.
analog.exe: Warning C: Unknown configuration command: ignoring it:
  LOGFORMAT="(%S - -
  (For help on all errors and warnings, see docs/errors.html)

http://analog.cx/docs/logfmt.html
LOGFORMAT %j,%d%M%Y,%h:%n:%j,%j,%j,%j,%j,%j,%j,%j,%j,%s,%u,%j,%j,%r,%j)
LOGFORMAT
%j,%d%M%Y,%h:%n:%j,%j,%j,%j,%j,%j,%j,%j,%j,%s,%u,%j,%j,%j,%j,%j,%j,%r,%j
)

Aengus

+------------------------------------------------------------------------
|  TO UNSUBSCRIBE from this list:
|    http://lists.meer.net/mailman/listinfo/analog-help
|
|  Usenet version: news://news.gmane.org/gmane.comp.web.analog.general
|  List archives:  http://www.analog.cx/docs/mailing.html#listarchives
+------------------------------------------------------------------------

+------------------------------------------------------------------------
|  TO UNSUBSCRIBE from this list:
|    http://lists.meer.net/mailman/listinfo/analog-help
|
|  Usenet version: news://news.gmane.org/gmane.comp.web.analog.general
|  List archives:  http://www.analog.cx/docs/mailing.html#listarchives
+------------------------------------------------------------------------

Reply via email to