On Monday, February 06, 2006 11:02 PM [EDT], Trevor Johnson <[EMAIL PROTECTED]> wrote:
> Hello > I am attempting to use Analog to get reports from my ISA Proxy logs. > > Analog is reporting the following… > =================================================== > Warning L: Large number of corrupt > lines in logfile C:\stats\logs\WEBEXTD20051223.log: turn debugging > on or try different LOGFORMAT > Current logfile format: > #Fields:<W3 extended format string>\n > #%j\n > > %S%w%j%w%j%w%Y-%m-%d%w%h:%n:%j%w%v%w%j%w%j%w%j%w%j%w%t%w%j%w%b%w%j%w%j%w%r%w %j%w%c\n > > ==================================================== > I have turned on debugging on and this is what I get. > > > F: Opening C:\stats\logs\WEBEXTD20051223.log as logfile > F: Detect that it's in W3 extended format > C: 172.18.17.46 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows > NT 5.1; SV1) 2005-12-23 00:00:06 WAFEDISA - > www1.membersequitybank.com.au - 443 - - - SSL-tunnel - > www1.membersequitybank.com.au:443 Inet 12209 > C: * > > =================================================== > The only problem is I don't understand what this is telling me. It's telling you that the field after what it was told would be the browser string doesn't maker sense, because the #Fields entry tells Analog that the Browser string ends with a space. The next field should be the year, but "(compatible;" isn't a year, so the line is corrupt. This isn't a problem with Analog - your server shouldn't be logging any field that contains spaces without quoting the string, because there is no way to tell where the browser string (that can have multiple spaces in it) really ends if you delineate it by spaces. I can't really suggest a LOGFORMAT, because the examples you gave are so different (The SSL examples end in 12209, 0 and 995, where as the HTTP lines end in HTTP status codes). If you can't find out how to get the server to quote the browsr string, or use something else (like tabs) to seperate the fields, you could try not logging the browser field, nd see if things get a bit more rational. In the meantime, if you post the #Fields: line from your logfile, we might be able to suggest a LOGFORMAT command that might work. Aengus +------------------------------------------------------------------------ | TO UNSUBSCRIBE from this list: | http://lists.meer.net/mailman/listinfo/analog-help | | Analog Documentation: http://analog.cx/docs/Readme.html | List archives: http://www.analog.cx/docs/mailing.html#listarchives | Usenet version: news://news.gmane.org/gmane.comp.web.analog.general +------------------------------------------------------------------------
