I have something similar and I don't really understand the LogFormat thing...I thought so but it looks like it's not the case
sys6x:/home/vn# cat /etc/apache/httpd.conf | grep LogFormat
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{forensic-id}n\" %T %v" full
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{forensic-id}n\" %P %T" debug
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{forensic-id}n\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{forensic-id}n\"" forensic
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{forensic-id}n\" %T %v" full
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{forensic-id}n\" %P %T" debug
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{forensic-id}n\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{forensic-id}n\"" forensic
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
when I start analog, here's the output :
sys6x:/home/vn# analog
analog: analog version 5.32/Unix
analog: Warning M: Logfile /var/log/apache/agent.log contains lines with no
file names: page counts may be low
(For help on all errors and warnings, see /usr/share/doc/analog/errors.html)
analog: Warning M: Logfile /var/log/apache/agent.log contains lines with no
bytes: byte counts may be low
analog: Warning M: Logfile /var/log/apache/referer.log contains lines with no
bytes: byte counts may be low
analog: Warning M: Logfile /var/log/apache/access.log contains lines with no
bytes: byte counts may be low
analog: Warning M: Logfile /var/log/apache/referer.log contains lines with no
bytes: byte counts may be low
analog: Warning M: Logfile /var/log/apache/agent.log contains lines with no
bytes: byte counts may be low
analog: Warning L: Large number of corrupt lines in logfile
/var/log/apache/access.log: turn debugging on or try different LOGFORMAT
Current logfile format:
%f -> %r\n
analog: Warning L: Large number of corrupt lines in logfile
/var/log/apache/agent.log: turn debugging on or try different LOGFORMAT
Current logfile format:
%f -> %r\n
analog: Warning R: Turning off empty Redirected Referrer Report
analog: Warning R: Turning off empty Failed Referrer Report
analog: Warning R: Turning off empty Virtual Host Report
analog: Warning R: Turning off empty User Report
analog: Warning R: Turning off empty Internal Search Query Report
analog: Warning R: Turning off empty Internal Search Word Report
analog: Warning R: Turning off empty Processing Time Report
analog: Warning R: In Browser Report, turning off empty pie chart
analog: Warning R: In Browser Summary, turning off empty pie chart
analog: Warning R: In Operating System Report, turning off empty pie chart
analog: analog version 5.32/Unix
analog: Warning M: Logfile /var/log/apache/agent.log contains lines with no
file names: page counts may be low
(For help on all errors and warnings, see /usr/share/doc/analog/errors.html)
analog: Warning M: Logfile /var/log/apache/agent.log contains lines with no
bytes: byte counts may be low
analog: Warning M: Logfile /var/log/apache/referer.log contains lines with no
bytes: byte counts may be low
analog: Warning M: Logfile /var/log/apache/access.log contains lines with no
bytes: byte counts may be low
analog: Warning M: Logfile /var/log/apache/referer.log contains lines with no
bytes: byte counts may be low
analog: Warning M: Logfile /var/log/apache/agent.log contains lines with no
bytes: byte counts may be low
analog: Warning L: Large number of corrupt lines in logfile
/var/log/apache/access.log: turn debugging on or try different LOGFORMAT
Current logfile format:
%f -> %r\n
analog: Warning L: Large number of corrupt lines in logfile
/var/log/apache/agent.log: turn debugging on or try different LOGFORMAT
Current logfile format:
%f -> %r\n
analog: Warning R: Turning off empty Redirected Referrer Report
analog: Warning R: Turning off empty Failed Referrer Report
analog: Warning R: Turning off empty Virtual Host Report
analog: Warning R: Turning off empty User Report
analog: Warning R: Turning off empty Internal Search Query Report
analog: Warning R: Turning off empty Internal Search Word Report
analog: Warning R: Turning off empty Processing Time Report
analog: Warning R: In Browser Report, turning off empty pie chart
analog: Warning R: In Browser Summary, turning off empty pie chart
analog: Warning R: In Operating System Report, turning off empty pie chart
And the result is that I don't get some stats...here is my analog.cfg beginnings
HOSTNAME "vn's webpage"
HOSTURL http://www.spyd.info/
REFALIAS http://24.203.104.184:225/* http://sys6x.sytes.net/*
REFALIAS http://vn.myftp.org:225/*
http://sys6x.sytes.net/*
#REFREPEXCLUDE http://sys6x.sytes.net/*
#REFSITEEXCLUDE http://sys6x.sytes.net/
GENERAL ON
MONTHLY ON
DAILYSUM ON
DAILYSUM ON
DAILYREP ON
HOURLYSUM ON
HOST ON
REDIRHOST ON
FAILHOST ON
ORGANISATION ON
DOMAIN ON
REQUEST ON
PROCTIME ON
REDIR ON
FAILURE ON
REFERRER ON
REFSITE ON
SEARCHQUERY ON
SEARCHWORD ON
INTSEARCHQUERY ON
INTSEARCHWORD ON
INTSEARCHQUERY ON
INTSEARCHWORD ON
REDIRREF ON
FAILREF ON
BROWSERREP ON
BROWSERSUM ON
OSREP ON
VHOST ON
USER ON
STATUS ON
# Lines starting with # are comments.
#
# There is a much more extensive configuration file in examples/big.cfg
#
# If you need a LOGFORMAT command (most people don't -- try it without first!),
# it must go here, above the LOGFILE commands.
APACHELOGFORMAT (%h %l %u %t \"%r\" %>s %b)
LOGFILE /var/log/apache/access.log
APACHELOGFORMAT (%{User-agent}i)
LOGFILE /var/log/apache/agent.log
APACHELOGFORMAT (%{Referer}i -> %U)
LOGFILE /var/log/apache/referer.log
I hope you have all the infos...thanks
Oh, also, I run this :
sys6x:/home/vn# apache -v
Server version: Apache/1.3.33 (Debian GNU/Linux)
Server built: Sep 6 2005 13:10:30
(Debian Sarge)
2006/2/7, dotnet works <[EMAIL PROTECTED]>:
Thanks Aengus,
sorted now :-)
Best wishes,
Chris
----- Original Message -----
From: "Aengus" <[EMAIL PROTECTED]>
To: "Support for analog web log analyzer" <[email protected] >
Sent: Tuesday, February 07, 2006 3:44 PM
Subject: Re: [analog-help] Log format
> On Tuesday, February 07, 2006 10:01 AM [EDT],
> dotnet works < [EMAIL PROTECTED]> wrote:
>
>> Hi,
>>
>> I have a logfile that is processsable by Mach5 Analyzer but will not
>> work with Analog, I have tried various logformat commands as it is
>> unable to auto detect the format but can't seem to get it right,
>> below are some sample lines:
>>
>> 154.5.92.181 - - [02/Jan/2006:00:49:04 +0100] "GET /uk/av/back2.jpg
>> HTTP/1.1" 200 526 www.friouk.biz
>> "http://www.friouk.biz/uk/contact.php" "Mozilla/4.0 (compatible; MSIE
>> 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)" "-"
>>
>> I have tried the following format commands:
>>
>> LOGFORMAT %S %j %j [%d/%M/%Y:%h:%n:%j] "%j%w%r%wHTTP%j" %c %b\n
>
> What about all the stuff after %b in the sample lines you provided?
>
> www.friouk.biz "http://www ... CLR 1.0.3705)" "-"
> doesn't look like \n to me.
>
> LOGFORMAT (%S %j %j [%d/%M/%Y:%h:%n:%j] "%j%w%r%wHTTP%j" %c %b %j)
> would work, but it discards some of the information in your logfile.
>
>> LOGFORMAT %S %j %j [%d/%M/%Y:%h:%n:%j] %v "%j%w%r%wHTTP%j" %c %b\n
>
> None of your sample lines have a Virtual host (%v) between the timestamp
> and
> the request.
>
> A more complete LOGFORMAT would be:
> LOGFORMAT (%S %j %j [%d/%M/%Y:%h:%n:%j] "%j%w%r%wHTTP%j" %c %b %v "%f" %B"
> %j)
>
> (I don't know what the last field might be).
>
> Aengus
>
>
>
>
>
> +------------------------------------------------------------------------
> | TO UNSUBSCRIBE from this list:
> | http://lists.meer.net/mailman/listinfo/analog-help
> |
> | Analog Documentation: http://analog.cx/docs/Readme.html
> | List archives: http://www.analog.cx/docs/mailing.html#listarchives
> | Usenet version: news://news.gmane.org/gmane.comp.web.analog.general
> +------------------------------------------------------------------------
+------------------------------------------------------------------------
| TO UNSUBSCRIBE from this list:
| http://lists.meer.net/mailman/listinfo/analog-help
|
| Analog Documentation: http://analog.cx/docs/Readme.html
| List archives: http://www.analog.cx/docs/mailing.html#listarchives
| Usenet version: news://news.gmane.org/gmane.comp.web.analog.general
+------------------------------------------------------------------------
+------------------------------------------------------------------------ | TO UNSUBSCRIBE from this list: | http://lists.meer.net/mailman/listinfo/analog-help | | Analog Documentation: http://analog.cx/docs/Readme.html | List archives: http://www.analog.cx/docs/mailing.html#listarchives | Usenet version: news://news.gmane.org/gmane.comp.web.analog.general +------------------------------------------------------------------------
