Aimee Mandeville <[EMAIL PROTECTED]> wrote: > As suggested I am posting the first few lines of my log file. Any > thoughts as to why I am having trouble with this? > > Thanks, > > Aimee > > > #Software: Microsoft Internet Security and Acceleration Server 2004 > #Version: 2.0 > #Date: 2006-12-08 19:33:18 > #Fields: c-ip cs-username c-agent date time s-computername > cs-referred r-host r-ip r-port time-taken cs-bytes > sc-bytes cs-protocol s-operation cs-uri s-object-source > sc-status rule FilterInfo cs-Network sc-Network > error-info action > 131.128.90.29 anonymous Mozilla/5.0 (Windows; U; Windows NT 5.1; > en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0 2006-12-08 19:33:18 > TORCHEMADA - 64.233.163.19 64.233.163.19 80 344 > 1431 457 http POST > http://64.233.163.19/mail/channel/bind?at=6de0c0a494221a38-10f625451f3&V > ER=2&SID=E89EEE38CCAE9D0D&RID=52656&zx=luvx6iflu6bv&t=1 Inet 200 > Internal to Internet - Internal External 0x780 > Allowed > 68.142.212.171 anonymous Yahoo-MMCrawler/3.x (mms dash mmcrawler > dash support at yahoo dash inc dot com) 2006-12-08 19:33:22 > TORCHEMADA - www.edc.uri.edu 131.128.90.11 80 15 > 240 182 http GET > http://131.128.90.11/riatlas/Town/Maps/small/na_forwet.GIF Inet > 304 www.edc.uri.edu - External - 0x100 Allowed
Analog should be able to interpret that logfile automatically from the #Files: line, but it doesn't work for me, and I can't track down what's causing the problem. I put together a LOGFORMAT that parses the lines you provided: LOGFORMAT (#%j) LOGFORMAT (%S\t%u\t%B\t%Y-%m-%d\t%h:%n:%j\t%j\t%j\t%j\t%j\t%j\t%j\t%j\t%b\t%j\t%j\t%r\t%j\t%c\t%j) The LOGFORMAT (#%j) line tells Analog to skip the # lines at the start of your logfiles. Aengus +------------------------------------------------------------------------ | TO UNSUBSCRIBE from this list: | http://lists.meer.net/mailman/listinfo/analog-help | | Analog Documentation: http://analog.cx/docs/Readme.html | List archives: http://www.analog.cx/docs/mailing.html#listarchives | Usenet version: news://news.gmane.org/gmane.comp.web.analog.general +------------------------------------------------------------------------
