[analog-help] corrupt files

Tue, 31 Jul 2007 04:37:49 -0700 

Thanks for the clarification on that.  Do you have any thoughts as to
why Analog is having difficulty parsing these lines?  I've attached a
sample of the CORRUPT lines.

The log file I am analyzing has 69,989 lines and 65,634 of them are
corrupt.

 

I am using the following format:

 

LOGFORMAT (#%j)

LOGFORMAT
(%S\t%u\t%B\t%Y-%m-%d\t%h:%n:%j\t%j\t%j\t%j\t%j\t%j\t%j\t%j\t%b\t%j\t%j\
t%r\t%j\t%c\twww.usawaterquality.org\t%j)

 

Thanks for the help,

 

Aimee

 


#Software: Microsoft Internet Security and Acceleration Server 2004
#Version: 2.0
#Date: 2007-07-02 00:00:24
#Fields: c-ip   cs-username     c-agent date    time    s-computername  
cs-referred     r-host  r-ip    r-port  time-taken      cs-bytes        
sc-bytes        cs-protocol     s-operation     cs-uri  s-object-source 
sc-status       rule    FilterInfo      cs-Network      sc-Network      
error-info      action
74.6.22.228     anonymous       Mozilla/5.0 (compatible; Yahoo! Slurp; 
http://help.yahoo.com/help/us/ysearch/slurp)     2007-07-02      00:00:24       
 TORCHEMADA      -       www.edc.uri.edu 131.128.90.11   80      78      257    
 182     http    GET     http://131.128.90.11/riatlas/town/Warwick.html  Inet   
 304     www.edc.uri.edu -       External        -       0x0     Allowed
74.6.73.226     anonymous       Mozilla/5.0 (compatible; Yahoo! Slurp; 
http://help.yahoo.com/help/us/ysearch/slurp)     2007-07-02      00:00:24       
 TORCHEMADA      -       www.edc.uri.edu 131.128.90.11   80      15      267    
 183     http    GET     
http://131.128.90.11/aerialse/aerial1981/images/1409.sid        Inet    304     
www.edc.uri.edu -       External        -       0x0     Allowed
74.6.67.202     anonymous       Mozilla/5.0 (compatible; Yahoo! Slurp; 
http://help.yahoo.com/help/us/ysearch/slurp)     2007-07-02      00:00:28       
 TORCHEMADA      -       www.edc.uri.edu 131.128.90.11   80      31      271    
 182     http    GET     
http://131.128.90.11/aerialse/aerial1992/92Smrsid/5-1106.sid    Inet    304     
www.edc.uri.edu -       External        -       0x100   Allowed

+------------------------------------------------------------------------
|  TO UNSUBSCRIBE from this list:
|    http://lists.meer.net/mailman/listinfo/analog-help
|
|  Analog Documentation: http://analog.cx/docs/Readme.html
|  List archives:  http://www.analog.cx/docs/mailing.html#listarchives
|  Usenet version: news://news.gmane.org/gmane.comp.web.analog.general
+------------------------------------------------------------------------

Reply via email to