Don Jones <[EMAIL PROTECTED]> wrote:
>> I am wrestling with the fact that my logfiles, occasionally, have
>> more than one entry for the x-forwarded-for header.
>>
>> for the following Apache 2.0 LogFormat directive:
>>
>> LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\"
>> \"%{User-Agent}i\"\"%{Cookie}i\" %D" webtrends
>>
>> and given the following Analog LOGFORMAT directive:
>>
>> LOGFORMAT (%S %j %u [%d/%M/%Y:%h:%n:%j] "%j %r %j" %c %b "%f"
>> "%B""%j" %D)
>>
>> (which this board gave to me, thank you again very much)
>>
>> Most of the lines in my logfiles look like this:
>>
>> 10.234.232.167 - - [25/Oct/2008:23:01:10 -0500] "GET ...
>>
>> But over the course of a week, about 1/5 of them (enough to skew the
>> statistics) look like this, or some variation
>>
>> 10.236.188.189, 10.254.246.140 - - [25/Oct/2008:23:00:34 -0500] "GET ..
Analog can cope with multiple LOGFORMATs in a single log file, so just add an
additional entry for decoding the lines with the extra IP addresses.
LOGFORMAT (%S %j %u [%d/%M/%Y:%h:%n:%j] "%j %r %j" %c %b "%f" "%B""%j" %D)
LOGFORMAT (%S, %j %j %u [%d/%M/%Y:%h:%n:%j] "%j %r %j" %c %b "%f" "%B""%j" %D)
or
LOGFORMAT (%S %j %u [%d/%M/%Y:%h:%n:%j] "%j %r %j" %c %b "%f" "%B""%j" %D)
LOGFORMAT (%j, %S %j %u [%d/%M/%Y:%h:%n:%j] "%j %r %j" %c %b "%f" "%B""%j" %D)
Aengus
+------------------------------------------------------------------------
| TO UNSUBSCRIBE from this list:
| http://lists.meer.net/mailman/listinfo/analog-help
|
| Analog Documentation: http://analog.cx/docs/Readme.html
| List archives: http://www.analog.cx/docs/mailing.html#listarchives
| Usenet version: news://news.gmane.org/gmane.comp.web.analog.general
+------------------------------------------------------------------------
