Can Analog be configured to ignore the IPv6 like records ( ::1 - - [26/Feb/2009:11:13:58 +0200] "GET /" 400 991) in the access_log file?
TIA Nanu >>> Aengus<analo...@eircom.net> 26/02/2009 14:26:41 >>> On 2/26/2009 6:53 AM, Nanu Kalmanovitz wrote: > > 192.168.254.254 - - [26/Feb/2009:11:13:45 +0200] "GET /req.png HTTP/1.0" 304 > - "http://www.kalmanovitz.co.il/Analog_Report.html"; "Mozilla/5.0 (X11; U; > Linux i686; en-US; rv:1.8.1.18) Gecko/20081031 SUSE/2.0.0.18-0.2.1 > Firefox/2.0.0.18" > ::1 - - [26/Feb/2009:11:13:57 +0200] "GET /" 400 991 > ::1 - - [26/Feb/2009:11:13:58 +0200] "GET /" 400 991 > ::1 - - [26/Feb/2009:11:13:59 +0200] "GET /" 400 991 > ::1 - - [26/Feb/2009:11:14:00 +0200] "GET /" 400 991 > 38.99.13.125 - - [26/Feb/2009:11:14:45 +0200] "GET > /k_comm/Israel/English/Maps/Rezervations/EinHemed33/obj/pages/P7270096_jpg.htm > HTTP/1.0" 200 2299 "-" "Mozilla/5.0 (Twiceler-0.9 > http://www.cuil.com/twiceler/robot.html)" > > They said: > > ... this is not a second logformat, it is the HTTP status response is 400 > "bad request" > request, but rather a port scan, or something similar. > That is why the data about the request is not logged - because there was no > HTTP data available, since it wasn't an HTTP request. > That will happen every time someone connects to port 80 on the server via > something else than HTTP protocol... That sounds like nonsense to me. If they're not being logged by the HTTP engine, thy shouldn't be in the GTTP access log, and if they are being logged by the HTTP engine, they should be logged in the correct format. How do you make a request to an IP port without an IP address anyway? (Are you sure that it's not an IPv6 request that your web server is getting confused about?) > Is it any possibility to configure Analog to interpret the above in a right > way? You can write a LOGFORMAT to match those strings: LOGFORMAT (%j[%d/%M/%Y:%h:%n:%j] "%j %r" %c %b) http://analog.cx/docs/logfmt.html But you don't want to add those requests to your current Analog report. If you do create a new report to count these lines, you'll need to look at the Failure Reports, because the Response code is 400. Aengus +------------------------------------------------------------------------ | TO UNSUBSCRIBE from this list: | http://lists.meer.net/mailman/listinfo/analog-help | | Analog Documentation: http://analog.cx/docs/Readme.html | List archives: http://www.analog.cx/docs/mailing.html#listarchives | Usenet version: news://news.gmane.org/gmane.comp.web.analog.general +------------------------------------------------------------------------ +------------------------------------------------------------------------ | TO UNSUBSCRIBE from this list: | http://lists.meer.net/mailman/listinfo/analog-help | | Analog Documentation: http://analog.cx/docs/Readme.html | List archives: http://www.analog.cx/docs/mailing.html#listarchives | Usenet version: news://news.gmane.org/gmane.comp.web.analog.general +------------------------------------------------------------------------
