Package: logwatch
Version: 5.2.2-3
Severity: normal
Tags: patch
Hi
I'm using combined log format for apache:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"
\"%{forensic-id}n\"" combined
I think it was default format for apache and I didn't changed it.
Logwatch has regexp that doesn't look for forensic and because of that
it matches wrongly (http_rec and bytes_transferred)
log_fields = client_ip, ident, userid, timestamp, request, http_rc,
+bytes_transfered, referrer, agent
log_format = space, space, space, brace, quote, space, space, quote,
quote
RE pattern =
+(.*)\s(.*)\s(.*)\s\[(.*)\]\s\"(.*)\"\s(.*)\s(.*)\s\"(.*)\"\s\"(.*)\"
Line = 217.67.200.132 - - [31/Jan/2005:00:00:04 +0100] "GET
/%7Epiotr/la.xml
+HTTP/1.0" 200 205 "-" "Wget/1.8.1" "-"
0 client_ip 217.67.200.132
1 ident -
2 userid -
3 timestamp 31/Jan/2005:00:00:04 +0100
4 request GET /%7Epiotr/la.xml HTTP/1.0
5 http_rc 200 205
6 bytes_transfered "-"
7 referrer Wget/1.8.1
8 agent -
Because of that it doesn't count file size and also doesn't show robots:
0.00 MB transfered in 124 responses (1xx 0, 2xx 119, 3xx 4, 4xx 1, 5xx 0)
17 Images (0.00 MB),
48 Documents (0.00 MB),
57 Content pages (0.00 MB),
2 Program source files (0.00 MB),
A total of 1 ROBOTS were logged
- 6 time(s)
After changing a little /etc/logwatch/conf/services/http.conf it works well:
log_fields = client_ip, ident, userid, timestamp, request, http_rc,
+bytes_transfered, referrer, agent, forensic
log_format = space, space, space, brace, quote, space, space, quote, quote,
+quote
RE pattern =
+(.*)\s(.*)\s(.*)\s\[(.*)\]\s\"(.*)\"\s(.*)\s(.*)\s\"(.*)\"\s\"(.*)\"\s\"(.*)\"
Line = 217.67.200.132 - - [31/Jan/2005:00:00:04 +0100] "GET /%7Epiotr/la.xml
+HTTP/1.0" 200 205 "-" "Wget/1.8.1" "-"
0 client_ip 217.67.200.132
1 ident -
2 userid -
3 timestamp 31/Jan/2005:00:00:04 +0100
4 request GET /%7Epiotr/la.xml HTTP/1.0
5 http_rc 200
6 bytes_transfered 205
7 referrer -
8 agent Wget/1.8.1
9 forensic -
1.07 MB transfered in 124 responses (1xx 0, 2xx 119, 3xx 4, 4xx 1, 5xx 0)
17 Images (0.13 MB),
48 Documents (0.01 MB),
57 Content pages (0.93 MB),
2 Program source files (0.00 MB),
A total of 4 ROBOTS were logged
Mozilla/4.0 compatible ZyBorg/1.0 ([EMAIL PROTECTED];
+http://www.WISEnutbot.com) 1 time(s)
SurveyBot/2.3 (Whois Source) 1 time(s)
Googlebot/2.1 (+http://www.google.com/bot.html) 3 time(s)
IRLbot/1.0 (+http://irl.cs.tamu.edu/crawler) 1 time(s)
The patch for http.conf is attached.
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (990, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.29-rc1
Locale: LANG=C, LC_CTYPE=pl_PL (charmap=ISO-8859-2)
Versions of packages logwatch depends on:
ii mailx 1:8.1.2-0.20040524cvs-4 A simple mail user agent
ii perl 5.8.4-5 Larry Wall's Practical Extraction
-- no debconf information
--- http.conf.org 2005-02-01 08:41:37.000000000 +0100
+++ http.conf 2005-02-01 08:42:41.000000000 +0100
@@ -16,8 +16,8 @@
# bytes_transfered
# agent
#
-$HTTP_FIELDS = "client_ip ident userid timestamp request http_rc
bytes_transfered referrer agent"
-$HTTP_FORMAT = "space space space brace quote space space
quote quote"
+$HTTP_FIELDS = "client_ip ident userid timestamp request http_rc
bytes_transfered referrer agent forensic"
+$HTTP_FORMAT = "space space space brace quote space space
quote quote quote "
# Define the field formats
#
# the only currently supported formats are:
