RE: [analog-help] Req report contains req for other sites
thanks Here are the lines from my logfile 64.0.144.15 - - [27/Oct/2002:19:10:27 +051800] GET http://www.intel.com/ HTTP/1.1 200 8779 - Mozilla/4.0 (compatible; MSIE 4.01; Windows 95) 202.88.144.103 - - [27/Oct/2002:23:16:17 +051800] GET http://www.yahoo.com HTTP/1.1 200 8779 - ProxyHunter 64.0.144.15 - - [28/Oct/2002:03:50:30 +051800] GET http://www.intel.com/ HTTP/1.1 200 8779 - Mozilla/4.0 (compatible; MSIE 4.01; Windows 95) regards Shishir Singhai -Original Message- From: [EMAIL PROTECTED] [mailto:owner-analog-help;lists.isite.net]On Behalf Of Aengus Sent: Thursday, October 31, 2002 4:14 PM To: [EMAIL PROTECTED] Subject: Re: [analog-help] Req report contains req for other sites Shishir Singhai [EMAIL PROTECTED] wrote: My file request report contains request for other sites (red ones) what does this means??? It means that your LOGFORMAT doesn't match your logfile, and Analog is not interpreting the data in your logfiles properly. Post 2 lines from your logfile, (preferably one of which should include http://yahoo.com or http://www.intel.com) and any LOGFORMAT line you currently have. Aengus + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 + + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] Req report contains req for other sites
Shishir Singhai [EMAIL PROTECTED] wrote: Here are the lines from my logfile 64.0.144.15 - - [27/Oct/2002:19:10:27 +051800] GET http://www.intel.com/ HTTP/1.1 200 8779 - Mozilla/4.0 (compatible; MSIE 4.01; Windows 95) 202.88.144.103 - - [27/Oct/2002:23:16:17 +051800] GET http://www.yahoo.com HTTP/1.1 200 8779 - ProxyHunter 64.0.144.15 - - [28/Oct/2002:03:50:30 +051800] GET http://www.intel.com/ HTTP/1.1 200 8779 - Mozilla/4.0 (compatible; MSIE 4.01; Windows 95) Is this a proxy server log file? (It doesn't look like one). But they're not valid URL requests on any web server I've ever used. What web server are you running? If it's Apache, I think your LogFormat command in the httpd.conf file may be messed up. Aengus + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
[analog-help] read log files from tar.gz
Hello everybody !! I m using analog-5.23-2 on redhat 7.0. Since last 6 months i m using analog everything's working perfectly now i have realised that the log files have reached to more than 100 mb each. I have virtual domains on the system so i m creating different log files for all different domains. My question, Is it possible to zip my old files keep in the same folder were my other log files are kept ? if yes than i did tried zipping my old files kept it in log folder were the path is setted to but i m not getting records of previous months. The files are zipped in filename.tar.gz format. Please help me out for the solution if i can make analog config files read from tar.gz files if yes than what settings i will have to change in cfg files of the virtual domains. I hope i get help on this so that i can save my disk space :) Thanking in advance. -- Pratik System Admin Ultrainfotech. - This mail sent through http://mail.vadodaramail.net/ + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] Can Request Report show ips of all requesters?
Rich DeFuria [EMAIL PROTECTED] wrote: I have customized analog to do everything I need save for one thing: Can I configure analog to report on the ip addresses requesting the files in the Request Report? If a file has been requested 1,000 times do you want 1,000 IP addresses listed against it? http://www.analog.cx/docs/faq.html#faq128 You can always generate a full report for a single file by using FILEINCLUDE filename. The Host Report in this case will just list the Hosts that requested that file. But you can only report on a single file at a time. Aengus + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] Req report contains req for other sites
On Fri, 1 Nov 2002, Aengus wrote: Shishir Singhai [EMAIL PROTECTED] wrote: Here are the lines from my logfile 64.0.144.15 - - [27/Oct/2002:19:10:27 +051800] GET http://www.intel.com/ HTTP/1.1 200 8779 - Mozilla/4.0 (compatible; MSIE 4.01; Windows 95) 202.88.144.103 - - [27/Oct/2002:23:16:17 +051800] GET http://www.yahoo.com HTTP/1.1 200 8779 - ProxyHunter 64.0.144.15 - - [28/Oct/2002:03:50:30 +051800] GET http://www.intel.com/ HTTP/1.1 200 8779 - Mozilla/4.0 (compatible; MSIE 4.01; Windows 95) Is this a proxy server log file? (It doesn't look like one). But they're not valid URL requests on any web server I've ever used. What web server are you running? If it's Apache, I think your LogFormat command in the httpd.conf file may be messed up. Could be, but it's more likely that mod_proxy is enabled, allowing this server to act as a proxy server. In that case, you should turn it off (or restrict access to trusted users, if you meant for it to be a proxy server). You really don't want your computer fielding requests from random people to other servers. By the way, does anyone know whether some versions of Apache, or some Linux distros or something, ship with mod_proxy enabled? I see this question a lot on comp.infosystems.www.servers.* . -- Stephen Turner, Cambridge, UKhttp://homepage.ntlworld.com/adelie/stephen/ Reserve your 2 hour delivery time, which means you'll see the same special offers as you would instore - Sainsbury's internet shopping instructions + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] how can you display the seconds in the request report?
On Thu, 31 Oct 2002, Cesar Martin wrote: In that case I will post my request for a next version with the seconds on it. I mean, users jump from a page to other in seconds... and that's an information you must have to understand what's going on. I disagree. The time column shows the last time that the file was requested by anyone. It's almost useless to know this to the nearest second, unless you only had one user visiting your site. -- Stephen Turner, Cambridge, UKhttp://homepage.ntlworld.com/adelie/stephen/ Reserve your 2 hour delivery time, which means you'll see the same special offers as you would instore - Sainsbury's internet shopping instructions + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] read log files from tar.gz
On Fri, 1 Nov 2002 [EMAIL PROTECTED] wrote: Hello everybody !! I m using analog-5.23-2 on redhat 7.0. Since last 6 months i m using analog everything's working perfectly now i have realised that the log files have reached to more than 100 mb each. I have virtual domains on the system so i m creating different log files for all different domains. My question, Is it possible to zip my old files keep in the same folder were my other log files are kept ? if yes than i did tried zipping my old files kept it in log folder were the path is setted to but i m not getting records of previous months. The files are zipped in filename.tar.gz format. Please help me out for the solution if i can make analog config files read from tar.gz files if yes than what settings i will have to change in cfg files of the virtual domains. I hope i get help on this so that i can save my disk space :) Yes, but you have to give an UNCOMPRESS command to tell analog how to read them. If you're using GNU tar, I think this should do: UNCOMPRESS *.tar.gz tar zxOf By the way, you may find it easier just to gzip each file separately, not put them all in one big tar. You won't get much more compression from tarring them as well. -- Stephen Turner, Cambridge, UKhttp://homepage.ntlworld.com/adelie/stephen/ Reserve your 2 hour delivery time, which means you'll see the same special offers as you would instore - Sainsbury's internet shopping instructions + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] Help running Analog for the first time, Linux
On Thu, 31 Oct 2002, Jeremy Wadsack wrote: Rick Root ([EMAIL PROTECTED]; Thursday, October 31, 2002 10:19 AM): I just installed the latest version of Analog on my RedHat Linux 7.2 server. I can't for the life of me figure out how to use it. I've edited the analog.cfg but when I run it from the command line, it seems to be completely ignoring anything that's in there. Almost as if it's not reading the config file. Are there command line options or something that I'm missing? I've looked in the FAQ and in the documentation.. maybe I'm just not seeing it, and if so I apologize, but I definately need some help. Here is my analog.cfg UNCOMPRESS *.gz,*.Z /usr/bin/zcat LOGFILE access200209.log.gz OUTFILE ../www/reports/report200209.html HOSTNAME Wake Internet IMAGEDIR /analog/images/ It is in the current directory where I am trying to run analog. I've also made changes to the analog.cfg that is in the directory where I installed analog (/usr/local/analog).. Neither of them seem to have any effect. Analog usually reads the analog.cfg file located in the directory where analog resides. This can be changed in the anlghead.h file before you compile it. If you are not sure use analog -settings to have it tell you what files it is reading. At a guess, the RedHat version might put the config file in /etc instead of in the analog dir. But as Jeremy says, you can find out with -settings. You can use a different config file with +gmy.cfg (and -G if you want to ignore the default config file). -- Stephen Turner, Cambridge, UKhttp://homepage.ntlworld.com/adelie/stephen/ Reserve your 2 hour delivery time, which means you'll see the same special offers as you would instore - Sainsbury's internet shopping instructions + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] how can you display the seconds in the request report?
Stephen, I love your product. And yes, I need the seconds. What I do is this: 1. Report by 5 minutes. 2. Isolate traffic peaks. 3. Isolate Host. 4. Create a request report for a precise amount of time and a unique host. This final report give a very nice and precise path for a user but I need the seconds to see how much time spends in a page. Right now I can not see what are they doing because people surfs very very fust (10 request per minute) and you can not see how much time they are spending per page. Hope this helps. Cesar. I disagree. The time column shows the last time that the file was requested by anyone. It's almost useless to know this to the nearest second, unless you only had one user visiting your site. -- Stephen Turner, Cambridge, UK http://homepage.ntlworld.com/adelie/stephen/ Reserve your 2 hour delivery time, which means you'll see the same special offers as you would instore - Sainsbury's internet shopping instructions + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to | http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at | http://www.mail-archive.com/analog-help;lists.isite.net/ | http://lists.isite.net/listgate/analog-help/archives/ | http://www.tallylist.com/archives/index.cfm/mlist.7 + + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] how can you display the seconds in the request report?
Stephen, I love your product. And yes, I need the seconds. What I do is this: 1. Report by 5 minutes. 2. Isolate traffic peaks. 3. Isolate Host. 4. Create a request report for a precise amount of time and a unique host. This final report give a very nice and precise path for a user but I need the seconds to see how much time spends in a page. Right now I can not see what are they doing because people surfs very very fust (10 request per minute) and you can not see how much time they are spending per page. Hope this helps. Cesar. I disagree. The time column shows the last time that the file was requested by anyone. It's almost useless to know this to the nearest second, unless you only had one user visiting your site. -- Stephen Turner, Cambridge, UK http://homepage.ntlworld.com/adelie/stephen/ Reserve your 2 hour delivery time, which means you'll see the same special offers as you would instore - Sainsbury's internet shopping instructions + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to | http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at | http://www.mail-archive.com/analog-help;lists.isite.net/ | http://lists.isite.net/listgate/analog-help/archives/ | http://www.tallylist.com/archives/index.cfm/mlist.7 + + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
[analog-help] Re: Analog Help Digest V1 #444
Gentlemen: On October 31, you wrote: By the way, there is a useful article which has just appeared at http://www.klarisma.dk/articles/aindex.asp about adding fake parameters to requests in order to pass information to yourself. For example, the author recommends adding parameters to all href's so that you can quickly see which link on a page was clicked. If the page is a static page, the server will ignore the parameters, but they will still get written to the logfile. I chose to differ with the efficiency of Mr. Larsen's paper. If one were to have a log with but a few entries, it is reasonable to assume that his philosophy might be effective. However, when a log files contains millions of lines, the necessity of special handling becomes self-evident. Does this information not already exist in a log file? I have two fields in my log file, the requested page and the referring page. If I understand Mr. Larsen correctly, he's adding additional information to the referring field to tell me something that is already there. For example, he suggests that parameters be added to a link to indicate where the link came from. I already get this information. I have only one link on a page to another page. It might make some difference if I were to have links in five places on the same page and you want to track which link is the most effective. However, this skewes the accuracy of the study, since repetition is the dominant factor at work here, not the effectiveness of the link. By the vary nature of a web-site, it is organized in much the same way as a corner variety store is organized. The milk is always put in a location the farthest from the door to force people to go by all of the less-needed impulse-buy items. If you know that people are coming to your site to access a specific resource, you put into place distractions that will sell your site or your products while people naviate their way to the milk. My site is organized in a hierarchy from the top down to as much as 15 levels deep. It is a simple matter for me to determine where a page came from by the referrer field. I might have 10 different places on a page where that link could have come from but then, my site is a major exception to the norm. My objective is not repetition but relevance. My site is organized in the same way that a dictionary or encyclopedia is organized, with a predictable hierarchy. Entertainment sites or marketing sites will have a different hierarchy where the objective is to enhance the experience of the visitor to entice them to stay longer. My site is the opposite, I want readers to get the information they want, quickly and comfortably and be able to move around the site to other information and references quickly. I can't help thinking that I'm missing something in Mr. Larsen's proposal. However, that he has presented his position is laudable. I present this, not in criticism of his position but to extract that which I might have mis-understood or not read. I look forward to comments that might clarify this. Ron Woodall --- Ron Woodall [EMAIL PROTECTED] The Compendium of HTML Elements your essential web publishing resource - available at/disponible à: http://au.htmlcompendium.org/index.htm (Australia) http://www.htmlcompendium.org/index.htm (Europe and North America) + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] Req report contains req for other sites
Stephen Turner wrote: On Fri, 1 Nov 2002, Aengus wrote: Shishir Singhai [EMAIL PROTECTED] wrote: [27/Oct/2002:23:16:17 +051800] GET http://www.yahoo.com HTTP/1.1 200 8779 - ProxyHunter Is this a proxy server log file? (It doesn't look like one). But they're not valid URL requests on any web server I've ever used. Could be, but it's more likely that mod_proxy is enabled, allowing this server to act as a proxy server. In that case, you should turn it off (or restrict access to trusted users, if you meant for it to be a proxy server). You really don't want your computer fielding requests from random people to other servers. ProxyHunter is actually a tool looking for open proxies -- see URL:http://www.proxys4all.com/tools.shtml for details. -- Klaus Johannes Rusch [EMAIL PROTECTED] http://www.atmedia.net/KlausRusch/ + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] Req report contains req for other sites
Klaus Johannes Rusch [EMAIL PROTECTED] wrote: Stephen Turner wrote: On Fri, 1 Nov 2002, Aengus wrote: Shishir Singhai [EMAIL PROTECTED] wrote: [27/Oct/2002:23:16:17 +051800] GET http://www.yahoo.com HTTP/1.1 200 8779 - ProxyHunter Is this a proxy server log file? (It doesn't look like one). But they're not valid URL requests on any web server I've ever used. Could be, but it's more likely that mod_proxy is enabled, allowing this server to act as a proxy server. In that case, you should turn it off (or restrict access to trusted users, if you meant for it to be a proxy server). You really don't want your computer fielding requests from random people to other servers. ProxyHunter is actually a tool looking for open proxies -- see URL:http://www.proxys4all.com/tools.shtml for details. The fact that the sample log entries happened to contain ProxyHunter as one of the browsers is irrelevant (you snipped the other two entries). The log entries look like proxy logs because the requests aren't for local files. Aengus + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] how can you display the seconds in the request report?
What you are trying to achieve here may not be statistically valid. See http://analog.cx/docs/webwork.html for reasons why. -- Jeremy Wadsack Wadsack-Allen Digital Group cesar martin ([EMAIL PROTECTED]; Friday, November 01, 2002 7:07 AM): Stephen, I love your product. And yes, I need the seconds. What I do is this: 1. Report by 5 minutes. 2. Isolate traffic peaks. 3. Isolate Host. 4. Create a request report for a precise amount of time and a unique host. This final report give a very nice and precise path for a user but I need the seconds to see how much time spends in a page. Right now I can not see what are they doing because people surfs very very fust (10 request per minute) and you can not see how much time they are spending per page. Hope this helps. Cesar. I disagree. The time column shows the last time that the file was requested by anyone. It's almost useless to know this to the nearest second, unless you only had one user visiting your site. -- Stephen Turner, Cambridge, UK http://homepage.ntlworld.com/adelie/stephen/ Reserve your 2 hour delivery time, which means you'll see the same special offers as you would instore - Sainsbury's internet shopping instructions + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
[analog-help] successful request for pages not included
Our scripts employing analog on IIS web sites have not worked well on their first run on IIS 5.0 as opposed to IIS 4.0. Is there anything one needs to change? Problems include: the general summary does not include 'successful requests for pages'. The daily and hourly summaries show number of requests, but the pages column shows only zeroes. The request report entries show requests for get?/index.html and the like, rather than /index.html. I would be pleased if anyone could tell me why these things are so. One thing that was different in this run was that a previous run had been aborted and there was a dns lockfile, so analog hacked off to DNS Lookup. Leslie Bell Systems Programmer, Web Support Unit, University of Essex, Colchester CO4 3SQ U.K. Telephone: +44 (0)1206 873628. Web statistics: http://www.essex.ac.uk/webstats + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] how can you display the seconds in the request report?
cesar martin [EMAIL PROTECTED] wrote: Stephen, I love your product. And yes, I need the seconds. What I do is this: 1. Report by 5 minutes. 2. Isolate traffic peaks. 3. Isolate Host. Analog is an excellent tool for these tasks, and it doesn't need to record seconds to do that. 4. Create a request report for a precise amount of time and a unique host. You don't need Analog for this. All you're doing is grepping all entries from a specific host in a particular time window. Just write a short script to do this for you. Analog would add absolutely no value to this task - the entries are already in the log file in the order you want them, and you just want to throw away anything that don't match your criteria. Aengus + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
[analog-help] Help a newbie again !!
hi there, Some time ago i had asked a question where i had asked on how do i get reports for a particular. Thankfully Stephen explained that i could do that by changing the FROM and TO fields My question now will be 1.) Is there any way to get logs for a particular day on the fly . say by choosing a particular day on the report itself.?? i.e not going to analog.cfg to change dates ?? Also for the faliure report or say for the report request. is there any way in which i could customize the failure report so that i could get the username / ip address / access time . along with file name , number of requests.. which i already get in the report ? 2.) On a different note, i am not sure if this is possible but has anybody setup analog to provide graphs to availability and uptime for a server. Sibi John. Systems Adminstrator. ~ + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] how can you display the seconds in the request report?
I am not a programmer. Can you tell where to find an script to do that? Thanks. You don't need Analog for this. All you're doing is grepping all entries from a specific host in a particular time window. Just write a short script to do this for you. Analog would add absolutely no value to this task - the entries are already in the log file in the order you want them, and you just want to throw away anything that don't match your criteria. + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
[analog-help] Can't read log file
I have some qmail log files that I want to do a quick byte count on using analog, but can't seem to get it figured out. I have grepped the files and gotten just the lines with byte counts and converted the times to something readable. Here is a sample line: 2002-09-20 08:17:23.276297500 info msg 114942: bytes 7109 from [EMAIL PROTECTED] qp 17662 uid 151 I have tried a few different LOGFORMATs with no success. The closest that I have gotten is with: LOGFORMAT (%Y-%m-%d %h:%n:%j.%j info msg %j: bytes %b from %j qp %j uid %c) and it returns with: F: Ignoring logfile [EMAIL PROTECTED], which contains no items being analysed However, all the lines in the log file have the same format as the one listed above. I would think that it would be a good match. I have managed to get Analog working with lots of other services and log types (Windows Media, Real Media, etc.), but this one I just can't figure out. Also, would it be appropriate to post those log formats for Windows Media and the like to this list just for future reference to anyone looking through archives? Thanks, Garrett Bartley [EMAIL PROTECTED] + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
[analog-help] analog not reading all the log files
I am running analog 5.23 on a redhat 7.2 apache server. Analog runs perfectly analyzing all logs from apaches and imported logs from an IIS server when running as a cron job, or via command line. I recently implemented the anlgform interface, and the problem I am having is when specifying a date range of say: FROM: 020601 TO: 020630 analog REPORT.html returns 6/13/02 to 6/30/02. Why is analog skipping log files from the 1st to the 12th via a web interface? They do exist, No matter what month I choose it seems to stop at the 13th, also Is there a parameter to set DEBUG to write to a file, instead of the screen. Thanks, mark __ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] how can you display the seconds in the request report?
cesar martin [EMAIL PROTECTED] wrote: I am not a programmer. Can you tell where to find an script to do that? You don't need to be a programmer to write a 4 line script. If you prefer, use a spreadsheet or whatever other tool you're comfortable with. What platform are you on? Aengus + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] Re: Analog Help Digest V1 #444
On Fri, 1 Nov 2002, Ron Woodall wrote: Does this information not already exist in a log file? I have two fields in my log file, the requested page and the referring page. If I understand Mr. Larsen correctly, he's adding additional information to the referring field to tell me something that is already there. For example, he suggests that parameters be added to a link to indicate where the link came from. I already get this information. I have only one link on a page to another page. It might make some difference if I were to have links in five places on the same page and you want to track which link is the most effective. I think he's thinking primarily of the case where you have more than one link on a page, and you want to distinguish between them. But I notice that he does use it on his site more widely than that. The other big advantage is that the referrer becomes part of the filename. That means that you don't have to try and cross-reference files and referrers -- you get both in the filename (cf http://www.analog.cx/docs/faq.html#faq128). -- Stephen Turner, Cambridge, UKhttp://homepage.ntlworld.com/adelie/stephen/ Reserve your 2 hour delivery time, which means you'll see the same special offers as you would instore - Sainsbury's internet shopping instructions + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] successful request for pages not included
On Fri, 1 Nov 2002, Bell, Leslie wrote: Our scripts employing analog on IIS web sites have not worked well on their first run on IIS 5.0 as opposed to IIS 4.0. Is there anything one needs to change? Problems include: the general summary does not include 'successful requests for pages'. The daily and hourly summaries show number of requests, but the pages column shows only zeroes. The request report entries show requests for get?/index.html and the like, rather than /index.html. I would be pleased if anyone could tell me why these things are so. get?/index.html -- that probably means that your LOGFORMAT is wrong. It would explain the rest of the problems too. My guess is that the log format is different between the two servers, and as a consequence you're specifying an incorrect LOGFORMAT. You shouldn't need to specify a LOGFORMAT at all with IIS -- take it out. -- Stephen Turner, Cambridge, UKhttp://homepage.ntlworld.com/adelie/stephen/ Reserve your 2 hour delivery time, which means you'll see the same special offers as you would instore - Sainsbury's internet shopping instructions + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] Can't read log file
On Fri, 1 Nov 2002, Garrett Bartley wrote: I have some qmail log files that I want to do a quick byte count on using analog, but can't seem to get it figured out. I have grepped the files and gotten just the lines with byte counts and converted the times to something readable. Here is a sample line: 2002-09-20 08:17:23.276297500 info msg 114942: bytes 7109 from [EMAIL PROTECTED] qp 17662 uid 151 I have tried a few different LOGFORMATs with no success. The closest that I have gotten is with: LOGFORMAT (%Y-%m-%d %h:%n:%j.%j info msg %j: bytes %b from %j qp %j uid %c) and it returns with: F: Ignoring logfile [EMAIL PROTECTED], which contains no items being analysed However, all the lines in the log file have the same format as the one listed above. I would think that it would be a good match. I have managed to get Analog working with lots of other services and log types (Windows Media, Real Media, etc.), but this one I just can't figure out. There is a program on the helper applications page to turn qmail logs into web-like logs. That's probably the simplest solution. Also, would it be appropriate to post those log formats for Windows Media and the like to this list just for future reference to anyone looking through archives? Yes please. -- Stephen Turner, Cambridge, UKhttp://homepage.ntlworld.com/adelie/stephen/ Reserve your 2 hour delivery time, which means you'll see the same special offers as you would instore - Sainsbury's internet shopping instructions + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] analog not reading all the log files
On Fri, 1 Nov 2002, Mark Clancy wrote: I am running analog 5.23 on a redhat 7.2 apache server. Analog runs perfectly analyzing all logs from apaches and imported logs from an IIS server when running as a cron job, or via command line. I recently implemented the anlgform interface, and the problem I am having is when specifying a date range of say: FROM: 020601 TO: 020630 analog REPORT.html returns 6/13/02 to 6/30/02. Why is analog skipping log files from the 1st to the 12th via a web interface? They do exist, No matter what month I choose it seems to stop at the 13th, also Is there a parameter to set DEBUG to write to a file, instead of the screen. To answer the last question first, yes, it's called ERRFILE, but you can't use it from the form, because it would allow people to write to your filespace. If you have some problems, it's best to run with the same configuration from the command line so as to see the error messages. Anyway, the problem here is that analog can't diagnose the format the IIS logfiles are in, so you need to give it a clue. See http://www.analog.cx/docs/logfile.html#IISfmt -- Stephen Turner, Cambridge, UKhttp://homepage.ntlworld.com/adelie/stephen/ Reserve your 2 hour delivery time, which means you'll see the same special offers as you would instore - Sainsbury's internet shopping instructions + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] successful request for pages not included
Bell, Leslie ([EMAIL PROTECTED]; Friday, November 01, 2002 8:47 AM): One thing that was different in this run was that a previous run had been aborted and there was a dns lockfile, so analog hacked off to DNS Lookup. If you know that Analog was aborted, you can remove this file yourself. It's just there to keep two copies of Analog running at the same time from trying to both write to the cache file. -- Jeremy Wadsack Wadsack-Allen Digital Group + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] analog not reading all the log files
Mark Clancy ([EMAIL PROTECTED]; Friday, November 01, 2002 10:46 AM): I am running analog 5.23 on a redhat 7.2 apache server. Analog runs perfectly analyzing all logs from apaches and imported logs from an IIS server when running as a cron job, or via command line. I recently implemented the anlgform interface, and the problem I am having is when specifying a date range of say: FROM: 020601 TO: 020630 analog REPORT.html returns 6/13/02 to 6/30/02. Why is analog skipping log files from the 1st to the 12th via a web interface? They do exist, No matter what month I choose it seems to stop at the 13th, Either it is not selecting logfiles that contain those dates (are there files that it thinks are corrupt, perhaps a bad or missing DEFAULTLOGFORMAT line?) or you have mis-typed the FROM/TO date. There is nothing in Analog that would make it choose the 13th to start at. also Is there a parameter to set DEBUG to write to a file, instead of the screen. ERRFILE. See http://analog.cx/docs/debug.html#ERRFILE -- Jeremy Wadsack Wadsack-Allen Digital Group + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] Help a newbie again !!
Sibi John ([EMAIL PROTECTED]; Friday, November 01, 2002 9:05 AM): 1.) Is there any way to get logs for a particular day on the fly . say by choosing a particular day on the report itself.?? i.e not going to analog.cfg to change dates ?? You can use -F/-T from the command line. These are equivalent to FROM and TO in a config file. Also for the faliure report or say for the report request. is there any way in which i could customize the failure report so that i could get the username / ip address / access time . along with file name , number of requests.. which i already get in the report ? As Aengus just said: If a file has been requested 1,000 times do you want 1,000 IP addresses listed against it? http://www.analog.cx/docs/faq.html#faq128 You can always generate a full report for a single file by using FILEINCLUDE filename. The Host Report in this case will just list the Hosts that requested that file. But you can only report on a single file at a time. 2.) On a different note, i am not sure if this is possible but has anybody setup analog to provide graphs to availability and uptime for a server. The web server log files do not really provide this information. You could look at all the requests and, using some heuristic, figure out when there have been no requests for a long period of time (for some definition of long). But that's just an estimate. And web/browser caches and such could affect this. If you really want availability and uptime, use a server monitoring solution like the one included in PureSecure, http://www.demarc.com/. -- Jeremy Wadsack Wadsack-Allen Digital Group + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] Can't read log file
Garrett Bartley [EMAIL PROTECTED] wrote: I have some qmail log files that I want to do a quick byte count on using analog, but can't seem to get it figured out. I have grepped the files and gotten just the lines with byte counts and converted the times to something readable. Here is a sample line: 2002-09-20 08:17:23.276297500 info msg 114942: bytes 7109 from [EMAIL PROTECTED] qp 17662 uid 151 I have tried a few different LOGFORMATs with no success. The closest that I have gotten is with: LOGFORMAT (%Y-%m-%d %h:%n:%j.%j info msg %j: bytes %b from %j qp %j uid %c) You don't have a Request field in there, and 151 is not a Success HTTP Status code. and it returns with: F: Ignoring logfile [EMAIL PROTECTED], which contains no items being analysed LOGFORMAT (%Y-%m-%d %h:%n:%jbytes %b %j %r %juid %u) will work. (I just used the From field as the %r, and changed the last field so that it's not %c). Aengus + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] analog not reading all the log files
Thanks for your help, I have ammended the perl script to save the params it is recieving to a file, and here is the relevant output: queryparam LOGFILE A=/var/log/httpd/access_lo* A=/var/log/LogFiles/in*.log queryparam LOGFORMAT A=MICROSOFT-NA queryparam FROM A=020601 queryparam TO A=020630 analog is getting the correct dates, could it be the order in which it is recieving params LOGFILE and LOGFORMAT?, I put LOGFORMAT before LOGFILE /var/log/LogFiles/in*.log in anlgform.html, but as it goes through peral it changes. REgards, Mark --- Jeremy Wadsack [EMAIL PROTECTED] wrote: Mark Clancy ([EMAIL PROTECTED]; Friday, November 01, 2002 10:46 AM): I am running analog 5.23 on a redhat 7.2 apache server. Analog runs perfectly analyzing all logs from apaches and imported logs from an IIS server when running as a cron job, or via command line. I recently implemented the anlgform interface, and the problem I am having is when specifying a date range of say: FROM: 020601 TO: 020630 analog REPORT.html returns 6/13/02 to 6/30/02. Why is analog skipping log files from the 1st to the 12th via a web interface? They do exist, No matter what month I choose it seems to stop at the 13th, Either it is not selecting logfiles that contain those dates (are there files that it thinks are corrupt, perhaps a bad or missing DEFAULTLOGFORMAT line?) or you have mis-typed the FROM/TO date. There is nothing in Analog that would make it choose the 13th to start at. also Is there a parameter to set DEBUG to write to a file, instead of the screen. ERRFILE. See http://analog.cx/docs/debug.html#ERRFILE -- Jeremy Wadsack Wadsack-Allen Digital Group + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to | http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at | http://www.mail-archive.com/analog-help;lists.isite.net/ | http://lists.isite.net/listgate/analog-help/archives/ | http://www.tallylist.com/archives/index.cfm/mlist.7 + __ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] analog not reading all the log files
On Fri, 1 Nov 2002, Mark Clancy wrote: analog is getting the correct dates, could it be the order in which it is recieving params LOGFILE and LOGFORMAT?, I put LOGFORMAT before LOGFILE /var/log/LogFiles/in*.log in anlgform.html, but as it goes through peral it changes. LOGFORMAT is forbidden from the form. See the security notes in docs/form.html. You need to use DEFAULTLOGFORMAT in your analog.cfg instead. -- Stephen Turner, Cambridge, UKhttp://homepage.ntlworld.com/adelie/stephen/ Reserve your 2 hour delivery time, which means you'll see the same special offers as you would instore - Sainsbury's internet shopping instructions + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
[analog-help] Log formats for several log types
As promised, here are the log formats for several
different server services that I have successfully created with good
results. I can make no garauntee on any of these, but I can say that they
have worked for me. Prior to discovering analog, I had my own Perl/PHP
scripts calculating log files, but Analog is like 10 billion times faster and
has much better output. Please feel free to offer any corrections or
improvements.
And thank you to everyone who has helped make
Analog a great piece of software!
Microsoft FTP Server
Sample log file line:
2002-10-31 15:33:33 207.32.96.139user
MSFTPSVC2 Server1192.168.1.100 21 [2855]createdfilename.ext - 226 0
165340 1468FTP - - - -
Log format:
LOGFORMAT "%Y-%m-%d %h:%n:%j %s %u %j %j %j [%j]%j
%r - %C %b %b %t FTP - - - -"
Notes: This is with all logging turned on except
for the Win32 status.
Real Media Server
Sample log file line:
12.216.124.30 - - [31/Oct/2002:22:45:26
-0500] "GET dir/091202v1.rm RTSP/1.0" 200 23306141
[WinNT_5.0_6.0.9.380_play32_AOL8_en-US_UNK_axembed]
[abc4fd5b-8b09-456b-9cdf-3e7fea4b705d] [Stat1:
8028
18
0
0 0
64_Kbps_Stereo_Music_-_RA8][Stat2:
64083
65987
0
0
0
18
18
00
0 50 64_Kbps_Stereo_Music_-_RA8]
77700425 1595 905 123 0 8581
Log format:
LOGFORMAT "%s %j %j [%d/%M/%Y:%h:%n:%j %j]
"%j %r %j" %c %b [%B] %j"
Notes:
This ignores the extra statistics at the end and
just reports the basics.
Serv-U FTP Server
Sample log file line:
[3] Tue 14May02 16:56:25 - (37) Error sending
file f:\filename.ext, aborting (3.09 Kb/sec - 487424 bytes, client closed data
connection)
[4] Tue 30Apr02 14:52:54 - (000257) Received
filef:\filename.ext successfully (29.2 Kb/sec - 5651
bytes)
[3] Wed 01May02 23:18:53 - (02) Sent file
f:\filename.ext successfully (92.2 Kb/sec - 6893 bytes)
[5] Tue 30Apr02 10:29:18 - (000245) Connected to
216.136.171.204 (Local address 192.168.1.101)
Log format(s):
LOGFORMAT "[%j] %j %d%M%y %h:%n:%j - (%j) Error
sending file %r, aborting (%j Kb/sec - %b bytes, %j %j)"LOGFORMAT "[%j] %j
%d%M%y %h:%n:%j - (%j) Received file %r successfully (%j Kb/sec - %b
bytes)"LOGFORMAT "[%j] %j %d%M%y %h:%n:%j - (%j) Sent file %r successfully
(%j Kb/sec - %b bytes)"LOGFORMAT "[%j] %j %d%M%y %h:%n:%j - (%j) Connected
to %s (Local address 192.168.1.101)"
Shoutcast (Old style
logging)
Sample log file lines:
08/18/02@04:25:49 [SHOUTcast] DNAS/win32
v1.8.0 (Jan 2 2001) starting up...08/18/02@04:25:49 [main] loaded config
from C:\Program Files\SHOUTcast2\sc_serv_gui.ini08/18/02@04:25:49 [main] initializing
(usermax:200 portbase:9191)...08/18/02@04:25:49 [main] No ban file
found (sc_serv.ban)08/18/02@04:25:49 [main] No rip file
found (sc_serv.rip)08/18/02@04:25:49 [main] opening source
socket08/18/02@04:25:49
[main] source thread starting08/18/02@04:25:49 [main] opening client
socket08/18/02@04:25:49
[source] listening for connection on port 919208/18/02@04:25:49 [main] Client Stream
thread [0] starting08/18/02@04:25:49 [main] client main
thread starting08/18/02@04:25:49 [dest: 216.253.39.2]
server unavailable, disconnecting08/18/02@04:25:58 [source] connected
from 66.192.5.15808/18/02@04:25:58 [source]
icy-name:NEWSRADIO 640 WGST (rush dr. laura kimmer) ; icy-genre:NEWS
TALK08/18/02@04:25:58
[source] icy-pub:1 ; icy-br:24 ; icy-url:http://www.wgst.com08/18/02@04:25:58 [source]
icy-irc:#shoutcast ; icy-icq:0 ; icy-aim:N/A08/18/02@04:25:59 [dest: 205.188.234.42]
starting stream (UID: 0)[L: 1]08/18/02@04:25:59 [dest: 205.188.234.42]
connection closed (0 seconds) (UID: 0)[L: 0]{Bytes: 16384}08/18/02@04:26:00 [yp_add]
yp.shoutcast.com added me successfully08/18/02@04:28:59 [yp_tch]
yp.shoutcast.com touched!
09/11/02@12:08:25 [dest: 63.236.253.100]
service full, disconnecting
Log format(s):
LOGFORMAT "%m/%d/%y@%h:%n:%j [dest: %s] connection
closed (%t seconds) (UID: %u)[L: %r]{Bytes: %b}LOGFORMAT "%m/%d/%y@%h:%n:%j [dest: %s] starting
stream (UID: %j)[L: %j]LOGFORMAT "%m/%d/%y@%h:%n:%j [yp_tch]
yp.shoutcast.com touched!LOGFORMAT "%m/%d/%y@%h:%n:%j [dest: %s] service
full, disconnectingLOGFORMAT "%m/%d/%y@%h:%n:%j [SHOUTcast] DNAS/win32
v1.8.0 (Jan 2 2001) starting up...LOGFORMAT "%m/%d/%y@%h:%n:%j [main] loaded config
from C:\Program Files\%j\sc_serv_gui.iniLOGFORMAT "%m/%d/%y@%h:%n:%j [main] initializing
(usermax:%j portbase:%j)...LOGFORMAT "%m/%d/%y@%h:%n:%j [main] No ban file
found (sc_serv.ban)LOGFORMAT "%m/%d/%y@%h:%n:%j [main] No rip file
found (sc_serv.rip)LOGFORMAT "%m/%d/%y@%h:%n:%j [main] opening source
socketLOGFORMAT "%m/%d/%y@%h:%n:%j [main] source thread
startingLOGFORMAT "%m/%d/%y@%h:%n:%j [main] opening client
socketLOGFORMAT "%m/%d/%y@%h:%n:%j [source] listening for
connection on port %jLOGFORMAT "%m/%d/%y@%h:%n:%j [main] Client Stream
thread [%j] startingLOGFORMAT "%m/%d/%y@%h:%n:%j [main] client main
thread startingLOGFORMAT "%m/%d/%y@%h:%n:%j [dest: %s] server
unavailable, disconnectingLOGFORMAT "%m/%d/%y@%h:%n:%j [source] connected
from
RE: [analog-help] Help a newbie again !!
I totally understand your point. But the main reason i want to do this is say if i needed to see if there were any hacker intrusion attempts on my site today, I would like see who was making what kind of requests at what time, and not just on a particular file, any requests to my website.. is something like that possible in analog. Sibi John. Systems Adminstrator. Deerfield Capital Management. ~ -Original Message- From: Jeremy Wadsack [mailto:jwadsack;wadsack-allen.com] Sent: Friday, November 01, 2002 12:27 PM To: [EMAIL PROTECTED] Subject: Re: [analog-help] Help a newbie again !! Sibi John ([EMAIL PROTECTED]; Friday, November 01, 2002 9:05 AM): 1.) Is there any way to get logs for a particular day on the fly . say by choosing a particular day on the report itself.?? i.e not going to analog.cfg to change dates ?? You can use -F/-T from the command line. These are equivalent to FROM and TO in a config file. Also for the faliure report or say for the report request. is there any way in which i could customize the failure report so that i could get the username / ip address / access time . along with file name , number of requests.. which i already get in the report ? As Aengus just said: If a file has been requested 1,000 times do you want 1,000 IP addresses listed against it? http://www.analog.cx/docs/faq.html#faq128 You can always generate a full report for a single file by using FILEINCLUDE filename. The Host Report in this case will just list the Hosts that requested that file. But you can only report on a single file at a time. 2.) On a different note, i am not sure if this is possible but has anybody setup analog to provide graphs to availability and uptime for a server. The web server log files do not really provide this information. You could look at all the requests and, using some heuristic, figure out when there have been no requests for a long period of time (for some definition of long). But that's just an estimate. And web/browser caches and such could affect this. If you really want availability and uptime, use a server monitoring solution like the one included in PureSecure, http://www.demarc.com/. -- Jeremy Wadsack Wadsack-Allen Digital Group + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 + + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] Help a newbie again !!
Again, let me point you to PureSecure, http://www.demarc.com/. It does intrusion detection, system monitoring, etc. Analog is also useful for that, but not so much as a monitoring tool. If you do find something suspicious, you can use Analog to drill through the logs, isolating hosts (HOSTINCLUDE), periods (FROM/TO) and files (FILEINCLUDE) until you get the reports you need. This is a multi-step process. Of course you can get basic details from Analog: a large amount of traffic in a short time in the Hourly, Quarter-Hourly or Five-Minute reports; a host that is more active than others; repeated failed attempts to access secured areas of your site; etc. -- Jeremy Wadsack Wadsack-Allen Digital Group Sibi John ([EMAIL PROTECTED]; Friday, November 01, 2002 11:51 AM): I totally understand your point. But the main reason i want to do this is say if i needed to see if there were any hacker intrusion attempts on my site today, I would like see who was making what kind of requests at what time, and not just on a particular file, any requests to my website.. is something like that possible in analog. Sibi John. Systems Adminstrator. Deerfield Capital Management. ~ -Original Message- From: Jeremy Wadsack [mailto:jwadsack;wadsack-allen.com] Sent: Friday, November 01, 2002 12:27 PM To: [EMAIL PROTECTED] Subject: Re: [analog-help] Help a newbie again !! Sibi John ([EMAIL PROTECTED]; Friday, November 01, 2002 9:05 AM): 1.) Is there any way to get logs for a particular day on the fly . say by choosing a particular day on the report itself.?? i.e not going to analog.cfg to change dates ?? You can use -F/-T from the command line. These are equivalent to FROM and TO in a config file. Also for the faliure report or say for the report request. is there any way in which i could customize the failure report so that i could get the username / ip address / access time . along with file name , number of requests.. which i already get in the report ? As Aengus just said: If a file has been requested 1,000 times do you want 1,000 IP addresses listed against it? http://www.analog.cx/docs/faq.html#faq128 You can always generate a full report for a single file by using FILEINCLUDE filename. The Host Report in this case will just list the Hosts that requested that file. But you can only report on a single file at a time. 2.) On a different note, i am not sure if this is possible but has anybody setup analog to provide graphs to availability and uptime for a server. The web server log files do not really provide this information. You could look at all the requests and, using some heuristic, figure out when there have been no requests for a long period of time (for some definition of long). But that's just an estimate. And web/browser caches and such could affect this. If you really want availability and uptime, use a server monitoring solution like the one included in PureSecure, http://www.demarc.com/. + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] analog not reading all the log files
I got it working by letting analog.cfg handle the log locations and logformat, instead of passing them from the form. Thanks again, Mark --- Stephen Turner [EMAIL PROTECTED] wrote: On Fri, 1 Nov 2002, Mark Clancy wrote: analog is getting the correct dates, could it be the order in which it is recieving params LOGFILE and LOGFORMAT?, I put LOGFORMAT before LOGFILE /var/log/LogFiles/in*.log in anlgform.html, but as it goes through peral it changes. LOGFORMAT is forbidden from the form. See the security notes in docs/form.html. You need to use DEFAULTLOGFORMAT in your analog.cfg instead. -- Stephen Turner, Cambridge, UK http://homepage.ntlworld.com/adelie/stephen/ Reserve your 2 hour delivery time, which means you'll see the same special offers as you would instore - Sainsbury's internet shopping instructions + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to | http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at | http://www.mail-archive.com/analog-help;lists.isite.net/ | http://lists.isite.net/listgate/analog-help/archives/ | http://www.tallylist.com/archives/index.cfm/mlist.7 + __ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
[no subject]
approve sonclark who analog-help __ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] how can you display the seconds in the requestreport?
I know... but I am not very good with scripts. I use a mac and I am working with logs in the hundreds of megas so I can not use excel to open them. But yes, any help to extract a portion of a log life will be a great help. Thanks. Aengus wrote: cesar martin [EMAIL PROTECTED] wrote: I am not a programmer. Can you tell where to find an script to do that? You don't need to be a programmer to write a 4 line script. If you prefer, use a spreadsheet or whatever other tool you're comfortable with. What platform are you on? Aengus + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 + + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] Counting hits from click-through campaign
Just thought I'd add that Norton's Internet Security or Personal Firewall blocks referrer as default. Marc. From: James Riemermann [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [analog-help] Counting hits from click-through campaign Date: Wed, 30 Oct 2002 19:14:34 -0600 As I have had similar, unexplainable problems with certain banner ad buys, I wonder if some of the ad-tracking services might be buggy in some way--say, passing a bad destination URL to the browser, and counting that as a click-through because, indeed, they did click through to something--but no page on our site! I can't confirm this, but I suspect it happens, maybe more often than advertisers would admit or even know. Using the Internal Search report and a specific target URL offers a much better basis for evaluating the success of ad buys or other external links into your site. Good luck! james [EMAIL PROTECTED] 10/30 3:44p the problem is either 1) the site refers from numerous, multiple URLs that may differ from their main commercial URLs; and 2) the referrals may come from an ad-server address rather than the actual commercial site. I realized that, but after I excluded everything I knew for certain would not be them, the total referrers left (from all types of misc places) was less than the click-throughs they reported. So, if they are telling the truth - no referrer was recorded. URLs ending with source=advertisername. Then the Internal Search report organizes all such click-through counts in one place. I like that! Kathleen ~~~ + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 + + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 + _ Broadband? Dial-up? Get reliable MSN Internet Access. http://resourcecenter.msn.com/access/plans/default.asp + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] read log files from tar.gz
Hie Stephen, Thanx for the help u provided me, infact i needed some guidens, i m very much new with linux my background is admin for windows what i had been doing since last 3 yrs it's been only last 8 months m on linux i found it so much interesting that now i m keen to learn more more from it so m i doing it. Now comming to the point let me tell u the analog style what i have done. I have 5 different virtual domains so in httpd i m creating all to gether 5 different files for all five domains it creats 2 different files for each domains that is domainname.refererlog domainname.accesslog. I have created 5 different domainname.cfg files in analog folder i run all this 5 cfg files with one sh file in which i have specified something like this #!bin/sh analog -G +gdomainname.cfg analog -G +gdomainname.cfg it gives me the output in html format were it's been specified. I would also like to show u the settings how i have setted in domainname.cfg files if you can giude me were i m wrong in # REQINCLUDE pages # SETTINGS ON ALL OFF MONTHLY ON # one line for each month WEEKLY ON# one line for each week DAILYREP OFF # one line for each day DAILYSUM OFF # one line for each day of the week HOURLYREP OFF # one line for each hour of the day GENERAL ON # the General Summary at the top REQUEST ON # which files were requested FAILURE ON # which files were not found DIRECTORY ON # Directory Report HOST ON # which computers requested files ORGANISATION ON # which organisations they were from DOMAIN ON# which countries they were in DNS write DNS lookup REFERRER ON # where people followed links from FAILREF ON # where people followed broken links from SEARCHQUERY ON # the phrases and words they used... SEARCHWORD ON# ...to find you from search engines BROWSERSUM ON# which browser types people were using OSREP ON # and which operating systems FILETYPE ON # types of file requested SIZE ON # sizes of files requested STATUS ON# number of each type of success and failure USER ON # to get users list USERFLOOR 1000r REQLINKINCLUDE pages REFLINKINCLUDE * REDIRREFLINKINCLUDE * FAILREFLINKINCLUDE * # UNCOMPRESS *.gz,*.Z gzip -cd UNCOMPRESS *.tar.gz tar zxOf SUBBROW */* SUBTYPE *.gz,*.Z,*.tar.gz According to above settings i tried but still the report don't take date from tar.gz files, you insisted me to check by making gz file i tried but i m unable to make gz file only :( Stephen if you can work out for me give the solution will be really great help from u. Waitng for your reply thanking you for help you gave. -- Pratik System Admin Ultrainfotech. Quoting Stephen Turner [EMAIL PROTECTED]: On Fri, 1 Nov 2002 [EMAIL PROTECTED] wrote: Hello everybody !! I m using analog-5.23-2 on redhat 7.0. Since last 6 months i m using analog everything's working perfectly now i have realised that the log files have reached to more than 100 mb each. I have virtual domains on the system so i m creating different log files for all different domains. My question, Is it possible to zip my old files keep in the same folder were my other log files are kept ? if yes than i did tried zipping my old files kept it in log folder were the path is setted to but i m not getting records of previous months. The files are zipped in filename.tar.gz format. Please help me out for the solution if i can make analog config files read from tar.gz files if yes than what settings i will have to change in cfg files of the virtual domains. I hope i get help on this so that i can save my disk space :) Yes, but you have to give an UNCOMPRESS command to tell analog how to read them. If you're using GNU tar, I think this should do: UNCOMPRESS *.tar.gz tar zxOf By the way, you may find it easier just to gzip each file separately, not put them all in one big tar. You won't get much more compression from tarring them as well. -- Stephen Turner, Cambridge, UK http://homepage.ntlworld.com/adelie/stephen/ Reserve your 2 hour delivery time, which means you'll see the same special offers as you would instore - Sainsbury's internet shopping instructions + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 + - This mail sent through http://mail.vadodaramail.net/ + | This is the
