.
mycomputer - - ...
secrect - - ...
whereas unknown domain would be hosts resolving to non-standard hostnames, e.g.
mycomputer.intranet - - ...
firewall.company.private - - ...
--
Klaus Johannes Rusch
[EMAIL PROTECTED]
http://www.atmedia.net/KlausRusch
+)!) {
print $5 - - [$2/$mon{$1+0}/$3:$4 -] \GET /rule-$6 HTTP/1.0\\n;
}
}
If you are interested in additional information from the firewall log, you
could add that to the URL, for example
GET /rule-3/sourceport-4410/destination-123.456.789.012/
--
Klaus Johannes Rusch
[EMAIL PROTECTED
, or running Domino as a backend server behind a proxy
server such as WTE or Squid which would write ECLF logs directly.
--
Klaus Johannes Rusch
[EMAIL PROTECTED]
http://www.atmedia.net/KlausRusch/
+
| This is the analog-help
%b %f %B)
LOGFORMAT (%S %j %j [%d/%M/%Y:%h:%n:%j] %r %c %b %f %B)
and turn on USER reporting -- the cookie will be treated as the userid, which
is often what you want (and which is actually a recommended option in the
analog documentation :-))
--
Klaus Johannes Rusch
[EMAIL PROTECTED]
http
do
this?
This only excludes the images from being counted as paged, if you want to
exclude them completely you need to exclude them from the report with
REQEXCLUDE *.gif
or exclude them completely with
FILEEXCLUDE *.gif
--
Klaus Johannes Rusch
[EMAIL PROTECTED]
http
to your reply I assume that
I will have to continue with what I did before (searchreplace).
Something like
cat logfile | perl -p -n -e s!(HTTP/1...) 401!$1 200!; | analog
should work (and would be another nice application for the PREPROCESSFILTER I
proposed earlier :-))
--
Klaus Johannes Rusch
In Pine.LNX.3.96.1020114200347.1398A-10@gentoo, Stephen Turner
[EMAIL PROTECTED] writes:
On Mon, 14 Jan 2002, Klaus Johannes Rusch wrote:
Something like
cat logfile | perl -p -n -e s!(HTTP/1...) 401!$1 200!; | analog
should work
You mean analog - at the end.
LOGFILE
statement would be much easier to use without
breaking the nicely working UNCOMPRESS
--
Klaus Johannes Rusch
[EMAIL PROTECTED]
http://www.atmedia.net/KlausRusch/
+
| This is the analog-help mailing list. To unsubscribe from
In Pine.LNX.3.96.1020110223948.7672A-10@gentoo, Stephen Turner
[EMAIL PROTECTED] writes:
On Thu, 10 Jan 2002, Klaus Johannes Rusch wrote:
I see how UNCOMPRESS can be used as a pre-processing hook, however adding
additional filters means modifying all UNCOMPRESS directives
in for their servers.
Analog comes with a few sample files, which should get you started, then just
add options to the configuration file to control the output (such as, how many
entries you would like to see, which reports to include/exclude etc.)
--
Klaus Johannes Rusch
[EMAIL PROTECTED]
http
modifications this would also come handy to
reformat log file entries which are not compatible with analog, e.g.
Cookie values containing double-quotes etc.
--
Klaus Johannes Rusch
[EMAIL PROTECTED]
http://www.atmedia.net/KlausRusch
In [EMAIL PROTECTED], Otis Gospodnetic [EMAIL PROTECTED] writes:
REFREPEXCLUDE http://ourdomainhere.com/
REFSITEEXCLUDE http://www.ourdomainhere.com/
You probably want
REFREPEXCLUDE http://ourdomainhere.com/*
REFSITEEXCLUDE http://www.ourdomainhere.com/*
--
Klaus Johannes Rusch
[EMAIL
the documentation for details on DNS commands.
--
Klaus Johannes Rusch
[EMAIL PROTECTED]
http://www.atmedia.net/KlausRusch/
+
| This is the analog-help mailing list. To unsubscribe from this
| mailing list, go to
|http
your log files to eliminate the double quotes,
analog does not perform pattern matching with backtracking but simply takes the
first matching double quote as a delimiter.
--
Klaus Johannes Rusch
[EMAIL PROTECTED]
http://www.atmedia.net/KlausRusch
a date-like string, something
like
perl -n -p -e 's!(\d\d/[A-Z][a-z][a-z])/1904)!$1/2001/' logfile
should work.
--
Klaus Johannes Rusch
[EMAIL PROTECTED]
http://www.atmedia.net/KlausRusch/
+
| This is the analog-help
it
can exclude a certain host, using HOSTEXCLUDE will not reduce the number of bad
lines.
Does your health check really result in such a log file entry on two lines?
The best to handle this would probably be to reformat the log file prior to
running it through analog.
--
Klaus Johannes Rusch
if your definitions don't work.
--
Klaus Johannes Rusch
[EMAIL PROTECTED]
http://www.atmedia.net/KlausRusch/
+
| This is the analog-help mailing list. To unsubscribe from this
| mailing list, go to
|http
preceeds the LOGFILE directive,
dumping the configuration as understood by analog, and turning on additional
DEBUG options to trace which files are opened may help.
--
Klaus Johannes Rusch
[EMAIL PROTECTED]
http://www.atmedia.net/KlausRusch
mm=%DATE:~3,2%
set dd=%DATE:~0,2%
set DATE=%%%mm%%dd%
analog access.%DATE.log
--
Klaus Johannes Rusch
[EMAIL PROTECTED]
http://www.atmedia.net/KlausRusch/
+
| This is the analog-help mailing list. To unsubscribe from
in the documentation, D.9 How can I rnu analog automatically
every day
If you want to keep daily reports as separate files, look at the OUTFILE
parameter as well, which can dynamically generate filenames.
--
Klaus Johannes Rusch
[EMAIL PROTECTED]
http://www.atmedia.net/KlausRusch
appropriate.
PS. The literal translation for traffic (both vehicles and network) is Verkehr.
--
Klaus Johannes Rusch
[EMAIL PROTECTED]
http://www.atmedia.net/KlausRusch/
+
| This is the analog-help mailing list. To unsubscribe
having an option to rewrite log file lines before they are
parsed would be nice so non-standard log formats could easily be adapted
before they get discarded as invalids.
--
Klaus Johannes Rusch
[EMAIL PROTECTED]
http://www.atmedia.net/KlausRusch
In [EMAIL PROTECTED], Stephen Turner
[EMAIL PROTECTED] writes:
On Wed, 22 Aug 2001, Klaus Johannes Rusch wrote:
The documentation lists the mailing list names but without mailto links
to the list, only to the list manager addresses. Having a direct link to
send a message to the list
I would like to suggest an option to declare individual matches case
sensitive or insensitive, e.g.
SEARCHENGINE CASE http://www.foo.com/*BAR
SEARCHENGINE NOCASE http://www.google.com/* q
--
Klaus Johannes Rusch
[EMAIL PROTECTED]
http://www.atmedia.net/KlausRusch
The documentation lists the mailing list names but without mailto links
to the list, only to the list manager addresses. Having a direct link to
send a message to the list (after consulting the documentation :-))
would be nice.
--
Klaus Johannes Rusch
[EMAIL PROTECTED]
http://www.atmedia.net
object, for example an audio file for any audio/* request, a video
for any video/* request, an empty text file for Javascript or CSS requests etc.
--
Klaus Johannes Rusch
[EMAIL PROTECTED]
http://www.atmedia.net/KlausRusch
the report to one
person... message from a few days ago.
webmaster@address is not necessarily the person running the specific machine,
rather than mailing individuals I would suggest to submit the /default.ida log
entries to DShield ([EMAIL PROTECTED])
--
Klaus Johannes Rusch
[EMAIL PROTECTED]
http
kind of helps but
is slow and does not work without unpacking compressed log files first.
--
Klaus Johannes Rusch
[EMAIL PROTECTED]
http://www.atmedia.net/KlausRusch/
+
| This is the analog-help mailing list. To unsubscribe
Analog I get a ' Bad argument in configuration command :
Ignoring it.
%h:%m should probably be %h:%n (for miNute)
--
Klaus Johannes Rusch
[EMAIL PROTECTED]
http://www.atmedia.net/KlausRusch/
+
| This is the analog-help
--
Klaus Johannes Rusch
[EMAIL PROTECTED]
http://www.atmedia.net/KlausRusch/
+
| This is the analog-help mailing list. To unsubscribe from this
| mailing list, go to
|http://lists.isite.net/listgate/analog-help
omain.comGET /
host2.domain.comGET /an.image.gif
host3.domain.comGET /another.image.gif
--
Klaus Johannes Rusch
[EMAIL PROTECTED]
http://www.atmedia.net/KlausRusch/
This is the analog-help mailing list.
s may show incorrect results
- if the same log files are analyzed by another tool as well or manually
reviewed for specific items, doing reverse resolution once is definitely more
resource friendly
--
Klaus Johannes Rusch
[EMAIL PROTECTED]
http://www.atmedia.net/
-n -p -e"s/^/ROBOTEXCLUDE /" list, so not sure if another
configuration file format is really required (also would -FILE allow for regexs
or not?)
--
Klaus Johannes Rusch
[EMAIL PROTECTED]
http://www.at
In [EMAIL PROTECTED], CAPRON Patrick
[EMAIL PROTECTED] writes:
I've got log files with not "GET" or "POST" requests...
Analog returns me : "Invalid Lines..."
Is there a possibility to avoid this?
What do your log file lines contain then?
--
Klaus Johanne
34 matches
Mail list logo
