As promised, here are the log formats for several
different server services that I have successfully created with good
results. I can make no garauntee on any of these, but I can say that they
have worked for me. Prior to discovering analog, I had my own Perl/PHP
scripts calculating log files, but Analog is like 10 billion times faster and
has much better output. Please feel free to offer any corrections or
improvements.
And thank you to everyone who has helped make
Analog a great piece of software!
Microsoft FTP Server
Sample log file line:
2002-10-31 15:33:33 207.32.96.139 user
MSFTPSVC2 Server1 192.168.1.100 21 [2855]created filename.ext - 226 0
165340 1468
FTP - - - - Log format:
LOGFORMAT "%Y-%m-%d %h:%n:%j %s %u %j %j %j [%j]%j
%r - %C %b %b %t FTP - - - -"
Notes: This is with all logging turned on except
for the Win32 status.
Real Media Server
Sample log file line:
12.216.124.30 - - [31/Oct/2002:22:45:26
-0500] "GET dir/091202v1.rm RTSP/1.0" 200 23306141
[WinNT_5.0_6.0.9.380_play32_AOL8_en-US_UNK_axembed]
[abc4fd5b-8b09-456b-9cdf-3e7fea4b705d] [Stat1:
8028
18
0
0 0
64_Kb
ps_Stereo_Music_-_RA8][Stat2: 64083 65987 0 0 0 18 18 0 0 0 50 64_Kbps_Stereo_Music_-_RA8] 77700425 1595 905 123 0 8581 Log format:
LOGFORMAT "%s %j %j [%d/%M/%Y:%h:%n:%j %j]
"%j %r %j" %c %b [%B] %j"
Notes:
This ignores the extra statistics at the end and
just reports the basics.
Serv-U FTP Server
Sample log file line:
[3] Tue 14May02 16:56:25 - (000037) Error sending
file f:\filename.ext, aborting (3.09 Kb/sec - 487424 bytes, client closed data
connection)
[4] Tue 30Apr02 14:52:54 - (000257) Received
file f:\filename.ext successfully (29
.2 Kb/sec - 5651 bytes) [3] Wed 01May02 23:18:53 - (000002) Sent file
f:\filename.ext successfully (92.2 Kb/sec - 6893 bytes)
[5] Tue 30Apr02 10:29:18 - (000245) Connected to
216.136.171.204 (Local address 192.168.1.101)
Log format(s):
LOGFORMAT "[%j] %j %d%M%y %h:%n:%j - (%j) Error
sending file %r, aborting (%j Kb/sec - %b bytes, %j %j)"
LOGFORMAT "[%j] %j %d%M%y %h:%n:%j - (%j) Received file %r successfully (%j Kb/sec - %b bytes)" LOGFORMAT "[%j] %j %d%M%y %h:%n:%j - (%j) Sent file %r successfully (%j Kb/sec - %b bytes)" LOGFORMAT "[%j] %j %d%M%y %h:%n:%j - (%j) Connected to %s (Local address 192.168.1.101)" Shoutcast (Old style
logging)
Sample log file lines:
<08/18/02@04:25:49> [SHOUTcast] DNAS/win32
v1.8.0 (Jan 2 2001) starting up...
<08/18/02@04:25:49> [main] loaded config from C:\Program Files\SHOUTcast2\sc_serv_gui.ini <08/18/02@04:25:49> [main] initializing (usermax:200 portbase:9191)... <08/18/02@04:25:49> [main] No ban file found (sc_serv.ban) <08/18/02@04:25:49> [main] No rip file found (sc_serv.rip) <08/18/02@04:25:49> [main] opening source socket <08/18/02@04:25:49> [main] source thread starting <08/18/02@04:25:49> [main] opening client socket <08/18/02@04:25:49> [source] listening for connection on port 9192 <08/18/02@04:25:49> [main] Client Stream thread [0] starting <08/18/02@04:25:49> [main] client main thread starting <08/18/02@04:25:49> [dest: 216.253.39.2] server unavailable, disconnecting <08/18/02@04:25:58> [source] connected from 66.192.5.158 <08/18/02@04:25:58> [source] icy-name:NEWSRADIO 640 WGST (rush dr. laura kimmer) ; icy-genre:NEWS TALK <08/18/02@04:25:58> [source] icy-pub:1 ; icy-br:24 ; icy-url:http://www.wgst.com <08/18/02@04:25:58> [source] icy-irc:#shoutcast ; icy-icq:0 ; icy-aim:N/A <08/18/02@04:25:59> [dest: 205.188.234.42] starting stream (UID: 0)[L: 1] <08/18/02@04:25:59> [dest: 205.188.234.42] connection closed (0 seconds) (UID: 0)[L: 0]{Bytes: 16384} <08/18/02@04:26:00> [yp_add] yp.shoutcast.com added me successfully <08/18/02@04:28:59> [yp_tch] yp.shoutcast.com touched! <09/11/02@12:08:25> [dest: 63.236.253.100]
service full, disconnecting
Log format(s):
LOGFORMAT "<%m/%d/%y@%h:%n:%j> [dest: %s] connection
closed (%t seconds) (UID: %u)[L: %r]{Bytes: %b}
LOGFORMAT "<%m/%d/%y@%h:%n:%j> [dest: %s] starting stream (UID: %j)[L: %j] LOGFORMAT "<%m/%d/%y@%h:%n:%j> [yp_tch] yp.shoutcast.com touched! LOGFORMAT "<%m/%d/%y@%h:%n:%j> [dest: %s] service full, disconnecting LOGFORMAT "<%m/%d/%y@%h:%n:%j> [SHOUTcast] DNAS/win32 v1.8.0 (Jan 2 2001) starting up... LOGFORMAT "<%m/%d/%y@%h:%n:%j> [main] loaded config from C:\Program Files\%j\sc_serv_gui.ini LOGFORMAT "<%m/%d/%y@%h:%n:%j> [main] initializing (usermax:%j portbase:%j)... LOGFORMAT "<%m/%d/%y@%h:%n:%j> [main] No ban file found (sc_serv.ban) LOGFORMAT "<%m/%d/%y@%h:%n:%j> [main] No rip file found (sc_serv.rip) LOGFORMAT "<%m/%d/%y@%h:%n:%j> [main] opening source socket LOGFORMAT "<%m/%d/%y@%h:%n:%j> [main] source thread starting LOGFORMAT "<%m/%d/%y@%h:%n:%j> [main] opening client socket LOGFORMAT "<%m/%d/%y@%h:%n:%j> [source] listening for connection on port %j LOGFORMAT "<%m/%d/%y@%h:%n:%j> [main] Client Stream thread [%j] starting LOGFORMAT "<%m/%d/%y@%h:%n:%j> [main] client main thread starting LOGFORMAT "<%m/%d/%y@%h:%n:%j> [dest: %s] server unavailable, disconnecting LOGFORMAT "<%m/%d/%y@%h:%n:%j> [source] connected from %j LOGFORMAT "<%m/%d/%y@%h:%n:%j> [source] icy-name:NEWSRADIO 640 WGST (rush dr. laura kimmer) ; icy-genre:NEWS TALK LOGFORMAT "<%m/%d/%y@%h:%n:%j> [source] icy-pub:1 ; icy-br:24 ; icy-url:http://www.wgst.com LOGFORMAT "<%m/%d/%y@%h:%n:%j> [source] icy-irc:#shoutcast ; icy-icq:0 ; icy-aim:N/A <%m/%d/%y@%h:%n:%j> [yp_add] yp.shoutcast.com added me successfully Shoutcast (New W3C style
logging)
Sample log file lines:
#Fields: c-ip c-dns date time cs-uri-stem c-status
cs(User-Agent) sc-bytes x-duration avgbandwidth
66.156.94.18 66.156.94.18 2002-09-14 22:38:34 /stream?title=Unknown 200 iTunes%2F3%2E0%20%28Macintosh%3B%20N%3B%20PPC%29 409600 86 38096 Log format(s):
LOGFORMAT "%s %S %Y-%m-%d %h:%n:%j %r %c %u %b %j
%j"
Microsoft Windows
Media
Sample log file lines:
#Fields: c-ip date time c-dns cs-uri-stem
c-starttime x-duration c-rate c-status c-playerid c-playerversion
c-playerlanguage cs(User-Agent) cs(Referer) c-hostexe c-hostexever c-os
c-osversion c-cpu filelength filesize avgbandwidth protocol transport audiocodec
videocodec channelURL sc-bytes c-bytes s-pkts-sent c-pkts-received
c-pkts-lost-client c-pkts-lost-net c-pkts-lost-cont-net c-resendreqs
c-pkts-recovered-ECC c-pkts-recovered-resent c-buffercount c-totalbuffertime
c-quality s-ip s-dns s-totalclients s-cpu-util
203.40.128.205 2002-11-01 05:23:33 vincet
mms://media.streamtoyou.com/cog/ISDN/OT_les06.asf 166 6 1 200
{CD48B822-BB6E-11D6-A01B-DD746EAE8C33} 6.4.7.1119 en-AU
Mozilla/4.0_(compatible;_MSIE_6.0;_Windows_98;_YComp_5.0.0.0) http://www.ministerialtraining.org/VideoView.asp?ID=1&U=8&L=6&V=6&S=100
IEXPLORE.EXE 6.0.2600.0 Windows_98 4.10.0.2222 Pentium 1805 23113117 10638 mms
UDP Windows_Media_Audio_V2 Microsoft_MPEG-4_Video_Codec_V3 - 15237 0 52 37 0 0 0
0 0 0 1 0 100 65.172.162.91 - 1 0
Log format(s):
LOGFORMAT (#%j: %j)
LOGFORMAT (%s%w%Y-%m-%d%w%h:%n:%j%w%S%w%r%w%j%w%j%w%j%w%j%w%j%w%j%w%j%w%B%w%f%w%j%w%j%w%j%w%j%w%j%w%j%w%j%w%j%w%j%w%j%w%j%w%j%w%j%w%b%w%j%w%j%w%j%w%j%w%j%w%j%w%j%w%j%w%j%w%j%w%j%w%j%w%j%w%v%w%j%w%j) Notes: This is with all logging turned on except
for the Win32 status.
Microsoft SMTP
Note: Analog detects the log format
automagically since it is very similar to IIS W3C
logging.
|