[analog-help] is it me or analog 6?

kjc ckevinj at gmail.com
Fri Sep 8 08:24:44 PDT 2006 

I have been over this and over this, and whittled my log file down to a
single line to try and make it easy to analyze.
I swear, analog is ignoring my LOGFORMAT and APACHEDEFAULTLOGFORMAT entries
in my cfg file.
Either that or I'm seriously blind and screwed it up. So I'm resorting to
the list for help.

I collect web server logs from multiple servers via syslog-ng. So already
things are difficult.
syslog-ng will cut an entry off after so many characters so I configure
Apache to not log the date. I will also need to get analog to parse
syslog'ed IIS logs, but that is after this works right.

Here is a log entry:
Sep  5 2006 08:37:10 server1 apache: [ID 702911 local7.info]
10.10.10.116mlanli "GET /cams/check_passwd.jsp?www-
d.testdomain.test%3A1532%2Fhtmldb%2Fplsql%2Ff%3Fp%3D4550%3A1%3A1994113970140610611%3A%3A%3A%3AFSP_AFTER_LOGIN_URL%3Af%3Fp%3D4350%7C1%7C4376866936419390396&cams_server=issauthd1.jsc.nasa.govHTTP/1.1"
200 - 0 "-" "Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 5.1; SV1; company Kit; .NET CLR 1.1.4322)"

Here is my config, and the output of my running analog.
See how it ignores my FORMAT entry and tries to grab the hour as the host?
This is an improvement, it was grabbing the day-of-month.
I'm running on Solaris 10.

Please oh please oh please help. Thanks!

CFG:
DEBUG ON
WARNINGS ON
CASE INSENSITIVE
REQUEST ON
DIRFLOOR 100r
DIRSORTBY REQUESTS
MONTHLY ON
DIRECTORY ON
HOST ON
DOMAIN ON
HOSTEXCLUDE 10.1.3.
FAILURE ON
REFERER ON
SUBDIRFLOOR 100r
SUBDIRSORTBY REQUESTS
FILEALIAS */act/* /act/
FILEALIAS */ifi/* /IFI/
HOSTNAME www-d
HOSTURL http://www-d.testdomain.test/
LANGUAGE US-ENGLISH
APACHEDEFAULTLOGFORMAT (%M  %d %Y %h:%n:%j] %S %u \"%r\" %c %b %T \"%f\"
\"%B\")
LOGFILE unix.log
OUTFILE /systems/webreports/test/index.html


# ./analog
./analog: analog version 6.0/Unix
F: Closing configuration file /admin/src/analog-6.0/analog.cfg
F: Opening /admin/src/analog-6.0/lang/us.lng as language file
F: Closing language file /admin/src/analog-6.0/lang/us.lng
F: Opening /admin/src/analog-6.0/lang/usdom.tab as domains file
F: Closing domains file /admin/src/analog-6.0/lang/usdom.tab
F: Opening /admin/src/analog-6.0/lang/usdesc.txt as report descriptions file
F: Closing report descriptions file /admin/src/analog-6.0/lang/usdesc.txt
F: Opening /admin/src/analog-6.0/unix.log as logfile
F: Closing logfile /admin/src/analog-6.0/unix.log
S: Successful requests: 1
S: Redirected requests: 0
S: Failed requests: 0
S: Requests returning informational status code: 0
S: Status code not given: 0
S: Unwanted lines: 0
S: Corrupt lines: 0
S: No times in logfile
F: Opening /systems/webreports/test/index.html as output file
./analog: Warning R: Turning off empty time reports
  (For help on all errors and warnings, see docs/errors.html)
./analog: Warning R: Turning off empty Failure Report
V: 08
./analog: Warning R: Turning off empty Referrer Report
./analog: Warning R: Turning off empty Search Word Report
./analog: Warning R: Turning off empty Operating System Report
./analog: Warning R: Turning off empty Status Code Report
V: 08
./analog: Warning R: In Domain Report, turning off empty pie chart
./analog: Warning R: In Organisation Report, turning off pie chart of only
one
  wedge
./analog: Warning R: In Host Report, turning off pie chart of only one wedge
./analog: Warning R: In File Size Report, turning off pie chart of only one
  wedge
./analog: Warning R: In File Type Report, turning off empty pie chart
./analog: Warning R: In Directory Report, turning off pie chart with no
wedges
./analog: Warning R: In Request Report, turning off pie chart with no wedges
F: Closing /systems/webreports/test/index.html



So..... I've messed around a little with the logfile (cleaned it up, filled
in referer with something), the cfg (trying %s for IP instead of host), and
get a little bit different results. It seems to barf on the first dot in the
IP address of the client (in case the mail doesn't line it up right).
APACHEDEFAULTLOGFORMAT (%M  %d %Y %h:%n:%j] %s %u \"%r\" %c %b %T \"%f\"
\"%B\")

Sep  5 2006 08:37:10 server1 apache: [ID 702911 local7.info]
10.10.10.116mlanli "GET /cams/check_passwd.jsp HTTP/1.1" 200 1206 0 "
http://www.nowhere.test/prelink" "Mozilla/4.0 (compatible; MSIE 6.0; Windows
NT 5.1; SV1; company Kit; .NET CLR 1.1.4322)"



# ./analog
./analog: analog version 6.0/Unix
F: Closing configuration file /admin/src/analog-6.0/analog.cfg
F: Opening /admin/src/analog-6.0/lang/us.lng as language file
F: Closing language file /admin/src/analog-6.0/lang/us.lng
F: Opening /admin/src/analog-6.0/lang/usdom.tab as domains file
F: Closing domains file /admin/src/analog-6.0/lang/usdom.tab
F: Opening /admin/src/analog-6.0/lang/usdesc.txt as report descriptions file
F: Closing report descriptions file /admin/src/analog-6.0/lang/usdesc.txt
F: Opening /admin/src/analog-6.0/unix.log as logfile
C: Sep  5 2006 08:37:10 server1 apache: [ID 702911 local7.info]
10.10.10.116mlanli "GET /cams/check_passwd.jsp HTTP/1.1" 200 - 0 "
http://www.nowhere.test/prelink" "Mozilla/4.0 (compatible; MSIE 6.0; Windows
NT 5.1; SV1; company Kit; .NET CLR 1.1.4322)"
C:                                                                 *
F: Closing logfile /admin/src/analog-6.0/unix.log
S: Successful requests: 0
S: Redirected requests: 0
S: Failed requests: 0
S: Requests returning informational status code: 0
S: Status code not given: 0
S: Unwanted lines: 0
S: Corrupt lines: 1




-- 
-Kevin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.meer.net/pipermail/analog-help/attachments/20060908/b03023e7/attachment.html

More information about the analog-help mailing list