[analog-help] ISA log files
Aimee Mandeville
aimee at edc.uri.edu
Thu May 3 06:06:16 PDT 2007
As suggested I am posting the first few lines of my log file. Any
thoughts as to why I am having trouble with this?
Thanks,
Aimee
#Software: Microsoft Internet Security and Acceleration Server 2004
#Version: 2.0
#Date: 2006-12-08 19:33:18
#Fields: c-ip cs-username c-agent date time s-computername
cs-referred r-host r-ip r-port time-taken cs-bytes
sc-bytes cs-protocol s-operation cs-uri s-object-source
sc-status rule FilterInfo cs-Network sc-Network
error-info action
131.128.90.29 anonymous Mozilla/5.0 (Windows; U; Windows NT 5.1;
en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0 2006-12-08 19:33:18
TORCHEMADA - 64.233.163.19 64.233.163.19 80 344
1431 457 http POST
http://64.233.163.19/mail/channel/bind?at=6de0c0a494221a38-10f625451f3&V
ER=2&SID=E89EEE38CCAE9D0D&RID=52656&zx=luvx6iflu6bv&t=1 Inet 200
Internal to Internet - Internal External 0x780
Allowed
68.142.212.171 anonymous Yahoo-MMCrawler/3.x (mms dash mmcrawler
dash support at yahoo dash inc dot com) 2006-12-08 19:33:22
TORCHEMADA - www.edc.uri.edu 131.128.90.11 80 15
240 182 http GET
http://131.128.90.11/riatlas/Town/Maps/small/na_forwet.GIF Inet
304 www.edc.uri.edu - External - 0x100 Allowed
-----Original Message-----
From: analog-help-bounces at lists.meer.net
[mailto:analog-help-bounces at lists.meer.net] On Behalf Of Aengus
Sent: Tuesday, May 01, 2007 2:03 PM
To: Support for analog web log analyzer
Subject: Re: [analog-help] ISA log files
Aimee Mandeville <aimee at edc.uri.edu> wrote:
> I have been trying to use Analog 6.0 to analyze our ISA log files.
> Analog seems to be recognizing the format as a W3 extended format
> because I get the following in my errors.txt file
>
> F: Opening e:\stattest\ISALOG_20070318_WEB_000.w3c as logfile
>
> F: Detect that it's in W3 extended format
>
> However I am having no luck generating statistics for these logfiles.
> I am attaching a partial txt file generated by analog. I also get the
> following message at the beginning when I first run analog.
>
> analog: Warning C: Too many arguments for configuration command:
> ignoring end
>
> of line starting:
>
> OUTFILE e:\analog 6.0\stats\Report.html
OUTFILE only takes one argument but you've given it two - e:\analog and
6.0\stats\Report.html.
Put quotes around arguments that contain spaces.
> (For help on all errors and warnings, see docs/errors.html)
>
> F: Opening errors.txt as new ERRFILE
>
> analog: Warning E: Redirecting future diagnostic messages to
> errors.txt
Analog uses the # lines at the start of a logfile with an "Extended"
format to parse the log. If you post the first few lines of your
logfile, (all the # and 2 actual lines of data), someone will suggest
what's going on. The errors.txt file that you attached shows that Analog
doesn't like you're User-Agent strings, but there's something wrong with
that interpretation because the * doesn't occur at the same location
each time.
Aengus
+-----------------------------------------------------------------------
-
| TO UNSUBSCRIBE from this list:
| http://lists.meer.net/mailman/listinfo/analog-help
|
| Analog Documentation: http://analog.cx/docs/Readme.html
| List archives: http://www.analog.cx/docs/mailing.html#listarchives
| Usenet version: news://news.gmane.org/gmane.comp.web.analog.general
+-----------------------------------------------------------------------
-
More information about the analog-help
mailing list