[analog-help] Only include logs that has a certain string
Aengus
analog07 at eircom.net
Thu Nov 29 08:33:34 PST 2007
Stephen Turner <analog-author at lists.meer.net> wrote:
> On 28/11/2007, Aengus <analog07 at eircom.net> wrote:
>> On Wednesday, November 28, 2007 6:43 PM [EDT],
>> Ridwan <ridwan at chemwatch.net> wrote:
>>
>
>> I'm sure that there's a better way, but the first thing that coes to
>> mind is a slightly convoluted process using a FILEALIAS.
>>
>> FILEALIAS *.cgi?*mnphmf* $1.abc?$2mnphmf$3
>>
>> will take all calls to your script and convert the script extension
>> to .abc, if and only if that particular line includes the string you
>> care about. Then if you use
>>
>> FILEINCLUDE *.abc*
>>
>> analog will report on just those lines.
>>
>
> I think you're interpreting the question differently from me, Aengus.
> For finding a specific user,
> FILEINCLUDE *mnphmf*
> should work fine.
That's what I thought - but it didn't work that way for me.
The documenation for REQINCLUDE in http://analog.cx/docs/args.html says "in the Request Report files with arguments are only included if their parent file is included". Even though this shouldn't directly apply to FILEINCLUDE (because the stem of a query is always displayed in the Request Report, even if it only occurs with a query string), it looks as though this is coming into play here.
Here's a one line log file:
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2007-09-19 00:00:19
#Fields: date time c-ip cs-method cs-uri-stem cs-uri-query sc-status
2007-09-19 00:16:20 127.0.0.1 GET /test/test.asp PageNo=2&Order=DESC&Display=0 200
If I call analog with these parameters, I get a Request Report that shows the Request, with the args listed on a 2nd line:
analog test.log +C"reqfloor 1r" +C"reqargsfloor 1r"
If I call analog with this additional parameter, I get an empty report:
analog test.log +C"reqfloor 1r" +C"reqargsfloor 1r" +C"FILEINCLUDE *DESC*"
Aengus
More information about the analog-help
mailing list