[analog-help] Trouble locating duplicate fields
Aengus
analog07 at eircom.net
Mon Sep 24 05:32:27 PDT 2007
On Monday, September 24, 2007 8:14 AM [EDT],
Hunter John <John.Hunter at hiscox.com> wrote:
> I'm trying to analyze Apache logs with the following format:
>
> APACHELOGFORMAT (%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> \"%{User-Agent}i\"
> \"%{SSL_PROTOCOL}x:%{SSL_CIPHER}x:%{SSL_SESSION_ID}x\" %D %T
> \"%{Cookie}i\" %v)
>
> Analog's debug tells me that one item occurs twice in the translated
> format of:
>
> LOGFORMAT (%S %j %u [%d/%M/%Y:%h:%n:%j] "%j%w%r%wHTTP%j" %c %b "%f"
> "%B" "%j:%j:%j" %D %t "%j" %v)
>
> The only thing that seemed to be duplicated were the %D and %t fields
> so I replaced %t with %j and re-ran with the new LOGFORMAT. Analog
> now runs but the error file soon starts to fill up and every single
> line of the log is marked as corrupt. No matter what I try I don't
> seem to be able to read these logs.
>
> Can anyone tell me what I'm doing wrong please?
If you set DEBUG ON, Analog will print a line with an asterisk under the
first element of the logfile entry that it can't match to the LOGFORMAT.
Or you can post 2 or 3 sample lines here.
Aengus
More information about the analog-help
mailing list