[analog-help] Re: Analog-GeoIP and DNS lookup combat.

Aengus analog07 at eircom.net
Mon Apr 21 05:51:45 PDT 2008 

<ravikumar at staff.ownmail.com> said:
> Hey guys,
>              You all are very-much aware that Analog is a web log
> analyzer.So I think it is of very interest that people from which
> region of world has accessed your site. GeoIP resolution has
> it's own significance if you are dealing with some professional
> stuff.
>             I want to make clear that ,those who are interested in
> Browser-report or OS-report should not follow this patch.
>             After thinking over every possible way I choose to
> replace OS-report and Browser-report with GeoIP-report.
> "Aengus" suggested to use DNS look-up for GeoIP resolution
> as alternate and easy way but, the problem with it is that it
> affects the following reports and you probably would have
> to sacrifice all of them.
>
> 1> Host Report ,Host Redirection Report, Host Failure Report :
> It will show garbage Country and City information lines from
> DNS look-up file.
> 2> Organisation Report : It will show garbage Cou! ntry and
> City information lines from DNS look-up file.
> 3> Domain Report : It will show garbage Country and City
> information lines from DNS look-up file.
> 4> Virtual Host Report,Virtual Host Redirection Report,Virtual
> Host Failure Report : It will show garbage Country and City
> information lines from DNS look-up file.

You have to sacrifice something to get the GeoIP information into your 
Analog reports - you chose to sacrifice the Browser and OS information, 
and the advantage of using a single version of Analog. Or you can add 
GeoIP information to the Host address, and use the reports that are 
associated with IP names and addressesto display the information. The 
Domain and Organization Reports only show "garbage" if you consider the 
GeoIP information to be "garbage" - and you would hardly bother doing this 
if you considered the GeoIP data to be "garbage". If you have a lot of 
international visitors, the Domain report is already a long list of 
countries - that's the very reason why the Domain report is a natural 
place for displaying this information - add SUBDOMAIN *.* and you can see 
city and country information instead of just Country information.

The other advantage of this approach is that Analog is already designed to 
cache this type of information in user defined locations (DNSFILE) so 
switching back and forth between between the GeoIP and the "clean" reports 
is easy. A GeoIP script that would go through a log file and create a 
DNSFILE would provide a very simple way for users to look at the GeoIP 
data, and decide whether it is of any real value (given the already 
discussed weakness of the actual data).

As I said, there are cosmetic advantages to your approach - Domain and 
Host reports are case insensitive, and places names with spaces probably 
wouldn't work. But you had to modify the Analog source and recompile to 
get this to work - similar modifications would fix the cosmetic issue for 
the Domain approach.

This isn't a criticism of the work you've done, or the decisions that you 
made. I was prompted to respond by Paul Wades concern that your approach 
doesn't work well for most Windows users who don't have the tools or 
skills needed to recompile Analog. In those circumstances, the reports 
that are based on IP information are a more obvious choice for displaying 
GeoIP information.

Aengus

More information about the analog-help mailing list