analog07 at eircom
Oct 8, 2008, 8:58 AM
Post #2 of 2
(374 views)
Permalink
|
Terry Chambers <terry.chambers[at]gmail.com> wrote:
>> Hello
>>
>> Here is an example entry:
>>
>> https-www-80 - 127.0.0.1 - - [06/Oct/2008:16:00:01 -0700] "GET
>> /servlet/SG/update/ucv=1.1&version=9.99&language=enu HTTP/1.0" 404
>> 292 - "-" "Mozilla/1.22 (Windows; U; 32bit)"
>>
>> I tried the following two LOGFORMAT settings and an error was
>> flagged at "GET.
>>
>> LOGFORMAT (%S - %s - - [%d/%M/%Y:%h:%n:%j %j] "%r" %c %b %S "%f" "%B"
>> LOGFORMAT (%S - %s - - [%d/%M/%Y:%h:%n:%j %j] "GET %r" %c %b %S "%f"
>> "%B"
LOGFORMAT (%j - %s %j[%d/%M/%Y:%h:%n:%j] "%j %r %j" %c %b %v "%f" "%B")
I'm assuming that https-www-80 is an internal server name, and not terribly relevant (therefor %j), and that the 127.0.0.1 is in fact the IP address that the request came from (therefore %s) and that %Req->headers.host% is the "host header" sent by the browser to allow a single IP address to be used for multiple virtual websites (therefore %v, though you won't see anything from this unless you turn on some of the Virtual Host reports).
The character after the IP address is a space, and then everything until the timestamp is junk, so it's "%s %j[" rather than "%s - - [", but either style will do.
Aengus
+------------------------------------------------------------------------
| TO UNSUBSCRIBE from this list:
| http://lists.meer.net/mailman/listinfo/analog-help
|
| Analog Documentation: http://analog.cx/docs/Readme.html
| List archives: http://www.analog.cx/docs/mailing.html#listarchives
| Usenet version: news://news.gmane.org/gmane.comp.web.analog.general
+------------------------------------------------------------------------
|
