Michael.Leung at networksolutions
Dec 1, 2008, 1:12 PM
Post #2 of 2
(633 views)
Permalink
|
|
RE: Need help to retrieve (and correct) all reports (need help on LOGFORMAT)
[In reply to]
|
|
Aengus,
> What didn't look right? Analog won't convert IP addresses into
Hostnames automatically, so the Domain Report will be based purely on IP
numbers, unless you set up DNS lookups. The reports also have certain
"floors", and they don't show information that falls below those
"floors", so for a report on a small logfile, you might not see entries
for addresses that you expect to see.
The below is what we see for the Domain Report, but it is not what we
are expecting.
Listing domains, sorted by the amount of traffic.
reqs %bytes domain
655193 100% [unresolved numerical addresses]
Even it is entirely based on IP numbers, I should see a list of several
IP addresses, instead of what we have now.
> Almost right. The LOGFORMAT string has to be delimited (usually with
() ) and the Browser string is usually indicated with %B, but %A seems
to work too.
>
>
> LOGFORMAT (%s - %u [%d/%M/%Y:%h:%n:%j %j] "%j %r %j" %c %b "%f" "%B"
"%j" "%j" "-")
Actually, that's what I had been using:
LOGFORMAT (%s - %u [%d/%M/%Y:%h:%n:%j %j] "%j %r %j" %c %b "%f" "%A"
"%j" "%j" "-")
But when I am using the above, instead of letting analog to use its
auto-detect, I got the following error message in the output:
analog: Warning L: Large number of corrupt lines in logfile
/source_data1/weblog/datafiles/1.log: turn debugging on or try
different
LOGFORMAT
(For help on all errors and warnings, see docs/errors.html)
Current logfile format:
%S - %j [%d/%M/%Y:%h:%n:%j %j] "%j %r %j" %c %b "%f" "%A" "%j"
"%j" "-"\n
what does it mean? Does it mean that I should this suggested format?
I actually tried to use this:
LOGFORMAT (%S - %j [%d/%M/%Y:%h:%n:%j %j] "%j %r %j" %c %b "%f" "%A"
"%j" "%j" "-")
However, I still am getting error message, "analog: Warning L: Large
number of corrupt lines in logfile".
> Can you describe the problem that you are having with the reports in
greater detail?
The Domain report is one issue. And then, some of the "search" reports
are turn off.
analog: Warning R: Turning off empty Search Query Report
analog: Warning R: Turning off empty Search Word Report
analog: Warning R: Turning off empty Internal Search Query Report
analog: Warning R: Turning off empty Internal Search Word Report
how do I verify if we have any data for these reports?
thanks
Michael
"Aengus" <analog07-zLKRkbt3P8esTnJN9+BGXg [at] public> wrote in
message news:3417A935ACCD467D95C6504F2364996C [at] WC515ALawlo
> Leung, Michael
<Michael.Leung-k7QPB+T73Rje9wHmmfpqLFaTQe2KTcn/@public.gmane.org> wrote:
>> Dear Analog experts,
>>
>> The following is an example of the log along with the description:
>>
>> format=%Ses->client.ip% - %Req->vars.auth-user% [%SYSDATE%]
>> "%Req->reqpb.clf-request%" %Req->srvhdrs.clf-status%
>> %Req->srvhdrs.content-length% "%Req->headers.referer%"
>> "%Req->headers.user-agent%" "%Req->headers.cookie.vrsnsf%"
>> "%Req->headers.cookie.JSESSIONID%" "%Req->headers.cookie.landing%"
>>
>> 205.178.191.170 - - [23/Nov/2008:00:01:01 -0500] "GET
>> /manage-it/hosting-overview.jsp HTTP/1.1" 200 55065
>>
"https://www.networksolutions.com/manage-it/private-registration-splash.
>> jsp" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.18)
>> Gecko/20081029 Firefox/2.0.0.18" "4b31b171ac7c472da07cff3748a69"
>> "c7b881bcf1fcfffffffffe5edf3cd514469c" "-"
>>
>>
>> If I don't specify a LOGFORMAT, it won't complaint, but some of the
>> reports don't seem to giving any meaning data. For example, Domain
>> report doesn't seem right.
>
> What didn't look right? Analog won't convert IP addresses into
Hostnames automatically, so the Domain Report will be based purely on IP
numbers, unless you set up DNS lookups. The reports also have certain
"floors", and they don't show information that falls below those
"floors", so for a report on a small logfile, you might not see entries
for addresses that you expect to see.
>
>> Based on what I read, I tried to use the following LOGFORMAT
>> statement, but it complaints something wrong about it.
>>
>> LOGFORMAT %s - %u [%d/%M/%Y:%h:%n:%j %j] "%j %r %j" %c %b "%f" "%A"
>> "%j" "%j" "-"
>
> Almost right. The Logformat string has to be delimited (usually with
() ) and the Browser string is usually indicated with %B, but %A seems
to work too.
>
>
> LOGFORMAT (%s - %u [%d/%M/%Y:%h:%n:%j %j] "%j %r %j" %c %b "%f" "%B"
"%j" "%j" "-")
>
>> Can someone give me some suggestion? First, what wrong with my
>> LOGFORMAT statement? Why some of the reports didn't give meaningful
>> information?
>
> Can you describe the problem that you are having with the reports in
greater detail?
>
> Aengus
>
>
+-----------------------------------------------------------------------
-
> | TO UNSUBSCRIBE from this list:
> | http://lists.meer.net/mailman/listinfo/analog-help
> |
> | Analog Documentation: http://analog.cx/docs/Readme.html
> | List archives: http://www.analog.cx/docs/mailing.html#listarchives
> | Usenet version: news://news.gmane.org/gmane.comp.web.analog.general
>
+-----------------------------------------------------------------------
-
>
+------------------------------------------------------------------------
| TO UNSUBSCRIBE from this list:
| http://lists.meer.net/mailman/listinfo/analog-help
|
| Analog Documentation: http://analog.cx/docs/Readme.html
| List archives: http://www.analog.cx/docs/mailing.html#listarchives
| Usenet version: news://news.gmane.org/gmane.comp.web.analog.general
+------------------------------------------------------------------------
|
