William D. Colburn (aka Schlake) ([EMAIL PROTECTED]; Monday, February 10, 2003 9:51 AM):
> Our webserver was recently forced behind a firewall. We got them to > forward the ip addresses of the client to us, but they sometimes come in > multiples. So, instead of a single hostname we got a comma seperated > list of hostnames in the logs, and analog tags it as a corrupt line. > I've searched around for way to make analog parse this, but I can't find > anything. Surely we aren't the first people to encounter this? > Here is what the normal line looks like, followed by what the > multiple-host lines look like: > <hostnameofproxy> <ipaddr> - - <etc> > <hostnameofproxy> <ipaddr>, <ipaddr> - - <etc> > <hostnameofproxy> <ipaddr>, <ipaddr>, <ipaddr> - - <etc> Analog assumes a single host for a single request. That's pretty much the way TCP/IP works (not to mention HTTP). So I'm not sure how your firewall is assigning multiple IP numbers (unless it's including some back-traceroute or something). Given the log format you've shown, I don't know that there is anyway to get Analog to recognize those lines, except by making a special case for each one. Start with the LOGFORMAT lines in http://analog.cx/docs/logfmt.html near the bottom that match your log files (e.g. Combined, or Common) and modify them as below: LOGFORMAT %j %S %j %u [%d... LOGFORMAT %j %j, %S %j %u [%d... LOGFORMAT %j %j, %j, %S %j %u [%d... LOGFORMAT %j %j, %j, %j, %S %j %u [%d... Of course, this assumes that the last IP listed is the true host. You may have to do some investigation of specific requests to figure out which one to insert %S at. -- Jeremy Wadsack Wadsack-Allen Digital Group +------------------------------------------------------------------------ | TO UNSUBSCRIBE from this list: | http://lists.isite.net/listgate/analog-help/unsubscribe.html | | Digest version: http://lists.isite.net/listgate/analog-help-digest/ | Usenet version: news://news.gmane.org/gmane.comp.web.analog.general | List archives: http://www.analog.cx/docs/mailing.html#listarchives +------------------------------------------------------------------------
