Hi! I chated with the Suse\Novell support. They saw the access_log lines:
192.168.254.254 - - [26/Feb/2009:11:13:45 +0200] "GET /req.png HTTP/1.0" 304 - "http://www.kalmanovitz.co.il/Analog_Report.html"; "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.18) Gecko/20081031 SUSE/2.0.0.18-0.2.1 Firefox/2.0.0.18" ::1 - - [26/Feb/2009:11:13:57 +0200] "GET /" 400 991 ::1 - - [26/Feb/2009:11:13:58 +0200] "GET /" 400 991 ::1 - - [26/Feb/2009:11:13:59 +0200] "GET /" 400 991 ::1 - - [26/Feb/2009:11:14:00 +0200] "GET /" 400 991 38.99.13.125 - - [26/Feb/2009:11:14:45 +0200] "GET /k_comm/Israel/English/Maps/Rezervations/EinHemed33/obj/pages/P7270096_jpg.htm HTTP/1.0" 200 2299 "-" "Mozilla/5.0 (Twiceler-0.9 http://www.cuil.com/twiceler/robot.html)" They said: ... this is not a second logformat, it is the HTTP status response is 400 "bad request" request, but rather a port scan, or something similar. That is why the data about the request is not logged - because there was no HTTP data available, since it wasn't an HTTP request. That will happen every time someone connects to port 80 on the server via something else than HTTP protocol... Is it any possibility to configure Analog to interpret the above in a right way? TIA Nanu >>> Stephen Turner<analog-aut...@lists.meer.net> 25/02/2009 15:07:27 >>> 2009/2/25 Aengus <analo...@eircom.net>: > On 2/25/2009 2:47 AM, Nanu Kalmanovitz wrote: > > The simple answer is that you can probably add LOGFORMAT COMMON immediately > after your LOGFORMAT COMBINED line in your analog.cfg file, and Analog will > parse both types of lines. But that won't tell you why your web server is > using two different logformats, (or whether it's recording the same request > twice). > And if it is recording the same request twice, you really don't want to do this, or you will double count everything. As Aengus says, you really need to look at what's in your logfile to diagnose it. -- Stephen Turner +------------------------------------------------------------------------ | TO UNSUBSCRIBE from this list: | http://lists.meer.net/mailman/listinfo/analog-help | | Analog Documentation: http://analog.cx/docs/Readme.html | List archives: http://www.analog.cx/docs/mailing.html#listarchives | Usenet version: news://news.gmane.org/gmane.comp.web.analog.general +------------------------------------------------------------------------ +------------------------------------------------------------------------ | TO UNSUBSCRIBE from this list: | http://lists.meer.net/mailman/listinfo/analog-help | | Analog Documentation: http://analog.cx/docs/Readme.html | List archives: http://www.analog.cx/docs/mailing.html#listarchives | Usenet version: news://news.gmane.org/gmane.comp.web.analog.general +------------------------------------------------------------------------
