Huh???
There is no format - it's all just free form text.
-L | --use-syslog=facility
Use this parameter to send log messages to the system log instead
of
stdout.
-L and the simple form --use-syslog use the default log
facility,
defined as LOG_DAEMON in the #define symbol DEFAULT_SYSLOG_FACILITY
in
globals-defines.h.
The complex form, --use-syslog=facility will set the log facility
to
whatever value (e.g. local3, security) you specify. The = is
REQUIRED
and no spaces are allowed!
This setting applies both to ntop and to any child fork()ed
for
reporting. If this parameter is not specified, any fork()ed
child
will use the default value and will log ita?Ts messages to the
system
log (this occurs because the fork()ed child must give up ita?Ts
access
to the parents stdout).
Because various systems do not make the permissible names
available,
we have a table at the end of globals-core.c. Look for
myFacility-
Names.
Right???
So it's just entries that look like this:
Mar 11 21:10:28 tigger ntop[23082]: RRD: Locking mutex (may block for a
little while)
Mar 11 21:10:28 tigger ntop[23082]: RRD: Locked mutex, continuing shutdown
Mar 11 21:10:28 tigger ntop[23082]: RRD: killThread() succeeded
Mar 11 21:10:28 tigger ntop[23082]: RRD: Thanks for using the rrdPlugin
Mar 11 21:10:28 tigger ntop[23082]: RRD: Done
Mar 11 21:10:28 tigger ntop[23082]: ICMP: Thanks for using icmpWatch
Mar 11 21:10:28 tigger ntop[23082]: ICMP: Done
Mar 11 21:10:28 tigger ntop[23082]: CLEANUP: Freeing device eth1 (idx=0)
Mar 11 21:10:28 tigger ntop[23082]: STATS: 5,114 packets received by
filter on eth1
Mar 11 21:10:28 tigger ntop[23082]: STATS: 0 packets dropped (according to
libpcap)
Mar 11 21:10:28 tigger ntop[23082]: STATS: 0 packets dropped (by ntop)
Mar 11 21:10:28 tigger ntop[23082]: TERM: Removed pid file
(/usr/share/ntop/ntop.pid)
Are you sure you're not thinking of -a???
-a | --access-log-file
By default ntop does not maintain a log of HTTP requests to the
inter-
nal web server. Use this parameter to request logging and to
specify
the location of the file where these HTTP requests are logged.
Each log entry is in Apache-like style. The only difference
between
Apache and ntop logs is that an additional column has been added
which
has the time (in milliseconds) that ntop needed to serve the
request.
Log entries look like this:
192.168.1.1 - - [04/Sep/2003:20:38:55 -0500] - "GET / HTTP/1.1" 200
1489 4
192.168.1.1 - - [04/Sep/2003:20:38:55 -0500] - "GET /index_top.html
HTTP/1.1" 200 1854 4
192.168.1.1 - - [04/Sep/2003:20:38:55 -0500] - "GET
/index_inner.html HTTP/1.1" 200 1441 7
192.168.1.1 - - [04/Sep/2003:20:38:56 -0500] - "GET /index_left.html
HTTP/1.1" 200 1356 4
192.168.1.1 - - [04/Sep/2003:20:38:56 -0500] - "GET /home_.html
HTTP/1.1" 200 154/617 9
192.168.1.1 - - [04/Sep/2003:20:38:56 -0500] - "GET /home.html
HTTP/1.1" 200 1100/3195 10
192.168.1.1 - - [04/Sep/2003:20:38:56 -0500] - "GET /About.html
HTTP/1.1" 200 2010 10
This parameter is the complete file name of the access log. In
prior
releases it was erroneously called --access-log-path.
-----Burton
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> Daniel Circelli
> Sent: Friday, March 12, 2004 11:08 AM
> To: [EMAIL PROTECTED]
> Subject: [Ntop] Log File Headings
>
>
>
> I've been struggling for a while now to try and find some additional
> info on the log file that ntop creates when using the -L option. The
> number of headings doesn't match up with the number of columns so I
> can't figure out which column corresponds to which heading. I'm trying
> to use this log file for generating some reports on my network's
> activity and there are some funny looking numbers, but I can't figure
> out what they even are because I don't know which heading they belong
> under.
>
> Thanks
>
>
> _______________________________________________
> Ntop mailing list
> [EMAIL PROTECTED]
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop
