Mailing List Archive: Trouble interpreting log / Getting User Report

Hi Guys - sorry if this is a dupe, but my emails seem to be getting
bounced.

Analog isn't producing a User Report and I find this message in the
error report:

C:\Documents and Settings\msummerfield\My Documents\Analog\analog

6.0\analog.exe: Warning R: Turning off empty User Report

I'm guessing Analog isn't finding the %u variable in my logformat
statement

This one includes the user, mhurley:

2007-12-10 20:40:37 W3SVC1 APOLLO 192.168.32.134 GET
/include/styles/author.css - 80 - 66.250.5.66 HTTP/1.1
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.432
2;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30) mhurley
http://www.riedthunberg.com/headlines/reload_headlines.aspx
www.riedthunberg.com 200 0 0 445 651 62

I've interpreted it as:

LOGFORMAT (%Y-%m-%d %h:%n:%j %j %S %j %j - %j - %s %j %A %u %r %j %j %j
%j %j %j)

I'm currently running Analog as:

DEBUG ON

LOGFORMAT (%Y-%m-%d %h:%n:%j %j %S %j %j - %j - %s %j %A %u %r %j %j %j
%j %j %j)

LOGFILE 'Z:\Web Traffic\RiedThunberg.com\logfiles\0712\*.rti'

OUTFILE 'Z:\Michael\RTI Web Traffic\200712\report.htm'

HOSTNAME "WWW.riedthunberg.com"

ERRFILE errors.txt

ALL ON

SETTINGS ON

... And there are many other report-specific commands as well following
this entry.

There is a second log format I discovered while trying to figure out how
to get the User Report which I've ignored so far:

2007-12-10 13:51:30 W3SVC1 192.168.32.134 GET /include/images/logo.gif -
80 - 204.179.96.51
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322)
200 0 0

I can interpret this one as:

LOGFORMAT (%Y-%m-%d %h:%n:%j %S %j %j - %j - %s %j %j %j)

Should I list both formats? Have I misinterpreted the log entry? I run
reports on another site using Analog with no issues.

Thanks very much for your insights,

Michael Summerfield

Manager, Sales & Support

ICAP Independent Research Cos.

212-815-6553

**********************************************************************
This communication and all information (including, but not limited to,
market prices/levels and data) contained therein (the "Information") is
for informational purposes only, is confidential, may be legally
privileged and is the intellectual property of ICAP plc and its affiliates
("ICAP") or third parties. No confidentiality or privilege is waived or
lost by any mistransmission. The Information is not, and should not
be construed as, an offer, bid or solicitation in relation to any
financial instrument or as an official confirmation of any transaction.
The Information is not warranted, including, but not limited, as to
completeness, timeliness or accuracy and is subject to change
without notice. ICAP assumes no liability for use or misuse of the
Information. All representations and warranties are expressly
disclaimed. The Information does not necessarily reflect the views of
ICAP. Access to the Information by anyone else other than the
recipient is unauthorized and any disclosure, copying, distribution or
any action taken or omitted to be taken in reliance on it is prohibited. If
you receive this message in error, please immediately delete it and all
copies of it from your system, destroy any hard copies of it and
notify the sender.
**********************************************************************

Michael Summerfield <msummerfield@wrightson.com> wrote:
>
> I'm guessing Analog isn't finding the %u variable in my logformat
> statement
>
> This one includes the user, mhurley:
>
> 2007-12-10 20:40:37 W3SVC1 APOLLO 192.168.32.134 GET
> /include/styles/author.css - 80 - 66.250.5.66 HTTP/1.1
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.432
> 2;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30) mhurley
> http://www.riedthunberg.com/headlines/reload_headlines.aspx
> www.riedthunberg.com 200 0 0 445 651 62
>
> I've interpreted it as:
>
> LOGFORMAT (%Y-%m-%d %h:%n:%j %j %S %j %j - %j - %s %j %A %u %r %j %j
> %j %j %j %j)
That LOGFORMAT doesn't match the log entry. Your LOGFORMAT has 4 fields between the time and the first -, but the log entry has 5.

Changing the LOGFORMAT to

LOGFORMAT (%Y-%m-%d %h:%n:%j %j %j %S %j %j - %j - %s %j %A %u %r %j %j %j %j %j %j)

generates a User Report for your sample line.

But I don't think that LOGFORMAT is correct - the first %S looks like your servers address, rather than the remote address. %s (lowercase) is only used if %S (uppercase) is blank. And I'm pretty sure that that particular entry is a request for /include/styles/author.css , and that http://www.riedthunberg.com/headlines/reload_headlines.aspx is actually the referrer (%f), not the request (%r)

I'd try

LOGFORMAT (%Y-%m-%d %h:%n:%j %j %j %j %j %r - %j - %S %j %A %u %f %j %c %j)

instead (no need for trailing %js). This also gets the status code of the request, so that you can tell failures from successes.

> There is a second log format I discovered while trying to figure out
> how to get the User Report which I've ignored so far:
>
> 2007-12-10 13:51:30 W3SVC1 192.168.32.134 GET
> /include/images/logo.gif - 80 - 204.179.96.51
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322)
> 200 0 0
>
> I can interpret this one as:
>
> LOGFORMAT (%Y-%m-%d %h:%n:%j %S %j %j - %j - %s %j %j %j)

LOGFORMAT (%Y-%m-%d %h:%n:%j %j %j %j %r - %j - %S %A %c %j)

> Should I list both formats?

If you're using both logfiles, you'll need to list both logformats.

Aengus

+------------------------------------------------------------------------
| TO UNSUBSCRIBE from this list:
| http://lists.meer.net/mailman/listinfo/analog-help
|
| Analog Documentation: http://analog.cx/docs/Readme.html
| List archives: http://www.analog.cx/docs/mailing.html#listarchives
| Usenet version: news://news.gmane.org/gmane.comp.web.analog.general
+------------------------------------------------------------------------