Hi all,
I'm trying to get analog to parse logfiles from a linux server I'm
administering.
The log lines are typically something like this:
axxxxxxxxxx.uk: [13/Feb/2009:00:44:17 +0000] 24.210.252.186 - - "GET
/dbugarchive.png HTTP/1.1" 200 7296 "http://axxxxxxxxxx.uk/" "Mozilla/5.0
(Windows; U; Windows NT 5.1; en-US; rv:1.8.1.18) Gecko/20081029
Firefox/2.0.0.18"
Analog can't parse these logfiles, so I tried to use logformat. After
reading the manual, I came up with this line, which I put into analog.cfg:
LOGFORMAT (%v: [%d/%M/%Y:%h:%n:%j %j] %S - - "%j %r %j" %c - "-" "%B")
However, this resulted in lots of output lines like the following:
analog: Warning L: Large number of corrupt lines in logfile
a8archivelogs\ex090301.log.bz2: turn debugging on or try different
LOGFORMAT
Current logfile format:
%v: [%d/%M/%Y:%h:%n:%j %j] %S - - "%j %r %j" %c - "-" "%B"\n
I really don't know what's happening here. Is my logformat wrong? Are there
lines in the logs that aren't like the one I posted above?
Any help would be appreciated!
--
View this message in context: http://www.nabble.com/LOGFORMAT-assistance-please%21-tp22279385p22279385.html
Sent from the Analog Users mailing list archive at Nabble.com.
+------------------------------------------------------------------------
| TO UNSUBSCRIBE from this list:
| http://lists.meer.net/mailman/listinfo/analog-help
|
| Analog Documentation: http://analog.cx/docs/Readme.html
| List archives: http://www.analog.cx/docs/mailing.html#listarchives
| Usenet version: news://news.gmane.org/gmane.comp.web.analog.general
+------------------------------------------------------------------------
I'm trying to get analog to parse logfiles from a linux server I'm
administering.
The log lines are typically something like this:
axxxxxxxxxx.uk: [13/Feb/2009:00:44:17 +0000] 24.210.252.186 - - "GET
/dbugarchive.png HTTP/1.1" 200 7296 "http://axxxxxxxxxx.uk/" "Mozilla/5.0
(Windows; U; Windows NT 5.1; en-US; rv:1.8.1.18) Gecko/20081029
Firefox/2.0.0.18"
Analog can't parse these logfiles, so I tried to use logformat. After
reading the manual, I came up with this line, which I put into analog.cfg:
LOGFORMAT (%v: [%d/%M/%Y:%h:%n:%j %j] %S - - "%j %r %j" %c - "-" "%B")
However, this resulted in lots of output lines like the following:
analog: Warning L: Large number of corrupt lines in logfile
a8archivelogs\ex090301.log.bz2: turn debugging on or try different
LOGFORMAT
Current logfile format:
%v: [%d/%M/%Y:%h:%n:%j %j] %S - - "%j %r %j" %c - "-" "%B"\n
I really don't know what's happening here. Is my logformat wrong? Are there
lines in the logs that aren't like the one I posted above?
Any help would be appreciated!
--
View this message in context: http://www.nabble.com/LOGFORMAT-assistance-please%21-tp22279385p22279385.html
Sent from the Analog Users mailing list archive at Nabble.com.
+------------------------------------------------------------------------
| TO UNSUBSCRIBE from this list:
| http://lists.meer.net/mailman/listinfo/analog-help
|
| Analog Documentation: http://analog.cx/docs/Readme.html
| List archives: http://www.analog.cx/docs/mailing.html#listarchives
| Usenet version: news://news.gmane.org/gmane.comp.web.analog.general
+------------------------------------------------------------------------