Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Analog>
  3. Help
Help with log format
dhough at ou
Jul 8, 2009, 2:09 PM
Post #1 of 4 (3273 views)
Permalink
I am trying to follow the CIS Security Configuration Benchmark for
Apache Web Server 2.2.0. I have a new apache install using RedHat EL
5.3. The httpd version is 2.2.3. The configuration benchmark
recommends adding a parameter to the combined log file for Accept. The
line I am using is:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Accept}i\" \"%{Referer}i\"
\"%{User-Agent}i\"" combined

I am unable to find a parameter in the Analog documentation that
matches. I tried using this line in my analog.cfg, following the
instruction in the web documentation:

APACHELOGFORMAT (%h %l %u %t \"%r\" %>s %b \"%{Accept}i\" \"%{Referer}i
\" \"%{User-Agent}i\")

but that results in a Turning off empty time reports message and no
lines are read.

Here is a sample of the log file:

obshough.bio.ou.edu - - [07/Jul/2009:15:52:14 -0500] "GET /opportun.html
HTTP/1.
1" 200 7541 "text/html,application/xhtml
+xml,application/xml;q=0.9,*/*;q=0.8" "h
ttp://pincel.ou.edu/" "Mozilla/5.0 (X11; U; Linux i686; en-US;
rv:1.9.0.11) Geck
o/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11"


Is analog able to read log files in this format? Can it analyze the
accept parameter? What is the proper LOGFORMAT statement?

Any help would be appreciated.

Dan

--
Dan Hough email:dhough@ou.edu
Oklahoma Biological Survey
Norman, OK 73019

+------------------------------------------------------------------------
| TO UNSUBSCRIBE from this list:
| http://lists.meer.net/mailman/listinfo/analog-help
|
| Analog Documentation: http://analog.cx/docs/Readme.html
| List archives: http://www.analog.cx/docs/mailing.html#listarchives
| Usenet version: news://news.gmane.org/gmane.comp.web.analog.general
+------------------------------------------------------------------------
Re: Help with log format [ In reply to ]
roger at roger-beaumont
Jul 8, 2009, 2:43 PM
Post #2 of 4 (3176 views)
Permalink
Dan Hough wrote:
> I am trying to follow the CIS Security Configuration Benchmark for
> Apache Web Server 2.2.0. I have a new apache install using RedHat EL
> 5.3. The httpd version is 2.2.3. The configuration benchmark
> recommends adding a parameter to the combined log file for Accept. The
> line I am using is:
>
> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Accept}i\" \"%{Referer}i\"
> \"%{User-Agent}i\"" combined
>
> I am unable to find a parameter in the Analog documentation that
> matches. I tried using this line in my analog.cfg, following the
> instruction in the web documentation:
>
> APACHELOGFORMAT (%h %l %u %t \"%r\" %>s %b \"%{Accept}i\" \"%{Referer}i
> \" \"%{User-Agent}i\")

Just a guess, but the quotes inside the quotes in the 1st, LogFormat,
statement are 'quoted' (represented as \") because otherwise they'd be
treated as delimiters instead of characters. In the APACHELOGFORMAT
line, they are still quoted, though there are no 'outside' quote marks,
so I'd guess they are redundant. This line uses brackets to delimit the
text not quote marks.

It may be worth trying that line without the backslashes:

APACHELOGFORMAT (%h %l %u %t "%r" %>s %b "%{Accept}i" "%{Referer}i"
"%{User-Agent}i")

I'm guessing. I don't properly understand the format of either line,
but I do know what those backslashes are for - and they really don't
seem appropriate in the APACHELOGFORMAT line.

This is just something to try until someone who really does understand
supplies the right answer...

Roger

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
+------------------------------------------------------------------------
| TO UNSUBSCRIBE from this list:
| http://lists.meer.net/mailman/listinfo/analog-help
|
| Analog Documentation: http://analog.cx/docs/Readme.html
| List archives: http://www.analog.cx/docs/mailing.html#listarchives
| Usenet version: news://news.gmane.org/gmane.comp.web.analog.general
+------------------------------------------------------------------------
Re: Help with log format [ In reply to ]
Analog07 at eircom
Jul 8, 2009, 4:46 PM
Post #3 of 4 (3171 views)
Permalink
Roger <roger@roger-beaumont.co.uk> wrote:
> Dan Hough wrote:
>> I am trying to follow the CIS Security Configuration Benchmark for
>> Apache Web Server 2.2.0. I have a new apache install using RedHat EL
>> 5.3. The httpd version is 2.2.3. The configuration benchmark
>> recommends adding a parameter to the combined log file for Accept.
>> The line I am using is:
>>
>> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Accept}i\" \"%{Referer}i\"
>> \"%{User-Agent}i\"" combined
>>
>> I am unable to find a parameter in the Analog documentation that
>> matches. I tried using this line in my analog.cfg, following the
>> instruction in the web documentation:
>>
>> APACHELOGFORMAT (%h %l %u %t \"%r\" %>s %b \"%{Accept}i\"
>> \"%{Referer}i \" \"%{User-Agent}i\")
>
> Just a guess, but the quotes inside the quotes in the 1st, LogFormat,
> statement are 'quoted' (represented as \") because otherwise they'd be
> treated as delimiters instead of characters. In the APACHELOGFORMAT
> line, they are still quoted, though there are no 'outside' quote
> marks, so I'd guess they are redundant. This line uses brackets to
> delimit the text not quote marks.
>
> It may be worth trying that line without the backslashes:
>
> APACHELOGFORMAT (%h %l %u %t "%r" %>s %b "%{Accept}i" "%{Referer}i"
> "%{User-Agent}i")

Analog is able to parse out the escape "quotes", and the APACHELOGFORMAT line works with the sample line that Dan posted, with or without the \'s.

I just copied the sample line into a file, added the APACHELOGFORMAT entry and a LOGFILE entry to my analog.cfg, and generated a report.

Whatever is causing the empty report, it's not the format.

Aengus

+------------------------------------------------------------------------
| TO UNSUBSCRIBE from this list:
| http://lists.meer.net/mailman/listinfo/analog-help
|
| Analog Documentation: http://analog.cx/docs/Readme.html
| List archives: http://www.analog.cx/docs/mailing.html#listarchives
| Usenet version: news://news.gmane.org/gmane.comp.web.analog.general
+------------------------------------------------------------------------
Re: Help with log format [ In reply to ]
dhough at ou
Jul 9, 2009, 7:32 AM
Post #4 of 4 (3161 views)
Permalink
Thanks. Glad to know the problem is not the format. I will try to see
what else is causing the problem.

Dan

On Wed, 2009-07-08 at 18:46 -0500, Aengus wrote:
> Roger <roger@roger-beaumont.co.uk> wrote:
> > Dan Hough wrote:
> >> I am trying to follow the CIS Security Configuration Benchmark for
> >> Apache Web Server 2.2.0. I have a new apache install using RedHat EL
> >> 5.3. The httpd version is 2.2.3. The configuration benchmark
> >> recommends adding a parameter to the combined log file for Accept.
> >> The line I am using is:
> >>
> >> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Accept}i\" \"%{Referer}i\"
> >> \"%{User-Agent}i\"" combined
> >>
> >> I am unable to find a parameter in the Analog documentation that
> >> matches. I tried using this line in my analog.cfg, following the
> >> instruction in the web documentation:
> >>
> >> APACHELOGFORMAT (%h %l %u %t \"%r\" %>s %b \"%{Accept}i\"
> >> \"%{Referer}i \" \"%{User-Agent}i\")
> >
> > Just a guess, but the quotes inside the quotes in the 1st, LogFormat,
> > statement are 'quoted' (represented as \") because otherwise they'd be
> > treated as delimiters instead of characters. In the APACHELOGFORMAT
> > line, they are still quoted, though there are no 'outside' quote
> > marks, so I'd guess they are redundant. This line uses brackets to
> > delimit the text not quote marks.
> >
> > It may be worth trying that line without the backslashes:
> >
> > APACHELOGFORMAT (%h %l %u %t "%r" %>s %b "%{Accept}i" "%{Referer}i"
> > "%{User-Agent}i")
>
> Analog is able to parse out the escape "quotes", and the APACHELOGFORMAT line works with the sample line that Dan posted, with or without the \'s.
>
> I just copied the sample line into a file, added the APACHELOGFORMAT entry and a LOGFILE entry to my analog.cfg, and generated a report.
>
> Whatever is causing the empty report, it's not the format.
>
> Aengus
>
> +------------------------------------------------------------------------
> | TO UNSUBSCRIBE from this list:
> | http://lists.meer.net/mailman/listinfo/analog-help
> |
> | Analog Documentation: http://analog.cx/docs/Readme.html
> | List archives: http://www.analog.cx/docs/mailing.html#listarchives
> | Usenet version: news://news.gmane.org/gmane.comp.web.analog.general
> +------------------------------------------------------------------------
--
Dan Hough email:dhough@ou.edu
Oklahoma Biological Survey
Norman, OK 73019

+------------------------------------------------------------------------
| TO UNSUBSCRIBE from this list:
| http://lists.meer.net/mailman/listinfo/analog-help
|
| Analog Documentation: http://analog.cx/docs/Readme.html
| List archives: http://www.analog.cx/docs/mailing.html#listarchives
| Usenet version: news://news.gmane.org/gmane.comp.web.analog.general
+------------------------------------------------------------------------

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal