about another IIS log format

Print this Post

Page: 1

Reply to Post

Add a New Topic

User

Post

9:12 am
November 13, 2008

massive

Guest

Quote and Reply

Print this Post

can someone assist me also because I've tried what hendrick has (see IIS6 log formats, cant get it working…) & doesnt work for me :

This is what is contained within ma log Format:

#Fields: c-ip cs-username c-agent sc-authenticated date time s-svcname s-computername cs-referred r-host r-ip r-port time-taken cs-bytes sc-bytes cs-protocol cs-transport s-operation cs-uri cs-mime-type s-object-source sc-status s-cache-info rule FilterInfo cs-Network sc-Network error-info action

and I've also tried this :

LogFile=”sed -e 's/, /\\t/g' “/Z:\\ISALOG_20081112_WEB_000.w3c” |”
LogFormat=2
LogSeparator=” “

Thank you in advaced.

Massive

9:13 am
November 13, 2008

Jean-Luc

Admin

posts 1043

Quote and Reply

Print this Post

Hi Massive,

If I understand correctly, you are using sed to replace commas by tabs. Are the fields separated by commas in your log file ? If not, where are these commas used for ?

The use of LogFormat=2 is not recommended, as it does not always work in a reliable way. Please paste here a few rows from your log file and I will make a suggestion.

9:14 am
November 13, 2008

massive

Guest

Quote and Reply

Print this Post

196.209.25.79 anonymous Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) N 2008-11-05 12:12:23 W3ReverseProxy EPW_PROXY – epserver.epweb.co.za 192.168.102.1 443 125 432 332 https TCP GET https://xxxx.xxxx.co.za:443/exchange – Inet 302 0×42000000 old exchange Req ID: 12983216 External – 0xc00 Allowed

9:15 am
November 13, 2008

Jean-Luc

Admin

posts 1043

Quote and Reply

Print this Post

Here is what I would use for the LogFormat :

LogFormat = "%host %logname %ua %other %time2 %other %other %referer %other %other %other %other %other %bytesd %other %other %method %url %other %other %code %other %other %other %other %other %other %other"

Please answer the other questions : “Are the fields separated by commas in your log file ? If not, where are these commas used for ? ” . This could clarify some issues. Thanks.

1:29 am
November 14, 2008

massive

Guest

Quote and Reply

Print this Post

Hi Jean,

To answer your question. I dont see any commas within this LogFile.

and I dont get the second question.. could you please clarify your second question.

I've used the suggested logFormat and this is the error I'm getting :

AWStats did not find any valid log lines that match your LogFormat parameter, in the 50th first non commented lines read of your log.
Your log file C:\\WINDOWS\\system32\\LogFiles\\
W3SVC821035329\\ISALOG_20081112_WEB_000.w3c must have a bad format or LogFormat parameter setup does not match this format.

Your AWStats LogFormat parameter is: %host %logname %ua %other %time2 %other %other %referer %other %other %other %other %other %bytesd %other %other %method %url %other %other %code %other %other %other %other %other %other %other
This means each line in your web server log file need to have the following personalized log format:
%host %logname %ua %other %time2 %other %other %referer %other %other %other %other %other %bytesd %other %other %method %url %other %other %code %other %other %other %other %other %other %other

And this is an example of records AWStats found in your log file (the record number 50 in your log):

192.168.51.27 anonymous Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 2008-11-12 11:19:42 – 3141 http GET
http://pagead2.googlesyndication.com/pa
gead/ads?client=ca-pub-3926910091050603
&dt=1226488781546&lmt=1226488735&prev_f
mts=300×250_as%2C336×280_as&format=160×
600_as&output=html&correlator=122648877
8764&channel=8243151335&url=http%3A%2F%
2Fwww.mobilemag.com%2Fcontent%2F100%2F3
40%2FC16565%2F&color_bg=FFFFFF&color_te
xt=000000&color_link=0e13d3&color_url=9
3939C&color_border=FFFFFF&ad_type=text_
image&ea=0&ref=http%3A%2F%2Fwww.mobilem
ag.com%2Fcontent%2F100%2F&frm=0&ga_vid=
876137848.1226488318&ga_sid=1226488318&
ga_hid=858655967&ga_fc=true&flash=9.0.1
24&u_h=1050&u_w=1680&u_ah=1020&u_aw=168
0&u_cd=32&u_tz=120&u_his=1&u_java=true&
u_nplug=22&u_nmime=122&dtd=3

Setup ('c:\\inetpub\\wwwroot\\awstats website\\cgi-bin/awstats.epweb-sharepoin.conf' file, web server or permissions) may be wrong.
Check config file, permissions and AWStats documentation (in 'docs' directory).

Ps.

The LogFile is from a proxy server.

Regards,

Massive.

2:41 am
November 14, 2008

Jean-Luc

Admin

posts 1043

Quote and Reply

Print this Post

There are several issues :

the line coming from the log file does not match your #Fields: in your first post at all. I guess that the #Fields: you provided is not coming from the log file you analyze.
the line coming from the log file contains a user-agent field which is probably not acceptable for AWStats (this is c-agent in your #Fields: ). The user-agent cannot be processed if it contains spaces and it is also delimited by spaces. A cs(User-Agent) field would be easier to process for AWStats.
if there are no commas in the log file, I don't see any reason to use the sed command as you do it. Where is this command coming from ?

3:06 am
November 14, 2008

massive

Guest

Quote and Reply

Print this Post

I got the command from :

http://awstats.sourceforge.net/docs/awstats_config.html#LogFormat

If they dont look the same I will try getting a new and fresh Logfile..

However I've manage to get a LogFormat that works but not Fully because I dont get any new Qualifying records.. I get “16688 dropped and 4455 corrupt “

LogFormat=”date time cs-method cs-uri-stem cs-uri-query cs-username c-ip cs-version cs(User-Agent) cs(Referer) sc-status sc-bytes”

Regards,

Massive

5:37 am
November 18, 2008

massive

Guest

Quote and Reply

Print this Post

This is a Fresh Log File

#Fields: c-ip cs-username sc-authenticated date time s-svcname s-computername cs-referred r-host r-ip r-port time-taken cs-bytes sc-bytes cs-protocol cs-transport s-operation cs-uri cs-mime-type s-object-source sc-status s-cache-info rule FilterInfo cs-Network sc-Network error-info action

192.168.53.200 anonymous N 2008-11-18 00:00:06 w3proxy EPW_PROXY – 207.46.110.90 207.46.110.90 80 437 345 387 http TCP POST http://207.46.110.90/gateway/gateway.dll?Action=poll&SessionID=1108132742.512717536 application/x-msn-messenger Inet 200 0×48000004 Icafe Internet Req ID: 08da94ca Icafe External 0×480 Allowed

Please Do your Magic I would appreciate it !

Thanks,

Massive

6:05 am
November 18, 2008

Jean-Luc

Admin

posts 1043

Quote and Reply

Print this Post

I would try this :

LogFormat="%host %logname %other %time2 %other %other %referer %other %other %other %other %other %bytesd %other %other %method %url %other %other %code %other %other %other %other %other %other %other"

or this :

Page: 1

Reply to Post