[Logwatch] Logwatch not parsing Apache-2.0.50 access_log

Bob Hutchinson hutchlists at midwales.com
Fri Jan 21 17:22:23 MST 2005


On Thursday 20 Jan 2005 23:00, Jeroen Rook wrote:
> Hi all,
>
> I am using Logwatch 5.2.2 (released 06/23/04) to parse the access logs for
> Apache-2.0.50. Currently my apache access_log file is not parsed in correct
> way by the httpd script.
>
> The result of the httpd script is this:
>
> --------------------- (httpd) Begin ------------------------
>
> 0.00 MB transfered in 30468 responses  (1xx 30468, 2xx 0, 3xx 0, 4xx 0, 5xx
> 0) 30468 Other (0.00 MB)
>
> A total of 1 unidentified 'other' records logged
>    with response code(s)
>
>  ---------------------- (httpd) End -------------------------
>
> The logs are in the 'common' format and a log sample looks like this:
> (which is actually an reconnaissance attempt)

Try 'combined' format

>
> <sample access_log>
> ...
> 66.221.36.226 - - [05/Jan/2005:19:17:44 -0800] "HEAD /phpbb/ HTTP/1.0" 404
> - 66.221.36.226 - - [05/Jan/2005:19:17:44 -0800] "HEAD /phbb2/ HTTP/1.0"
> 404 - 66.221.36.226 - - [05/Jan/2005:19:17:44 -0800] "HEAD /phpBB/
> HTTP/1.0" 404 - 66.221.36.226 - - [05/Jan/2005:19:17:44 -0800] "HEAD
> /phBB2/ HTTP/1.0" 404 - ..
> </sample access_log>
>
> A logwatch --debug 99 --service http --print did not show the problem.
> See the attached log below.
>
> I can not figure out what went wrong. Maybe somebody can point me in
> the correct direction?
>
> Kind regards,
>
> Jeroen Rook
> --
> Only 10 people can count binary. Those who can and those who can not.
>
> ======================================================
> The logwatch --debug 99 --service http --print output
> ======================================================
> Made Temp Dir: /tmp/logwatch.Bbm15052 with mktemp
> export LOGWATCH_DATE_RANGE='today'
> export LOGWATCH_DETAIL_LEVEL='10'
> export LOGWATCH_TEMP_DIR='/tmp/logwatch.Bbm15052/'
> export LOGWATCH_DEBUG='99'
>
> Preprocessing LogFile: http
> /usr/local/apache2/logs/*access_log  2>/dev/null |
> /etc/log.d/scripts/shared/expandrepeats ''>/tmp/logwatch.Bbm15052/http
> export http_fields='client_ip ident userid timestamp request http_rc
> bytes_transfered referrer agent'
> export http_format='space     space space    brace    quote   space
>     space       quote   quote'
> export http_ignore_error_hacks='0'
>
> Processing Service: http
>  ( /bin/cat /tmp/logwatch.Bbm15052/http  |
> /etc/log.d/scripts/services/http) 2>&1
>
>  ################### LogWatch 5.2.2 (06/23/04) ####################
>        Processing Initiated: Thu Jan 20 14:37:04 2005
>        Date Range Processed: today
>      Detail Level of Output: 10
>           Logfiles for Host: lava
>  ################################################################
>
>  --------------------- (httpd) Begin ------------------------
>
> 0.00 MB transfered in 31816 responses  (1xx 31816, 2xx 0, 3xx 0, 4xx 0, 5xx
> 0) 31816 Other (0.00 MB)
>
> A total of 1 unidentified 'other' records logged
>    with response code(s)
>
>  ---------------------- (httpd) End -------------------------
>
>
>  ###################### LogWatch End #########################
>
> --
> * Prive: Witbreuksweg 389 - 007 7522 ZA Enschede
>   Phone:  +31 (0) 53.489.51.45  Mobile: +31 (0) 610.93.97.87
>   E-mail Mobile: jeroen.rook at imail.nl  E-mail: jeroen.rook at gmail.com
> * Business:  Accenture Amsterdam (GACT)
>   Mobile: +31 (0) 61.29.54.847 E-mail: jeroen.rook at accenture.com
> _______________________________________________
> Logwatch mailing list
> Logwatch at logwatch.org
> http://www2.list.logwatch.org:81/lists/listinfo/logwatch

-- 
-----------------
Bob Hutchinson
Midwales dot com
-----------------


More information about the Logwatch mailing list