all log entries containing the URL, the ip address and username
Which Parameter I have to enter in order to get all records containing URL, the username and the ip adress? At the Moment I only get a summary containing the ip address without URL
Comments (8)
-
repo owner -
repo owner This is just a user report and it’s shown as it always has been. I am not quite sure which report you are thinking about - the only report where a host and a URL appear together is the URL report generated when Squid proxy logs are processed. None of web log files would show hosts and URLs together (well, except for URL links).
What log type are you processing?
-
I want to receive a report similar like
78131 17.22% 1696865 0.05% 0.000 0.000 /kriegshaber/ 19552 4.31% 361104 0.01% 0.000 0.000 /gen/ 6183 1.36% 87472 0.00% 0.000 0.000 / 1859 0.41% 3948195 0.13% 0.000 0.000 /gen/oesterreich/pics/StammbaumRegenten.jpg 1034 0.23% 247952 0.01% 0.000 0.000 /gen/fugger/ 1023 0.23% 192874 0.01% 0.000 0.000 /gen/wittelsbacher/
however only those records should be shown which contain one certain username or all existing usernames and in addition the ip-Adress
-
repo owner which contain one certain username or all existing usernames and in addition the ip-Adress
If I understand you correctly and you want to process only log records that match this criteria, you would use ignore/include keywords. Any matching include option will include the log record in question, even if it matches some ignore option. For example:
IgnoreHost * InicludeHost 12.34.56.78 IncludeUser user1
IgnoreHost
ignores all log records, except those with IP address12.34.56.78
or user with nameuser1
, regardless of their IP address.For optional log record fields, like users, if you specify ignore/include options, log records with a matched value will be affected, as well as with empty values. In other words, using
IgnoreUser *
will show all records without a user.Note that these filters work at the log record level, so all reports will be affected by these filters. In other words, if the filters above match 10 log records and there is 1000 log records in the log file, then the generated HTML will show data only for 10 log records in all reports.
-
repo owner Just a heads-up - I deleted two of your comments with links to avoid showing personal information that was not necessary for this discussion.
-
Hallo,
Thank you for your answer. It looks like that your program does not have the specific function I am looking for.
At the moment I check the log directly by extractracting these records what I want to have using "cat access.log.19 | grep -ve "- -" >password.19"
then I get a file which looks like this one
62.216.204.0 - MOD [18/Nov/2019:00:00:14 +0100] "GET /MOD/MOD2019/mp4/2019MOD-BA%20%2810%29.mp4 HTTP/1.1" 200 26031695 heinz-wember.de "https://heinz-wember.de/MOD/MOD2019/mp4/MOD2019BunterAbendmp4.html" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0" "-" 62.216.204.0 - MOD [18/Nov/2019:00:00:15 +0100] "GET /MOD/MOD2019/mp4/2019MOD-BA%20%2810%29.mp4 HTTP/1.1" 206 13903 heinz-wember.de "https://heinz-wember.de/MOD/MOD2019/mp4/2019MOD-BA%20%2810%29.mp4" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0" "-" 62.216.204.0 - MOD [18/Nov/2019:00:09:29 +0100] "GET /MOD/MOD2019/mp4/2019MOD-WK%20%2812%29.mp4 HTTP/1.1" 206 962347609 heinz-wember.de "https://heinz-wember.de/MOD/MOD2019/mp4/2019MOD-WK%20%2812%29.mp4" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0" "-" 62.216.204.0 - MOD [18/Nov/2019:00:09:29 +0100] "GET /MOD/MOD2019/mp4/2019MOD-WK%20%2812%29.mp4 HTTP/1.1" 206 928531033 heinz-wember.de "https://heinz-wember.de/MOD/MOD2019/mp4/2019MOD-WK%20%2812%29.mp4" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0" "-" 87.158.177.0 - MOD [21/Nov/2019:09:37:13 +0100] "GET /MOD/MOD2019/FotosHeinz/images/2019MOD%20(22)_preview.png HTTP/1.1" 200 133596 heinz-wember.de "https://heinz-wember.de/MOD/MOD2019/FotosHeinz/index01.html" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:66.0) Gecko/20100101 Firefox/66.0" "-" 87.158.177.0 - MOD [21/Nov/2019:09:37:14 +0100] "GET /MOD/MOD2019/FotosHeinz/images/2019MOD%20(23)_preview.png HTTP/1.1" 200 89881 heinz-wember.de "https://heinz-wember.de/MOD/MOD2019/FotosHeinz/index01.html" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:66.0) Gecko/20100101 Firefox/66.0" "-" 87.158.177.0 - MOD [21/Nov/2019:09:37:14 +0100] "GET /MOD/MOD2019/FotosHeinz/images/2019MOD%20(24)_preview.png HTTP/1.1" 200 98550 heinz-wember.de "https://heinz-wember.de/MOD/MOD2019/FotosHeinz/index01.html" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:66.0) Gecko/20100101 Firefox/66.0" "-" 87.158.177.0 - MOD [21/Nov/2019:09:37:14 +0100] "GET /MOD/MOD2019/FotosHeinz/images/bulletinboard_background.jpg HTTP/1.1" 200 2757887 heinz-wember.de "https://heinz-wember.de/MOD/MOD2019/FotosHeinz/index01.html" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:66.0) Gecko/20100101 Firefox/66.0" "-"
Here I can see the URL, the IP-Adress and the user
Regards Heinz
Am 01.01.2020 um 15:50 schrieb StoneSteps:
-
repo owner - changed status to resolved
-
repo owner - changed status to closed
- Log in to comment
You need to provide more details - what type of logs you are processing, what do you expect to see and what are you seeing instead.