I need some help with monitoring this one url that shows up with multiple parameters in the request section. For example I need to monitor www.abc.com/case/book/buy The thing is that the url shows up in the logs in multiple formats like
www.a.com - - [01/Jan/2001:00:10:11 -0700] "GET /case/book/buy HTTP/1.0" 200 11111 www.me.com - - [01/Jan/2001:00:10:11 -0700] "GET /case/book/buy?this=1234 HTTP/1.0" 200 11111 www.him.com - - [01/Jan/2001:00:10:11 -0700] "GET /case/book/buy?here=ABCD HTTP/1.0" 200 11111 www.her.com - - [01/Jan/2001:00:14:11 -0700] "GET /case/book/buy?hey=SKDSKLDSKDS HTTP/1.0" 200 11111 etc.
I tried using this REQINCLUDE /case/book/buy* REQINCLUDE *cas* REQINCLUDE *book* REQINCLUDE */case/book/buy* REQINCLUDE */case/book/buy?* PAGEINCLUDE */
This does not work I end up getting a bunch of requests in my report like /case/book/buy.rm /this_book etc.
I tried putting this in along with everything above FILEINCLUDE /case/book/buy*
Then it complains of this and produces an empty log file. /usr/bin/analog: analog version 4.16/Unix /usr/bin/analog: Warning R: Turning off empty time reports (For help on all errors and warnings, see docs/errors.html) /usr/bin/analog: Warning R: Turning off empty Request Report /usr/bin/analog: Warning R: Turning off empty File Type Report /usr/bin/analog: Warning R: Turning off empty Directory Report /usr/bin/analog: Warning R: Turning off empty Domain Report /usr/bin/analog: Warning R: Turning off empty Organisation Report /usr/bin/analog: Warning R: Turning off empty Search Word Report /usr/bin/analog: Warning R: Turning off empty Operating System Report /usr/bin/analog: Warning R: Turning off empty File Size Report /usr/bin/analog: Warning R: Turning off empty Status Code Report
Any help would be appreciated.
Free, encrypted, secure Web-based email at www.hushmail.com
Analog-Help
nomad4@hushmail.com