Search Results

Search found 4489 results on 180 pages for 'logging'.

Page 31/180 | < Previous Page | 27 28 29 30 31 32 33 34 35 36 37 38 | Next Page >

central apache log analysis of many hosts

- by Jason Antman

We have 30+ apache httpd servers, and are looking to perform analysis on the logs both for historical trending and near "real time" monitoring/alerting. I'm mainly interested in things like error rates (4xx/5xx), response time, overall request rate, etc. but it would also be very useful to pull out more compute-intensive statistics like unique client IPs and user agents per unit of time. I'm leaning towards building this as a centralized collector/server/storage, and am also considering the possibility of storing non-apache logs (i.e. general syslog, firewall logs, etc.) in the same system. Obviously a large part of this will probably have to be custom (at least the connection between pieces and the parsing/analysis we do), but I haven't been able to find much information on people who have done stuff like this, at least at shops smaller than Google/Facebook/etc. who can throw their log data into a hundred-node compute cluster and run Map/Reduce on it. The main things I'm looking for are: - All open source - Some way of collecting logs from apache machines that isn't too resource-intensive, and transports them relatively quickly over the network - Some way of storing them (NoSQL? key-value store?) on the backend, for a given amount of time (and then rolling them up into historical averages) - In the middle of this, a way of graphing in near-real-time (probably also with some statistical analysis on it) and hopefully alerting off of those graphs. Any suggestions/pointers/ideas, to either "products"/projects or descriptions of how other people do this would be greatly helpful. Unfortunately, we're not exactly a new-age-y devops shop, lots of old stuff, homogeneous infrastructure, and strained boxes.

Read the article
central log-server with auditdisp

- by johan

I want to setup a central log-server. The log-server is running with debian 6.0.6 and the audit daemon is installed in version 1.7.13-1. The Clients are running with Red Hat 5.5 and they connect to the log-server via audispd. The connection works fine and i get all messages from each node. My questions is: is it possible that the auditd daemon from the log server write the messages from each node in a separate file? I try to transfer the messages via the syslog daemon, that works but i can not use tools like ausearch to analyze these log-files.

Read the article
Grep all files in a directory and print matches with file name

- by javanix

I have a list of log files that I create as part of a video encoding script that I wrote. I would like to search all of them and print out certain statistics from the encode - how fast they were encoded, what settings were used, etc. I can search for the average framerate in one file via this 1 liner: cat ${filename} | grep average which outputs: work: average encoding speed for job is 23.211176 fps and search for the ratefactor: cat ${filename} | grep RF I would like to search all files in the directory and print off one, or prefereably both pieces of information along with the filename. Is there any way I can use find or grep to get this in a one-liner, or do I need to write a script? I would like output like this: /home/javanix/filename.log <RF line> <average line> I would like this to either work using FreeBSD 9 or Ubuntu 12.04.

Read the article
Monitor a log file on Linux and send each line to another program

- by mlambie

I run an apt-cacher-ng server on Ubuntu Linux which writes logs in the following format: 1299745593|O|149406|XXX.XXX.XXX.XXX|uburep/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.4_amd64.deb 1299745593|O|10154976|XXX.XXX.XXX.XXX|uburep/pool/main/l/linux-firmware/linux-firmware_1.34.4_all.deb 1299748529|O|39368|XXX.XXX.XXX.XXX|uburep/pool/main/n/nagios-nrpe/nagios-nrpe-server_2.12-4ubuntu1_amd64.deb 1300155440|O|680100|XXX.XXX.XXX.XXX|uburep/pool/main/t/tzdata/tzdata_2011c-0ubuntu0.10.04_all.deb It shows the timestamp, direction (in or out), byte count, IP and filename. Every time a line is written to it, I'd like to also send that line to another program. I will have this program insert the line into a database so that I can crunch some statistics about how much bandwidth we're saving through operating a caching server. I do not want to cat the log file every X minutes (via cron) looking for new entries as it'd be somewhat computationally uneconomical. Instead I'd prefer to have a daemon monitor the log, and when a change is detected, each line is sent to my database-insertion script. Will swatch achieve this, or are there better options?

Read the article
Du Meter Log file

- by Jack

Where can I find the Du Meter Log file? I tried searching C:\ProgramData\Hagel Technologies\DU Meter but the folder is empty. I also tried C:\Users\Username\AppData\Roaming and Local and LocalLow but none of them even have a Du Meter or Hagel Technologies folder. I even tried searching the temp folder but still nothing. I have a NetMeter.csv log file that I want to try and replace over the Du Meter log file cause I can't seem to find any other way to import data into Du Meter.

Read the article
Windows Login Failure

- by Chris Bateson

I'm getting an error in the Event Viewer, which is also generating a lot of Logon Failure messages on our syslog server. Pretty much stuck on how to resolve. EventID: 536 Logon Type: 3 Reason: The NetLogon component is not active This is for a Windows Server 2003 system. I have checked here We're using Shavlik Protect 9 to scan and deploy patches. Shavlik stores the credentials for the systems and uses those stored credentials to deploy patches. This system is able to scan and deploy to other systems on the network using those credentials and no errors are generated. When installing to the local system that Shavlik is physically on then this error is generated. Whats interesting is that it doesn't generate during a scan, and the patches install fine. We've contacted Shavlik to get the response that they are unable to help since it's a Microsoft error. Has anyone seen this?

Read the article
Extract Distinct restful MVC routes from IIS logs

- by Grummle

This is a cross post from StackOverflow that after some consideration I believe can be asked here (not getting anything on SO). My shop is using MVC3/FUBU on IIS 7. I recently put something into production and I wanted to gather metrics from the IIS logs using log parser. I've done this many times before with file endpoints but because the MVC3 routes are of the form /api/person/{personid}/address/{addressid} the log saves /api/person/123/address/456 in the uristem column. Does anyone have any ideas on how to get data about specific routes from IIS logs? As an exmaple: Log Like this: cs-uri-stem /api/person/123/address/456 /api/person/121/address/33 /api/person/3555 /api/person/1555/address/5555 I want information about all where the route used was /api/person/{personid} so the count would be 1 in this case. Ideally what I'd like to figure out is how to do is is have IIS log the regex for the route that is choose for a particular url. So in the IIS logs have /api/person/{personid}/address/{addressid} in a column in addition to the cs-uristem /api/person/1555/address/5555

Read the article
How do I capture the output of a tty while still allowing sent characters to reach the correct desti

- by Zak

I currently have some systems that multiple people have access to for administration purposes. We've modified the history log so that we capture 2k lines of history per user to help aid in who has done what on the system. However, we would additionally like to capture all keyboard input when we (the administrators) log in, and log it to a file so we can see what changes were made to files once people go into vi to edit them. It will also aid us in documenting when we are going through a compile of software and the like. How can I do this? CentOS 5.4 if it makes a difference.

Read the article
A good log file analyzer for windows

- by Raminder

Is there a text-editor for windows that can open for me first n lines of a large file? It would be nice if it could also open a set of lines from the middle of the file. EDIT: Basically my requirement is that I want to analyze huge(2GB) log files. So any good tool that can open huge files with some analysis capabilities(searching, text highlighting etc.) would be nice. I like notepad++ but it wouldn't open a file even of about 650 MB. P.S. - Open source tools will be preferred.

Read the article
Strange GET requests in logs

- by alfred

I'm getting the following GET requests in my apache logs: 109.230.251.14 - - [29/Mar/2011:16:28:18 +0100] "GET http://209.191.92.114/config/pwtoken_get?login=jackmcphee232&src=ygodgw&passwd=e59e2240415e6f1aba3da72b8f189f4e&challenge=9TbU_9yfZhKmzlHtK9X4OkQlesTH&md5=1 HTTP/1.0" 404 1226 "-" "-" Any idea what it could be and how is that possibly a get request? That IP address seems to point to Yahoo! I'm very confused.

Read the article
Weird stuff in in my /var/log/auth.log

- by xXx

I just check my logs on my deed serv, i spotted some weird log in the auth.log : Jun 17 22:27:01 mutualab CRON[16249]: pam_unix(cron:session): session opened for user user by (uid=0) Jun 17 22:27:01 mutualab CRON[16249]: pam_unix(cron:session): session closed for user user Jun 17 22:28:01 mutualab CRON[16253]: pam_unix(cron:session): session opened for user user by (uid=0) Jun 17 22:28:01 mutualab CRON[16253]: pam_unix(cron:session): session closed for user alain Jun 17 22:29:01 mutualab CRON[16257]: pam_unix(cron:session): session opened for user user by (uid=0) Jun 17 22:29:01 mutualab CRON[16257]: pam_unix(cron:session): session closed for user user Looks like somebody try to log - and suceed ? - but delog instantly ? I got the same log for hours now... Do you know what happens ? N.B : it's a 10.04 ubuntu server

Read the article
Setting the Server Port in D-Link Router for eMailing Logs

- by Synetech

Does anyone know how to set the port for the email server in the Status->Log section of the D-Link DI-524? I’ve tried the setting below but it does not seem to work. I don’t want to use the default port 25 if I can avoid it. (No, the server and email address in the snap are irrelevant, you can replace the server with hotmail.com or whatever and address with a valid one; the question I am trying to figure out is how to set the port.)

Read the article
logrotate: neither rotate nor compress empty files

- by Andrew Tobey

i have just set up an (r)syslog server to receive the logs of various clients, which works fine. only logrotate is still not behaving as intending. i want logrotate to create a new logfile for each day, but only to keep and store i.e. compress non-empty files. my logrotate config looks currently like this # sample configuration for logrotate being a remote server for multiple clients /var/log/syslog { rotate 3 daily missingok notifempty delaycompress compress dateext nomail postrotate reload rsyslog >/dev/null 2>&1 || true endscript } # local i.e. the system's very own logs: keep logs for a whole month /var/log/kern.log /var/log/kernel-info /var/log/auth.log /var/log/auth-info /var/log/cron.log /var/log/cron-info /var/log/daemon.log /var/log/daemon-info /var/log/mail.log /var/log/rsyslog /var/log/rsyslog-info { rotate 31 daily missingok notifempty delaycompress compress dateext nomail sharedscripts postrotate reload rsyslog >/dev/null 2>&1 || true endscript } # received i.e. logs from the clients /var/log/path-to-logs/*/* { rotate 31 daily missingok notifempty delaycompress compress dateext nomail } what i end up with is having is some sort of "summarized" files such as filename-datestampDay-Day and corresponding .gz files. What I do have are empty files, which are eventually zipped. so does the notifempty directive is in fact responsible for these DayX-DayY files, days on which really nothing happened? what would be an efficient way to drop both, empty log files and their .gz files, so that I eventually only keep logs/compressed files that truly contain data?

Read the article
Logfile software for making querys, extracting and other operations

- by Juw

I have written an app that connects to a server IIS 6 to retrieve information. When doing this i have collected data (phone model etc) and send it to the server with a regular GET HTTP call like this: http://www.myserver.com/getData.php?phonemodel=userphone&appversion=2&id=20 This is logged in the IIS logfiles. I thought of writing my own parser for log files. But why invent the wheel? I´m looking for a software that can read the IIS 6 logfiles. I would like it to be able to do: Extraction - Extract all lines that contains: www.myserver.com/getData Filtering - View all lines where http-code is not 200 Queries - View all lines where phonemodel=iphone Any tips on free software that can help me with this? Thanx in advance!

Read the article
Boot log for Windows XP

- by JasCav

Where can I find a step-by-step boot log of my Windows XP machine? I'm looking for something akin to the boot log you would get in Linux (with what is running at what times, how long it is running, etc). I am specifically interested in the what is happening after I get out of initial boot phase (AKA, the Windows XP logo goes away and I move to the generic blue background, and as I log in as a user onto the machine).

Read the article
Ways to parse NCSA combined based log files

- by Kyle

I've done a bit of site: searching with Google on Server Fault, Super User and Stack Overflow. I also checked non site specific results and and didn't really see a question like this, so here goes... I did spot this question, related to grep and awk which has some great knowledge but I don't feel the text qualification challenge was addressed. This question also broadens the scope to any platform and any program. I've got squid or apache logs based on the NCSA combined format. When I say based, meaning the first n col's in the file are per NCSA combined standards, there might be more col's with custom stuff. Here is an example line from a squid combined log: 1.1.1.1 - - [11/Dec/2010:03:41:46 -0500] "GET http://yourdomain.com:8080/en/some-page.html HTTP/1.1" 200 2142 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; C) AppleWebKit/532.4 (KHTML, like Gecko)" TCP_MEM_HIT:NONE I'd like to be able to parse n logs and output specific columns, for sorting, counting, finding unique values etc The main challenge and what makes it a little tricky and also why I feel this question hasn't yet been asked or answered, is the text qualification conundrum. When I spotted asql from the grep/awk question, I was very excited but then realised that it didn't support combined out of the box, something I'll look at extending I guess. Looking forward to answers, and learning new stuff! Answers doesn't have to be limited to platform or program/language. For the context of this question, the platforms I use the most are Linux or OSX. Cheers

Read the article
How can i get log messages from LAMP server on Ubuntu 10.04?

- by meyosef

How can I get log messages from LAMP server on Ubuntu 10.04? Should I install some good program on Ubuntu for that purpose? Thanks

Read the article
Can Octopussy use messages other than syslog style?

- by Lee Lowder

I am currently exploring different options for a centralized log server. We use both Linux (Ubuntu 10.04 / 12.04, LTS for both) and Windows, though for this specific issue only Linux is relevant. I like the interface that octopussy has and it's feature list, but I am hesitant due to a few things. One of the biggest concerns I have is that it seems to be syslog only. The end goal is to have a centralized place for our devs and admins to be able to search through the logs generated by Apache, Tomcat and 70+ web apps spread out among a cluster, for both our prod and test environments. While I did see that octopussy has support for plugins, I haven't been able to find any sort of plugin repo or in depth guides as to what can be done with them. Does anyone know if plugins can be used to allow octopussy to non-syslog messages? Specifically log4j type log messages that may include multi-line stack traces and such. Also, is there a user community for this software, such as a mailing list or forum? I've been unable to locate any so far. Thank you.

Read the article
How to go about rotating logs which are arbitrary named and placed in deeply nested directories?

- by Roman Grazhdan

I have a couple of hosts which are basically a playground for developers. On these hosts, each of them has a directory under /tmp where he is free to do all he wants - store files, write logs etc. Of course, the logs are to be rotated, or else the disc will be 100% full in a week. The files can be plenty, but I've dealt with it with paths like /tmp/[a-e]*/* and so on and lived happily for a while, but as they try new cool stuff on the machine logrotate rules grow ugly and unmanageable, and it's getting more difficult to understand which files hit the glob. Also, logrotate would segfault if asked to rotate a socket. I don't feel like trying to enforce some naming policies in that environment, I think it's going to take quite a lot of time and get people annoyed and still would fail at some point. And I still need to manage the logs, not just rm the dirs at night. So is it a good idea in circumstances like these to write a script which would handle these temporary files? I prefer sticking with standard utilities whenever possible, but here I think logrotate is getting less and less manageable. And probably someone heard of some logrotate alternatives which would work well in such an environment? I don't need emailing logs or some other advanced features, so theoretically some well commented find | xargs would do. P.S. I do have a log aggregator but this stuff is not going to touch my little cute logstash machine.

Read the article
Log all files saved on XP system.

- by Jason Taylor

I have a user that frequently saves items (or even forgets to save) to places that he forgets. Usually a simple search finds them, but not always. Is there any way to log/track the most recently saved files? It would be great to be the last "saved" files as the recent documents feature is unreliable if he constantly opens documents in his search for the file he just saved. Alternatively, any ideas on how to control this situation?

Read the article
SQL Server 2008: how to add logins to database

- by jrara

I'm dbowner on certain database (my account is on public role on server login but dbowner role on certain databases). Now when I try to add logins from server logins, I can only see sa account and my account. How can I add user to my databases from server logins?

Read the article
Log and debug/decrypt an windows application's HTTPS traffic

- by cweiske

I've got a proprietary windows-only application that uses HTTPS to speak with a (also proprietary, undocumented) web service. To ultimately be able to use the web service's functionality on my linux machines, I want to reverse-engineer the web service API by analyzing the requests sent by the application. Now the question: How can I decrypt and log the HTTPS traffic? I know of several solutions which don't apply in my case: Fiddler is a man-in-the-middle HTTPS proxy which I cannot use since the application doesn't support proxies. Also, I do not (yet) know if it works with self-signed server certificates, which I doubt. Wireshark is able to decrypt SSL streams if you have the server's private certificate, which I don't have. any browser extension since the application is not a browser If I remember correctly, there have been some trojans that capture online banking information by hooking into/replacing the window's crypto API. Since the machine is mine, low level changes are possible. Maybe there is a non-trojan (white-hat) network log application out there which does the same? There is a blackhat presentation with some details available to read. They refer to Microsoft Research Detour for easy API hooking.

Read the article
Is there a filesystem firewall?

- by Jenko

Ever since firewalls appeared on the scene, it became hard for rogue programs to access the internet. But you and I know that running applications get unrestricted access to the filesystem. They can read your files and send them to poppa. (programs such as web browsers and IM clients, which are allowed thru the internet firewall) Any way to know which programs are accessing your files? or limit their access to a specific partition?

Read the article
Weird Apache Access Logs

- by user38480

I see repeated requests like these in my Apache Access Logs and they have been eating up all my CPU. I have a normal WordPress installation. All i changed in the Apache Configuration was changing the DocumentRoot from /var/www/html to /var/www for both ssl and the default configuration. Also, the file referenced in the requests(updatedll.jpeg) does not exist on my server and also isn't referenced in the source code served by any page of the web application. Could this be a security threat? What are these actually and what can i do to stop them. I changed the ip address of my server. They still kept coming. Meaning that somebody is actually hitting the domain name and not the ip address. Why does my server send a 301 for these requests? Shouldn't it be sending a 404? Is it because Wordpress is installed in my root directory and the .htaccess file present for Wordpress is sending a 301 redirect? My disk access logs also seem to have high peaks intermittently. But nobody is actually accessing the site. I see no access logs except these below. Also, i see that all the requests seem to be coming from one of the following 5 ip addresses. 201.4.132.43 - - [05/Jun/2014:07:35:08 -0400] "GET /updatedll.jpg HTTP/1.1" 301 465 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; BTRS103681; GTB7.5; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; AskTbATU3/5.15.29.67612; BRI/2)" 187.40.241.48 - - [05/Jun/2014:07:35:08 -0400] "GET /updatedll.jpg HTTP/1.1" 301 465 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 186.56.134.132 - - [05/Jun/2014:07:35:10 -0400] "GET /updatedll.jpg HTTP/1.0" 301 428 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 71.223.252.14 - - [05/Jun/2014:07:35:13 -0400] "GET /updatedll.jpg HTTP/1.1" 301 465 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; BTRS31756; GTB7.5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; InfoPath.2)" 85.245.229.167 - - [05/Jun/2014:07:35:14 -0400] "GET /updatedll.jpg HTTP/1.1" 301 465 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MAAU; .NET4.0C; BRI/2; .NET4.0E; MAAU)"

Read the article
Is there an easily configurable way to inject data into IIS 6 SMTP logs?

- by Lorcan O'Neill

I am using IIS 6 SMTP server to send out some mail on our behalf. I am also storing each message we send in a SQL table - with a UUID representing each message. I would like to be able to inject additional data into the SMTP logs located in SMTPSVC1 - an additional field which would contain this UUID in the event of a RCPT cs-method call. This is so that I can check a one-to-one relationship between messages sent in SQL and messages actually sent through SMTP. If possible, I would like to avoid writing a C++ custom logger as some sites I've viewed have suggested. Is there an easily configurable way to inject this data into IIS 6 logs? Even if it was only the ability to perform a regex on the data/headers of the outgoing email, that would be enough. Thanks!

Read the article

< Previous Page | 27 28 29 30 31 32 33 34 35 36 37 38 | Next Page >