Toby Inkster <usenet200407.DeleteThis@tobyinkster.co.uk> wrote in
news:pan.2004.07.21.06.14.24.129510@tobyinkster.co.uk:
> Tony wrote:
>
>> All these sites have different domain names and IP addresses, but
live
>> on the same physical box. Also all of their logfiles are separate
too.
>
> Just concatenate all the log files together and then run a standard
log
> file analyser on the result.
You may run across some problems if you just concatenate. You also have
to resort the entries into chronological order.
# cd /var/log/apache/
# /usr/local/bin/mergelogs.pl access_log1 access_log1 access_log3 > all-
access_log
Following is the mergelogs.pl script....
#!/usr/bin/perl
#
# By Royans K Tharakan (rkt@pobox.com)
# Date: July 16 2001
# Updated: Aug 21 2001
# Version: $Id: mergelogs.pl,v 1.2 2001/10/29 20:28:10 control Exp $
#
# Usage: mergelogs.pl log1 log2 log3 log4.......
#################################################################3
use FileHandle;
$|=1;
$ignore[$#ignore+1]="10.1.10.13";
$ignore[$#ignore+1]="10.1.10.14";
$ignore[$#ignore+1]="10.1.10.15";
$ignore[$#ignore+1]="10.1.10.16";
$ignore[$#ignore+1]="10.32.";
$ignore[$#ignore+1]="10.1.10";
@files=@ARGV;
#print "@ARGV $#ARGV $#files -------";
#print $#files;
for $i (0..$#files)
{
# print "checking file $files[$i] $i\n";
$DATAIN[$i]=IO::File->new("<$files[$i]")||die "Can't open $files
[$i]";
}
$dataoutfile="$files[$#files]";
#open(STDOUT,">$dataoutfile")||die "Cant send data";
$stop=0;
&get_time_stamps();
while ($stop == 0)
{
#for $tt (keys %time) {print "COMPARE: $tt $time{$tt} \n ";}
# print "\n";
@time1=sort {$time{$a} cmp $time{$b}} keys %time;
#print "@time1\n";
# for $tt (@time1) {print "$tt $time{$tt}=";}
# print "\n";
if ($time{$time1[0]} != 93104863665)
{
addlog($time1[0],$time{$time1[1]});
}
else
{
$stop=1;
}
}
for $i (0..$#files-1)
{
$DATAIN[$i]->close();
}
#close(STDOUT);
sub addlog()
{
my ($FD,$timestamp)=@_;
$check_time=0;
# print "=== $FD $timestamp , $time{$FD} === \n";
while (($timestamp>=$time{$FD})&&($time{$FD}!=93104863665))
{
# print "=== $FD $time{$FD} $timestamp === \n";
print STDOUT "$datain[$FD]";
my $td="--";
while($td eq "--")
{
$td=readline($DATAIN[$FD]);
#print "$#ignore @ignore \n";
for $ignore_i (0..$#ignore)
{
if ($td=~/$ignore[$ignore_i]/)
{$td="--";}
}
#print "+1 $td $FD \n";
}
$datain[$FD]=$td;
#print "+2 $td $FD \n";
if ($datain[$FD]==0)
{
$time{$FD}=93104863665;
}
else
{
$time{$FD}=&gettime($datain[$FD]);
#print "==== 5 \n";
}
}
#print "==== 6 \n";
}
sub get_time_stamps()
{
for $i (0..$#files)
{
my $td="--";
while($td eq "--")
{
$td=readline($DATAIN[$FD]);
for $ignore_i (0..$#ignore)
{
if ($td=~/$ignore[$ignore_i]/)
{$td="--";}
}
#print "+3 $td $FD \n";
}
$input=$td;
$time{$i}=&gettime($input);
$datain[$i]=$input;
#print ":::===== $i $#files ====== ",$time{$i}," $datain
[$i]\n";
}
}
sub gettime()
{
my $i="@_";
# print "=========== $i ===========\n";
$i=~m/(\S+) - - \[(.*?)
.*?)\] \"\S+ (\S+) .*?\" (\d+) (\S+)(?:
\"(.*?)\" \"(.*?)\")?/
;
#print "=============== $1 $2 $3==============\n";
my $date = $2;
my $time = $3;
if($date=~m/(\d+)\/(\w+)\/(\d+)/i)
{
$day = $1;
$month = &month2num(lc($2));
# print "$month = $2\n";
$year = $3;
}
if($time=~m/(\d+)
\d+)
\d+).*/)
{
$hour = $1;
$min = $2;
$sec = $3;
}
$total=$year*31536000+$month*2592000+$day*86400+$hour*3600+$min*
60+$sec;
#print "4 ===\n";
return $total;
}
sub month2num{
my $mon = shift;
$mon =~ s%Jan%0%io;
$mon =~ s%Feb%1%io;
$mon =~ s%Mar%2%io;
$mon =~ s%Apr%3%io;
$mon =~ s%May%4%io;
$mon =~ s%Jun%5%io;
$mon =~ s%Jul%6%io;
$mon =~ s%Aug%7%io;
$mon =~ s%Sep%8%io;
$mon =~ s%Oct%9%io;
$mon =~ s%Nov%10%io;
$mon =~ s%Dec%11%io;
return $mon;
}
--
Edward Alfert
<a style='text-decoration: underline;' href="http://www.rootmode.com/" target="_blank">http://www.rootmode.com/</a>
Multiple Domain Hosting and Reseller Hosting Plans
Coupon Code (Recurring $5/month Discount): newsgroup<!-- ~MESSAGE_AFTER~ -->
>> Stay informed about: Web Reporting with Merged Site Logs 
FAQ
Profile
Private Messages
Log in
