logfilter Logo
logfilter
 
Download
 
Version History
 
Manual
 
Contact
 
See Also
   

Logfilter Manual

User manual for logfilter version 0.4.

logfilter is a quick and easy way to search your apache combined logs. Using logfilter you can search specific fields for information you want. Like grep, logfilter will return matching records (lines in your log files) to standard output. You can use logfilter's output just like you would use any other UNIX style program.

INSTALLATION

logfilter has been written in the C language. It can be built using regular make commands familiar to many UNIX programmers.

Firstly, you will need to download the source file from logfilter-0.4.tar.gz. Next uncompress & detar the archive using something like the following:

tar -xzf logfilter-0.4.tar.gz

You should now have a directory called logfilter-0.4. Move into the logfilter directory.

Now, you need to compile the sources into a program. Type ./configure then, make in root mode, type make install.

Assuming everything went ok you should have a program called logfilter in your /usr/local/bin directory. To check whether it is on your command path type:
whereis logfilter

The command should list where logfilter has been installed. If it does not, then something has gone wrong and you will need to troubleshoot.

USAGE

An apache combined log file contains the following records on each line of the log. Each log entry represents a single interaction with a client machine. For each page requested by your browser will, in all probabilty, require several interactions with the web server.

The following fields are present in an apache combined log:

  • client
  • identity
  • user id
  • time
  • request method (like GET or POST)/ URI / protocol
  • status code
  • size
  • user agent

Each of the above fields can be searched on by logfilter. The request field has been split up into it's constituents. More than one field can be matched at a time. If I want to find all requests for /somepage.html, using the GET request method that returned a 200 status code then alf will allow you to do so. The following command will work:

logfilter -u /somepage.html -m GET -s 200 some_log_file
 Copyright © 2005-2007 OPENXTRA Limited