カスタム検索
このエントリーをはてなブックマークに追加
tomo.gif (1144 ツバツイツト)line.gif (927 ツバツイツト)line.gif (927 ツバツイツト)line.gif (927 ツバツイツト)To previous pageTo home pageMailing to me

Postfixのログを解析する実験

Modified: 29 July 2006


ダウンロード

以下からダウンロードできます。

http://awstats.sourceforge.net/

2006年7月28日に、"awstats-6.5-1.noarch.rpm"がダウンロードできました。


インストール

# rpm -ivh awstats-6.5-1.noarch.rpm 
Preparing...                ########################################### [100%]
   1:awstats                ########################################### [100%]

----- AWStats 6.5 - Laurent Destailleur -----
AWStats files have been installed in /usr/local/awstats

If first install, follow instructions in documentation
(/usr/local/awstats/docs/index.html) to setup AWStats in 3 steps:
Step 1 : Install and Setup with awstats_configure.pl (or manually)
Step 2 : Build/Update Statistics with awstats.pl
Step 3 : Read Statistics

# 


インストーラの実行

"/usr/local/awstats"にインストールされるので、以下に移動します。

# cd /usr/local/awstats/tools
#

インストーラを実行します。

# ./awstats_configure.pl 

----- AWStats awstats_configure 1.0 (build 1.6) (c) Laurent Destailleur -----
This tool will help you to configure AWStats to analyze statistics for
one web server. You can try to use it to let it do all that is possible
in AWStats setup, however following the step by step manual setup
documentation (docs/index.html) is often a better idea. Above all if:
- You are not an administrator user,
- You want to analyze downloaded log files without web server,
- You want to analyze mail or ftp log files instead of web log files,
- You need to analyze load balanced servers log files,
- You want to 'understand' all possible ways to use AWStats...
Read the AWStats documentation (docs/index.html).

-----> Running OS detected: Linux, BSD or Unix

-----> Check for web server install

Enter full config file path of your Web server.
Example: /etc/httpd/httpd.conf
Example: /usr/local/apache2/conf/httpd.conf
Example: c:\Program files\apache group\apache\conf\httpd.conf
Config file path ('none' to skip web server setup):
> /etc/httpd/conf/httpd.conf

-----> Check and complete web server config file '/etc/httpd/conf/httpd.conf'
  Add 'Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"'
  Add 'Alias /awstatscss "/usr/local/awstats/wwwroot/css/"'
  Add 'Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/"'
  Add 'ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"'
  Add '<Directory>' directive
  AWStats directives added to Apache config file.

-----> Update model config file '/etc/awstats/awstats.model.conf'
  File awstats.model.conf updated.

-----> Need to create a new config file ?
Do you want me to build a new AWStats config/profile
file (required if first install) [y/N] ? y

-----> Define config file name to create
What is the name of your web site or profile analysis ?
Example: www.mysite.com
Example: demo
Your web site, virtual server or profile name:
> yi.tomo.ac

-----> Define config file path
In which directory do you plan to store your config file(s) ?
Default: /etc/awstats
Directory path to store config file(s) (Enter for default):
> /etc/awstats

-----> Create config file '/etc/awstats/awstats.yi.tomo.ac.conf'
 Config file /etc/awstats/awstats.yi.tomo.ac.conf created.

-----> Restart Web server with '/sbin/service httpd restart'
httpd を停止中:                                            [  OK  ]
httpd を起動中:                                            [  OK  ]

-----> Add update process inside a scheduler
Sorry, configure.pl does not support automatic add to cron yet.
You can do it manually by adding the following command to your cron:
/usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=yi.tomo.ac
Or if you have several config files and prefer having only one command:
/usr/local/awstats/tools/awstats_updateall.pl now
Press ENTER to continue... 


A SIMPLE config file has been created: /etc/awstats/awstats.yi.tomo.ac.conf
You should have a look inside to check and change manually main parameters.
You can then manually update your statistics for 'yi.tomo.ac' with command:
> perl awstats.pl -update -config=yi.tomo.ac
You can also read your statistics for 'yi.tomo.ac' with URL:
> http://localhost/awstats/awstats.pl?config=yi.tomo.ac

Press ENTER to finish...

#


設定ファイルの変更

デフォルトでは、WEBサーバーのログを解析するようになっていますので、Postfixのログを解析するように変更します。

インストーラの実行の結果作成された"/etc/awstats/awstats.yi.tomo.ac.conf"を開きます。

# AWSTATS CONFIGURE FILE 6.5
   :

LogFile="(cd /var/log;cat maillog.3 maillog.2 maillog.1 maillog) | /usr/local/awstats/tools/maillogconvert.pl standard |"

   :

LogType=M

   :

LogFormat="%time2 %email %email_r %host %host_r %method %url %code %bytesd"


   :

SiteDomain="yi.tomo.ac"

   :

HostAliases="yi.tomo.ac 127.0.0.1 localhost"

   :

LevelForBrowsersDetection=0         # 0 disables Browsers detection.
                                    # 2 reduces AWStats speed by 2%
                                    # allphones reduces AWStats speed by 5%
LevelForOSDetection=0               # 0 disables OS detection.
                                    # 2 reduces AWStats speed by 3%
LevelForRefererAnalyze=0            # 0 disables Origin detection.
                                    # 2 reduces AWStats speed by 14%
LevelForRobotsDetection=0           # 0 disables Robots detection.
                                    # 2 reduces AWStats speed by 2.5%
LevelForSearchEnginesDetection=0    # 0 disables Search engines detection.
                                    # 2 reduces AWStats speed by 9%
LevelForKeywordsDetection=2         # 0 disables Keyphrases/Keywords detection.
                                    # 2 reduces AWStats speed by 1%
LevelForFileTypesDetection=0        # 0 disables File types detection.
                                    # 2 reduces AWStats speed by 1%
LevelForWormsDetection=0            # 0 disables Worms detection.
                                    # 2 reduces AWStats speed by 15%

   :

ShowMenu=1                                      

   :

# Show monthly summary
# Context: Web, Streaming, Mail, Ftp
# Default: UVPHB, Possible column codes: UVPHB
ShowSummary=HB

# Show monthly chart
# Context: Web, Streaming, Mail, Ftp
# Default: UVPHB, Possible column codes: UVPHB
ShowMonthStats=HB

# Show days of month chart
# Context: Web, Streaming, Mail, Ftp
# Default: VPHB, Possible column codes: VPHB
ShowDaysOfMonthStats=HB

# Show days of week chart
# Context: Web, Streaming, Mail, Ftp
# Default: PHB, Possible column codes: PHB
ShowDaysOfWeekStats=HB

# Show hourly chart
# Context: Web, Streaming, Mail, Ftp
# Default: PHB, Possible column codes: PHB
ShowHoursStats=HB

# Show domains/country chart
# Context: Web, Streaming, Mail, Ftp
# Default: PHB, Possible column codes: PHB
ShowDomainsStats=HB

# Show hosts chart
# Context: Web, Streaming, Mail, Ftp
# Default: PHBL, Possible column codes: PHBL
ShowHostsStats=HBL

# Show authenticated users chart
# Context: Web, Streaming, Ftp
# Default: 0, Possible column codes: PHBL
ShowAuthenticatedUsers=0

# Show robots chart
# Context: Web, Streaming
# Default: HBL, Possible column codes: HBL
ShowRobotsStats=0

# Show worms chart
# Context: Web, Streaming
# Default: 0 (If set to other than 0, see also LevelForWormsDetection), Possible column codes: HBL
ShowWormsStats=0

# Show email senders chart (For use when analyzing mail log files)
# Context: Mail
# Default: 0, Possible column codes: HBML
ShowEMailSenders=HBML

# Show email receivers chart (For use when analyzing mail log files)
# Context: Mail
# Default: 0, Possible column codes: HBML
ShowEMailReceivers=HBML

# Show session chart
# Context: Web, Streaming, Ftp
# Default: 1, Possible column codes: None
ShowSessionsStats=0

# Show pages-url chart.
# Context: Web, Streaming, Ftp
# Default: PBEX, Possible column codes: PBEX
ShowPagesStats=0

# Show file types chart.
# Context: Web, Streaming, Ftp
# Default: HB, Possible column codes: HBC
ShowFileTypesStats=0

# Show file size chart (Not yet available)
# Context: Web, Streaming, Mail, Ftp
# Default: 1, Possible column codes: None
ShowFileSizesStats=0            

# Show operating systems chart
# Context: Web, Streaming, Ftp
# Default: 1, Possible column codes: None
ShowOSStats=0

# Show browsers chart
# Context: Web, Streaming
# Default: 1, Possible column codes: None
ShowBrowsersStats=0

# Show screen size chart
# Context: Web, Streaming
# Default: 0 (If set to 1, see also MiscTrackerUrl), Possible column codes: None
ShowScreenSizeStats=0

# Show origin chart
# Context: Web, Streaming
# Default: PH, Possible column codes: PH
ShowOriginStats=0

# Show keyphrases chart
# Context: Web, Streaming
# Default: 1, Possible column codes: None
ShowKeyphrasesStats=0

# Show keywords chart
# Context: Web, Streaming
# Default: 1, Possible column codes: None
ShowKeywordsStats=0

# Show misc chart
# Context: Web, Streaming
# Default: a (See also MiscTrackerUrl parameter), Possible column codes: anjdfrqwp
ShowMiscStats=0

# Show http errors chart
# Context: Web, Streaming
# Default: 1, Possible column codes: None
ShowHTTPErrorsStats=0

# Show smtp errors chart (For use when analyzing mail log files)
# Context: Mail
# Default: 0, Possible column codes: None
ShowSMTPErrorsStats=1

# Show the cluster report (Your LogFormat must contains the %cluster tag)
# Context: Web, Streaming, Ftp
# Default: 0, Possible column codes: PHB
ShowClusterStats=0

   :


実行してみる

ディレクトリを作成し、テストディレクトリに移動します。

# mkdir /var/lib/awstats
# cd /usr/local/awstats/wwwroot/cgi-bin 

以下のように、実行してみます。

# ./awstats.pl -config=yi.tomo.ac -update -showsteps -showcorrupted -showdropped
Update for config "/etc/awstats/awstats.yi.tomo.ac.conf"
With data in log file "(cd /var/log;cat maillog.1) | /usr/local/awstats/tools/maillogconvert.pl standard |"...
Phase 1 : First bypass old records, searching new record...
Searching new records from beginning of log file...
Phase 2 : Now process new records (Flush history on disk after 20000 hosts)...
Jumped lines in file: 0
Parsed lines in file: 434
 Found 0 dropped records,
 Found 0 corrupted records,
 Found 0 old records,
 Found 434 new qualified records.
#

最初に実行したとき、以下のようなエラーが出て悩んでしまいました。
原因は、デフォルトのsendmailを、postfixに切り替えるまでにsendmailから出力されたログが含めれていたからでした。

# ./awstats.pl -config=yi.tomo.ac -update -showsteps -showcorrupted -showdropped
Update for config "/etc/awstats/awstats.yi.tomo.ac.conf"
With data in log file "(cd /var/log;cat maillog.2 maillog.1 maillog.0 maillog) | /usr/local/awstats/tools/maillogconvert.pl standard |"...
cat: maillog.2Phase 1 : First bypass old records, searching new record...
Searching new records from beginning of log file...
Corrupted record line 1 (record format does not match LogFormat parameter): 2006-07-27 04:02:04 root root localhost 127.0.0.1 SMTP -  5581
Corrupted record line 2 (record format does not match LogFormat parameter): 2006-07-27 21:46:16 nagios nagios localhost 127.0.0.1 SMTP -  259
Corrupted record line 3 (record format does not match LogFormat parameter): 2006-07-27 21:46:16 nagios nagios localhost 127.0.0.1 SMTP -  340
Corrupted record line 4 (record format does not match LogFormat parameter): 2006-07-27 21:46:26 nagios nagios localhost 127.0.0.1 SMTP -  261

     :
Corrupted record line 50 (record format does not match LogFormat parameter): 2006-07-27 21:53:57 nagios nagios localhost 127.0.0.1 SMTP -  254
AWStats did not find any valid log lines that match your LogFormat parameter, in the 50th first non commented lines read of your log.
Your log file (cd /var/log;cat maillog.2 maillog.1 maillog.0 maillog) | /usr/local/awstats/tools/maillogconvert.pl standard | must have a bad format or LogFormat parameter setup does not match this format.
Your AWStats LogFormat parameter is:
%time2 %email %email_r %host %host_r %method %url %code %bytesd
This means each line in your web server log file need to have the following personalized log format:
%time2 %email %email_r %host %host_r %method %url %code %bytesd
And this is an example of records AWStats found in your log file (the record number 50 in your log):
2006-07-27 21:53:57 nagios nagios localhost 127.0.0.1 SMTP -  254
Setup ('/etc/awstats/awstats.yi.tomo.ac.conf' file, web server or permissions) may be wrong.
Check config file, permissions and AWStats documentation (in 'docs' directory).
#


集計結果の表示

# chmod -R apache:apache /usr/local/awstats

以下のURLで表示できます。

http://yi.tomo.ac/awstats/awstats.pl


自動実行の設定

集計は定期的に行う必要があります。

0 * * * * /usr/local/awstats/wwwroot/cgi-bin/awstats.pl -config=yi.tomo.ac -update

To previous pageTo home pageMailing to meJump to Top of pageline.gif (927 ツバツイツト)line.gif (927 ツバツイツト)tomo.gif (1144 ツバツイツト)
カスタム検索



このエントリーをはてなブックマークに追加