Used awstats before, but have always been behind a Load Balancer and always on
Apache. Just had the Load balancer insert a header with the true client IP and
modified apache to log the extra header field, configured awstats to look for
that extra field and no problems.
I now have to work with MS IIS 7 and the only way to get that extra header
field with the true cleint IP (instead of the load balancer VIP for every
request) is to use IIS Advanced Logging Module.
Setup is easy enough, but I have not been able to get awstats to display any
data at all, it crunches through the logs with no issues or errors ..
D:\wwwroot\awstats\cgi-bin>perl awstats.pl -update -config=ordersets
Create/Update database for config "./awstats.foo.conf" by AWStats version
7.0 (build 1.971)
From data in log file "d:/awstats/foo/realip_d20120927.log"...
Phase 1 : First bypass old records, searching new record...
Direct access to last remembered record has fallen on another record.
So searching new records from beginning of log file...
Phase 2 : Now process new records (Flush history on disk after 20000 hosts)...
Jumped lines in file: 0
Parsed lines in file: 17306
Found 0 dropped records,
Found 12 comments,
Found 0 blank records,
Found 0 corrupted records,
Found 0 old records,
Found 17294 new qualified records.
But I get nothing but "unknown" robots from the Load Balancers VIP monitor
zero byte checks.
LogFormat="%time2 s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username
%host cs(User-Agent) cs(Host) sc-status sc-substatus sc-win32-status
IIS Log Fields are:
cs-username RealIP cs(User-Agent) cs(Host) sc-status sc-substatus sc-
And 2 sample log lines .. first one is a Load Balancer VIP check
2012-09-26 20:00:01.750 18.104.22.168 HEAD /wkosaweb/OSALogin.aspx - 80 - -
- "foo.test.com" 200 0 0 0
Next is a real visitor
2012-09-27 03:08:00.400 22.214.171.124 GET /wkosaweb/OSALogin.aspx
OrderSetId=317 80 - "126.96.36.199" "Mozilla/5.0 (Windows NT 5.1; rv:14.0)
Gecko/20100101 Firefox/14.0.1" "foo.test.com" 200 0 0 21839
I've tried a number of different LogFormats, but I just can not seem to get
any data out of awstats with these logs and the puzzling thing is everything
Oh - I forgot - this is a new install of Awstats 7.0 build 1.971
Any help or pointers would be appreciated.
TIA .. Mike
This might be an issue your having.
I have enabled Advanced logging on IIS. When collecting the logs ->
all log entered are put into ---> Not viewed traffic *
using the standard logging it works fine. Only when you capture the logs through advanced logging.
I have narrowed it down to -
in standard logging -> which works fine
in IIS advanced logging -> which puts everything into "Not viewed traffic *"
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
See the + symbols is the difference.... this is the issue.
can you please advise how I can resolve this.
I believe that everyone has this issue.