AWStats not reliable...

  • Herbert Georg Fischer


    On the last two months I dedicated my work on log analysis study and "L.A." software evaluation. We planned to substitute our unstable version of WebTrends for something better and preferably for Linux, or upgrade it for a new version.

    I evaluated more than 20 different softwares... commercial, freeware and opensourced (including the most known like awstats, webalizer, analog).

    I got 3 finalists for the following test:

    • Analyse almost 2GB of Apache CLF Logs from 2 load balances servers (Round Robin), files splited by day and server.
    • To verify accuracy we counted some things by hand using shell scripts using commands like grep, cat, wc, awk, cut, bc,
      etc, to calculate "by hand" stats numbers from the tested logs;
    • Number comparison with the actual WebTrends used;

    The Finalists

    • Sane NetTracker
    • Good features;
    • Excelent reports;
    • Good accuracy;
      ! Slow;
    • Support load balanced server's logs;
    • Excelent integration with databases and BI software;
    • Unknown long-time usage experience;
    • Good multiplatform support;
    • Numbers very different from WT;
      ! Can be very expensive;
      ! The version that meets our need here costs about US$ 6000
      ! Profiles based expensive price;

    • Urchin Software

    • Good features;
    • Very good reports;
    • Very good accuracy;
    • Support load balanced server's logs;
    • Has a tracking module that can provide 99% of accuracy;
    • Very good long-time usage experience;
    • Excelent multiplatform support;
    • Numbers can be very close to WT (when disabling the option "visit requires pageview");
    • The fastest log analyser in the world!!! Did the test job in about 5 minutes!!!
      ! It's not cheap but from the 3 best commercial packages is the less expensive.
    • The version that meets our need here costs about US$ 2700 for 105 profiles pack, load balancing support, etc!

    • AWStats

    • Free;
    • OpenSource;
      ! Source code almost unreadable!! 10300+ lines of Perl on a single file is absurd! I'm forced to think that the creators of AWStats don't want us changing their core;
      ! Very unsecure!
    • Good features;
    • Regular ugly reports;
    • Very Bad accuracy;
    • Does not support load balanced server's logs. Using logmerge to join LB logs may reproduce totally wrong numbers, even when using accurate software like Urchin;
    • Unknown long-usage experience;
    • Good multiplatform support; (I had to manually edit the source code to find perl's binary)
    • Numbers totally different from all "less unreliable" softwares. It can be right;
    • Regular speed;
      !! This software was the most promissing open source project that could substitute our buggy WT but it doesnt meet our needs.

    The old buggy software:

    • WebTrends
    • Good features;
    • Buggy dinamic reports;
    • Medium accuracy;
    • Support load balanced server's logs;
    • Has a tracking module;
    • Slowwwwwww;
    • Very BAD long-time usage experience (too much problems to tell here);
      ! WebTrends's history shows no version compatibility and reliability;
      ! Unstable software;
      ! The new version it very-very expensive. More than US$ 15000 for our needs!
      ! The result numbers of the new version are not the same from the version we use today!!!

    So... Sorry for bottering some people but the true must be said. We almost thought in adapting AWStats's source code to fit our needs but it's source is horrible (sorry).

    I think AWStats has a good proposal and good features, but it must be redeveloped from scratch to be reliable.
    I really tryed to use convince me and my company to use AWStats but the tests does not lies.

    Unfortunately (or not) only NetTracker and Urchin are worth the money.

    Unfortunately there is no free or opensourced software that is reliable.

    We are going to buy Urchin because it's from Google Inc. now, has good features, support our needs, it's multiplatform, it's cheap for what it have to offer (comparing to NetTracker and WebTrends).

    PS.: Sorry for my english writing errors... It's not my mother language. ;-)

    • adam

      adam - 2006-12-06

      ! Source code almost unreadable!! 10300+ lines of Perl on a single file is absurd! I'm forced to think that the creators of AWStats don't want us changing their core;

      Nooooo! Please, for the love of God don't say that sort of thing. Judging by the rest of the code they'll just merge more lines together to reduce the line count!

      Seriously though, awstats is singularly the most evil perl code I have ever had to work with.

    • adam

      adam - 2006-12-07

      sorry, that's probably a bit harsh.

      Yes, it's evil perl, but the product itself is great compared to the competition. Good looking output, reliable stats (assuming you never miss any logs - all hell breaks loose when that happens), decent speed. Highly recommended for the 99% of people who will never look at the perl code.

    • Lawrence Cook

      Lawrence Cook - 2006-12-14

      I am going to have to agree with hgfischer on some of his points. We also were a Webtrends shop and needed to find a cheaper way of data mining our websites. We looked at the software he mentioned, plus a few others and decided to give AWSTATS a try. We trend more than a million pages a day from 70 different hosts and Webtrends and Urchin were not the answer due to cost. Until we started really using it, AWSTATS seemed to be a god send for us. We found a lot of limitations with data results, configurations, graphs, reporting, etc.

      Don't get me wrong AWSTATS is a great tool, but there is much room for improvement which is what I think hgfischer was trying to say. For the average joe who wants to see how many customers have accessed his site, see a few data graphs, etc. AWSTATS works great! But for those who need the more in depth data mining, actuate results, richer ROI reporting, etc that Webtrends and Urchin provide, AWSTATS falls short.

      Just search the forum topics will show where AWSTATS needs to be improved. Topics on reporting, unique user questions, configuration, data results are seen over and over again. Will AWSTATS be up to the Webtrends and Urchin level of Webtrending? That’s up to Laurent and us to get it there. Don’t rip hgfischer for wanting to improve the tool. Help him make it better! End of speech!


      • Eric

        Eric - 2006-12-14

        Pfffffffff !

        That's sure, every tool can be improved. If you don't agree don't use it.
        Today many users and providers are using this very very great tool...

        I use it and it is a great tool for me.

        Hi Eldy, i tried to reach you without success, can you send me a message with your mail (j'ai essayé avec et sans le prénom pour l'email sans succès) ?


    • Travis Reeder

      Travis Reeder - 2005-04-29

      Check out Ecommstats at . Pricing is great and they just released a new version.

    • alvin

      alvin - 2005-05-11

      Just to comment on the statement:

      ! Very unsecure!

      This is not true.

      I do not contribute to the project, but I do agree that the security is not the job of awstats. Security of the logs and stats is left to the webserver. Awstats generates webpages. How those pages are viewed depends on your webserver setup.

      • Darryl Miles

        Darryl Miles - 2005-05-12

        Just to comment on the statement:

        ! but I do agree that the security is not the job of awstats. Security of the logs and stats is left to the webserver.

        I dont think he was refering to the security with regard to access to the statstical data, but to the more serious CGI related security concerns.

        Awstats natively wants to run as a CGI program, I've looked over the code and find it a teadious task to audit it myself. Therefore I never run it in CGI mode, I only use it to generate static HTML pages.

        Because of this I'm willing to put up with a certain amount of feature loss. Like not being able to easily browse previous months history.

        Awstats is a very awkward beast to use from the command line, I agree in that it would be better if the project was split into multiple files, with the logfile processing engine seperate perl module that has clear inputs and outputs.

        Then have two execution enviroment wrappers one for CGI usage and one for command line usage. Then at least everyone could audit the smaller CGI wrapper code path and isolate the engine code from malicious CGI usage.

    • Laurent Destailleur (Eldy)

      Don't know how you did your evaluation but saying that webtrends and urchin is more accurate than AWStats is a big joke.
      AWStats was built because Webtrends and Urchin were completely out of reality. They make the same errors whe counting visitors providing wrong values for "human" hits and visitors (they share worms, a lot of robots, reloading pages etc...). Take a look at FAQ differences in results with other log analyzers to have just small examples but there is so many wrong analysis.

    • BigJacko

      BigJacko - 2005-10-15

      Like the above posts, I have to take issue with these claims...

      Awstats doesn't appear to me to be any less secure than practically ANY Perl-based CGI application - (at least, not in v6.5) - and in any case, the singular security risk which has been discovered (in 6.4 & earlier), is easily fixable by typing in a couple of lines of Perl! Hardly rocket-science, even if the file is big.

      What other LA program (apart from Analog) gives you complete access to its source-code in this way? Betcha WT doesn't, eh? And that cost fifteen grand! LOL. The point is, you have COMPLETE control, if you divert that fifteen grand into reading, learning, and understanding Awstats operation... Even if it took you six months, surely it'd still be a saving, no?

      You also mention errors - but don't explain any in detail. In my experience, Awstats has tallied pretty well with the facts of my weblogs, and I'm happy. Of course, Awstats will skip entries which are corrupted, and it will ignore (for the purposes of page-counts) those requests for which no content was returned to the user (dropped records). But it TELLS you this on-screen, if you're doing a CLI update, and you can double-check the totals to make sure.

      So... before discounting this totally FREE and very flexible, open-sourced replacement for a fifteen thousand-dollar package... tell us:

      WHAT security risk do you see? Define it, explain it, document it - and I'm sure it will be FIXED in moments by people here...


      WHAT errors are you seeing exactly? Is it page-counts, hit-counts, or just that fact that you can't get the keywords to match on Google Images? :) Tell us - and again, I'm sure it will get resolved soon.

      Would you get THAT degree of care and concern for your fifteen grand from WebTrends? A mutually-concerned bunch of web-geeks giving their time up for FREE, in order to create a great and useful products that are also FREE to use?

      Sheesh... what's a person gotta do to please people on this world nowadays? ;)

    • Ryders

      Ryders - 2006-05-25

      <blockquote style="padding:5px;margin:5px;border:1px dashed darkred">
      We are going to buy Urchin <strong>because it's from Google Inc.</strong>

      Don't get me wrong here... I love Google, their creativity, their innovative way of getting things out.... but god... that's got to be the most ridiculous reasonning I`re read ever!

    • Ryders

      Ryders - 2006-05-25

      Mmmm... ok... the "HTML tags will display in your post as text" was not big/red enough!

    • Eric

      Eric - 2006-08-04

      Because it is Google, it is reliable, hum...

      Urchin exist since many years and has been bought by Google.


Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks