Web Analysis Using Analog
One of the many responsibilities of being a webmaster is keeping tabs on the traffic your site receives. This information can help when it comes time to update: you will know which pages are requested most often and which could use a little more promotion.
Analog is an open-source program that analyses log files from web servers, creating as many as 32 different reports. It works on many operating systems, including Linux, and supports 35 different languages. It's extremely flexible and fast. Its author is Stephen Turner, a Research fellow at Sidney Sussex College at the University of Cambridge. His research has to do with mathematical problems in communications networks, so he has a good solid background when it comes to log file analysis.
Analog's versatility can make it seem very complicated; it has over 200 configuration options. The number of choices is also what makes it very useful for hostmasters and webmasters alike.
A common question on the analog-help mail list is, “How do I setup Analog for virtual hosts?”. This article will cover setup for both virtual hosts and individual pages. In addition, I'll describe how to use configuration and script files to get monthly, hourly, daily and specialized reports.
I've used Analog for several years, first on a FreeBSD system; I was a dial-in customer curious about my personal web pages. Later, I used Analog with Win95/98, and now use it on a Linux system as a web administrator. An example of my publicly available log analysis setup can be found at http://vcsweb.com/logs/.
Analog is the type of program that no two users will use in the same way, due to the vast number of options, only the items I have experience with will be discussed.
Before delving into Analog's configuration files, it's important to understand what you can and can't learn about your site from log files. First, the log files should be considered only as an estimation of traffic. Log references aren't available when web pages have been accessed from either browser or ISP cache files. According to Analog's author, it's impossible to tell the number of distinct visitors or the total number of visits.
The bottom line is that HTTP is a stateless protocol. People don't log in and retrieve several documents: they make a separate connection for each file they want. Many times, they don't even behave as if they were logged in to one site. Hence, Analog's emphasis on requests, rather than visits.
What we can learn varies, depending on what the web server writes to the logs. In general, this usually includes the computer name (or IP number) requesting information, whether the request was for a page (generally an HTML document) or another type of file, the status of the request, the time and date the request was made, and the number of bytes transferred. If the log file reports it, we can also learn which web site or page referred the visitor to our site and the browser they were using.
Analog's home page is at http://www.analog.cx/, and it can be downloaded from www.analog.cx/analog4.01.tar.gz. This web site also lists several mirror sites for the file.
Installation is rather painless: simply type make while in the analog4.01 directory. Several options can be set in the analhead.h file prior to using the make command, such as host or organization name, the log file path and name; I've found it more practical to use the configuration files for these items instead. The only item I needed to change in analhead.h was the directory path of /usr/local/etc/httpd to /etc/httpd so it matched my Red Hat Linux system, which allows me to use it from the /etc/httpd/analog directory.
It should be noted that Analog will work from any directory, as long as it can find its /lang directory. This can be accomplished by adding the language file and path name to Analog's configuration file(s), but for my use, it's easier to compile the program to the directory in which I want to work. When using the program as a single user, you can compile and use it from your home directory.
As a second step to installing Analog, I highly recommend viewing and bookmarking the local set of Analog's documentation in your favorite web browser. If you use Analog for creating HTML-format reports, this lets you have the documentation open in one browser window while viewing the reports you've generated in another. Analog isn't the type of program for which you can read the documentation from start to finish, create one configuration file and quit. Rather, the documentation provides information on each of its over 200 commands; you experiment to find the settings that suit your preferences.
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems
Join editor Bill Childers and Bit9's Paul Riegle on April 27 at 12pm Central to learn how to keep your Linux systems secure.
Free to Linux Journal readers.Register Now!
|diff -u: What's New in Kernel Development||Aug 20, 2014|
|Security Hardening with Ansible||Aug 18, 2014|
|Monitoring Android Traffic with Wireshark||Aug 14, 2014|
|IndieBox: for Gamers Who Miss Boxes!||Aug 13, 2014|
|Non-Linux FOSS: a Virtualized Cisco Infrastructure?||Aug 11, 2014|
|Linux Security Threats on the Rise||Aug 08, 2014|
- diff -u: What's New in Kernel Development
- Security Hardening with Ansible
- NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance
- Monitoring Android Traffic with Wireshark
- New Products
- Tech Tip: Really Simple HTTP Server with Python
- [<Megashare>] Watch Mrs Brown's Boys Movie Online Full Movie HD 2014
- RSS Feeds
- Linux Systems Administrator
- Technical Support Rep