ports/89743: Incorrect parsing of squid native log in www/sarg
Eugene Gladchenko
eugene at donpac.ru
Wed Nov 30 06:30:16 UTC 2005
>Number: 89743
>Category: ports
>Synopsis: Incorrect parsing of squid native log in www/sarg
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Nov 30 06:30:03 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Eugene Gladchenko
>Release: FreeBSD 5.4-RELEASE-p8 i386
>Organization:
Bank of Russia
>Environment:
System: FreeBSD cerberus.rnd.cbr.ru 5.4-RELEASE-p8 FreeBSD 5.4-RELEASE-p8 #6: Thu Nov 3 01:10:34 MSK 2005
>Description:
There's the error in sarg-2.0.9 that sometimes causes it
to generate report lines for users whose names actually are
not present in a log file.
>How-To-Repeat:
Let's take the following native squid log line for example:
1132348453.336 678 10.10.10.10 TCP_MISS/200 40312 GET http://www.cbr.ru/ joe DIRECT/212.40.192.49 text/html
sarg -m outputs:
BUF=1132348453.336 678 10.10.10.10 TCP_MISS/200 40312 GET http://www.cbr.ru/ joe DIRECT/212.40.192.49 text/html
DATE= IDATA=20051119 DFROM=0 DUNTIL=0
IP= TCP_MISS/200
USER= direct_212_40_192_49
ELAP= 10.10.10.10
DATE= 19/11/2005
TIME= 00:14:13
FUNC= http://www.cbr.ru/
URL= joe
CODE= 40312
LEN= GET
That's definitely wrong.
>Fix:
The bug was introduced in sarg-2.0.9 and it's caused by incorrect
parsing of a second value of a squid log line ("elapsed time" value).
According to Squid FAQ, squid may insert one or more spaces betwen
log columns but sarg-2.0.9 expects to see more than one space between
first and second column.
The patch that fixes the error follows.
The author of sarg confirmed the error and told me this fix
will go into sarg-2.1.
--- patch-log.c begins here ---
--- log.c.orig Fri Aug 5 02:33:46 2005
+++ log.c Mon Nov 21 10:03:04 2005
@@ -893,9 +893,10 @@
if(!common) {
getword(elap,bufz,' ');
- bzero(elap, 255);
- while(strcmp(elap,"") == 0 && strlen(bufz) > 0)
+ while(strcmp(elap,"") == 0 && strlen(bufz) > 0) {
+ bzero(elap, 255);
getword(elap,bufz,' ');
+ }
if(strlen(elap) < 1) continue;
getword(ip,bufz,' ');
getword(code,bufz,' ');
--- patch-log.c ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list