ports/89743: Incorrect parsing of squid native log in www/sarg

Eugene Gladchenko eugene at donpac.ru
Wed Nov 30 06:30:16 UTC 2005 

>Number:         89743
>Category:       ports
>Synopsis:       Incorrect parsing of squid native log in www/sarg
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Nov 30 06:30:03 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Eugene Gladchenko
>Release:        FreeBSD 5.4-RELEASE-p8 i386
>Organization:
Bank of Russia
>Environment:
System: FreeBSD cerberus.rnd.cbr.ru 5.4-RELEASE-p8 FreeBSD 5.4-RELEASE-p8 #6: Thu Nov 3 01:10:34 MSK 2005
>Description:
	There's the error in sarg-2.0.9 that sometimes causes it
	to generate report lines for users whose names actually are
	not present in a log file.
>How-To-Repeat:
	Let's take the following native squid log line for example:

1132348453.336 678 10.10.10.10 TCP_MISS/200 40312 GET http://www.cbr.ru/ joe DIRECT/212.40.192.49 text/html

	sarg -m outputs:

BUF=1132348453.336 678 10.10.10.10 TCP_MISS/200 40312 GET http://www.cbr.ru/ joe DIRECT/212.40.192.49 text/html
DATE= IDATA=20051119 DFROM=0 DUNTIL=0
IP=     TCP_MISS/200
USER=   direct_212_40_192_49
ELAP=   10.10.10.10
DATE=   19/11/2005
TIME=   00:14:13
FUNC=   http://www.cbr.ru/
URL=    joe
CODE=   40312
LEN=    GET

That's definitely wrong.

>Fix:
	The bug was introduced in sarg-2.0.9 and it's caused by incorrect
	parsing of a second value of a squid log line ("elapsed time" value).
	According to Squid FAQ, squid may insert one or more spaces betwen
	log columns but sarg-2.0.9 expects to see more than one space between
	first and second column.

	The patch that fixes the error follows.

	The author of sarg confirmed the error and told me this fix
	will go into sarg-2.1.

--- patch-log.c begins here ---
--- log.c.orig	Fri Aug  5 02:33:46 2005
+++ log.c	Mon Nov 21 10:03:04 2005
@@ -893,9 +893,10 @@
 
 	   if(!common) {
 	      getword(elap,bufz,' ');
-              bzero(elap, 255);
-	      while(strcmp(elap,"") == 0 && strlen(bufz) > 0)
+	      while(strcmp(elap,"") == 0 && strlen(bufz) > 0) {
+	         bzero(elap, 255);
 	         getword(elap,bufz,' ');
+	      }
               if(strlen(elap) < 1) continue;
 	      getword(ip,bufz,' ');
 	      getword(code,bufz,' ');
--- patch-log.c ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list