Date: Wed, 30 Nov 2005 09:21:27 +0300 From: Eugene Gladchenko <eugene@donpac.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/89743: Incorrect parsing of squid native log in www/sarg Message-ID: <20051130062127.GA45169@so.inet.rnd.cbr.ru> Resent-Message-ID: <200511300630.jAU6U36J097536@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 89743 >Category: ports >Synopsis: Incorrect parsing of squid native log in www/sarg >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Nov 30 06:30:03 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Eugene Gladchenko >Release: FreeBSD 5.4-RELEASE-p8 i386 >Organization: Bank of Russia >Environment: System: FreeBSD cerberus.rnd.cbr.ru 5.4-RELEASE-p8 FreeBSD 5.4-RELEASE-p8 #6: Thu Nov 3 01:10:34 MSK 2005 >Description: There's the error in sarg-2.0.9 that sometimes causes it to generate report lines for users whose names actually are not present in a log file. >How-To-Repeat: Let's take the following native squid log line for example: 1132348453.336 678 10.10.10.10 TCP_MISS/200 40312 GET http://www.cbr.ru/ joe DIRECT/212.40.192.49 text/html sarg -m outputs: BUF=1132348453.336 678 10.10.10.10 TCP_MISS/200 40312 GET http://www.cbr.ru/ joe DIRECT/212.40.192.49 text/html DATE= IDATA=20051119 DFROM=0 DUNTIL=0 IP= TCP_MISS/200 USER= direct_212_40_192_49 ELAP= 10.10.10.10 DATE= 19/11/2005 TIME= 00:14:13 FUNC= http://www.cbr.ru/ URL= joe CODE= 40312 LEN= GET That's definitely wrong. >Fix: The bug was introduced in sarg-2.0.9 and it's caused by incorrect parsing of a second value of a squid log line ("elapsed time" value). According to Squid FAQ, squid may insert one or more spaces betwen log columns but sarg-2.0.9 expects to see more than one space between first and second column. The patch that fixes the error follows. The author of sarg confirmed the error and told me this fix will go into sarg-2.1. --- patch-log.c begins here --- --- log.c.orig Fri Aug 5 02:33:46 2005 +++ log.c Mon Nov 21 10:03:04 2005 @@ -893,9 +893,10 @@ if(!common) { getword(elap,bufz,' '); - bzero(elap, 255); - while(strcmp(elap,"") == 0 && strlen(bufz) > 0) + while(strcmp(elap,"") == 0 && strlen(bufz) > 0) { + bzero(elap, 255); getword(elap,bufz,' '); + } if(strlen(elap) < 1) continue; getword(ip,bufz,' '); getword(code,bufz,' '); --- patch-log.c ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051130062127.GA45169>