AWStats
AWStats copied to clipboard
eldy
logresolvemerge.pl don't work correct
I have problem with sorting Apache2 combined log format
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
# zgrep -E -h "1.2.3.4" /var/log/apache2/example.com_access.log* > ~/1.2.3.4.log
# zgrep -E -h "4.3.2.1" /var/log/apache2/example.com_access.log* > ~/4.3.2.1.log
# logresolvemerge.pl ~/1.2.3.4.log ~/4.3.2.1.log > ~/test.log
# head ~/test.log
1.2.3.4 - - [26/Sep/2016:15:47:25 +0200] "GET / HTTP/1.1" 200 4549 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0"
1.2.3.4 - - [26/Sep/2016:15:48:39 +0200] "GET /wp-login.php HTTP/1.1" 200 1504 "http://example.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0"
1.2.3.4 - - [26/Sep/2016:15:48:39 +0200] "GET /wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate&ver=4.6.1 HTTP/1.1" 200 37547 "http://example.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0"
1.2.3.4 - - [26/Sep/2016:15:48:48 +0200] "POST /wp-login.php HTTP/1.1" 302 1259 "http://example.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0"
1.2.3.4 - - [26/Sep/2016:15:48:48 +0200] "GET /wp-admin/ HTTP/1.1" 200 15282 "http://example.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0"
1.2.3.4 - - [26/Sep/2016:15:48:50 +0200] "GET /wp-content/plugins/mailchimp-subscribe-sm/js/lpp_color_picker.js?ver=4.6.1 HTTP/1.1" 200 427 "http://example.com/wp-admin/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0"
1.2.3.4 - - [26/Sep/2016:15:48:50 +0200] "GET /wp-includes/css/editor.min.css?ver=4.6.1 HTTP/1.1" 200 6094 "http://example.com/wp-admin/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0"
1.2.3.4 - - [26/Sep/2016:15:48:56 +0200] "GET /wp-admin/plugins.php HTTP/1.1" 200 11572 "http://example.com/wp-admin/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0"
1.2.3.4 - - [26/Sep/2016:15:49:06 +0200] "GET /wp-admin/users.php HTTP/1.1" 200 8849 "http://example.com/wp-admin/plugins.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0"
1.2.3.4 - - [26/Sep/2016:15:49:25 +0200] "GET /wp-admin/users.php&cmd=pwd HTTP/1.1" 404 501 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0"
# tail -50 ~/test.log
4.3.2.1 - - [24/Sep/2016:00:14:40 +0200] "POST /wp-login.php HTTP/1.1" 200 3567 "http://example.com/" "WPScan v2.9 (http://wpscan.org)"
[...]
4.3.2.1 - - [24/Sep/2016:00:14:41 +0200] "POST /wp-login.php HTTP/1.1" 200 3567 "http://example.com/" "WPScan v2.9 (http://wpscan.org)"
[...]
4.3.2.1 - - [24/Sep/2016:00:14:42 +0200] "POST /wp-login.php HTTP/1.1" 200 3567 "http://example.com/" "WPScan v2.9 (http://wpscan.org)"
[...]
4.3.2.1 - - [24/Sep/2016:00:14:43 +0200] "POST /wp-login.php HTTP/1.1" 200 3567 "http://example.com/" "WPScan v2.9 (http://wpscan.org)"
[...]
4.3.2.1 - - [24/Sep/2016:00:14:44 +0200] "GET /wp-content/plugins HTTP/1.1" 301 543 "http://example.com/" "WPScan v2.9 (http://wpscan.org)"
So it looks like it don't work correct there :-1:, on top of file I have 26/Sep/2016:15:47:25 and on bottom 24/Sep/2016:00:14:44 and this are not last and first times from this file.
https://stackoverflow.com/a/6137712
# sort -t ' ' -k 4.9,4.12n -k 4.5,4.7M -k 4.2,4.3n -k 4.14,4.15n -k 4.17,4.18n -k 4.20,4.21n ~/test.log | head -1
4.3.2.1 - - [23/Sep/2016:23:50:57 +0200] "GET /%23wp-config.php%23 HTTP/1.1" 404 430 "http://example.com/" "WPScan v2.9 (http://wpscan.org)"
# sort -t ' ' -k 4.9,4.12n -k 4.5,4.7M -k 4.2,4.3n -k 4.14,4.15n -k 4.17,4.18n -k 4.20,4.21n ~/test.log | tail -1
1.2.3.4 - - [26/Sep/2016:17:00:49 +0200] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 420 "http://example.com/wp-admin/edit.php?post_type=subscribe_me_forms&cmd=ncat+4.3.2.1+4445" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0"
