waccess(1)waccess(1)NAMEwaccess - Quick And Dirty Web Log Analysis
SYNOPSISwaccess [-achilqrsv -f logfile] search-key search-key ...
DESCRIPTION
´waccess´ is a quick way to check a web access log for particular
"hits" or accesses. ´waccess´ will search the log looking for and dis‐
playing all the access records which contain any of the search keys you
name on the command line. By default, a summary of its findings -
including total number of records processed, number of accesses per
search key, and number of unique IPs accessing each search key - is
printed.
´waccess´ is not a replacement for a serious web log analysis tool, but
is surprisingly useful for "quickie" lookups.
OPTIONS-a Sort the summary output by search key.
-c Ignore case when looking for search keys in access records
-f logfile
Allows you to specify the name of the access log to process,
thereby overriding the default (/var/log/httpd-access.log).
-h Display help information and exit.
-i Do not ignore addresses found in .waccessignored.
-l List the ignored addresses in the summary output. Canceled by
the presence of the -i command.
-q Quiet mode - suppresses output of final summary information.
-r Try to determine the hostname of each access by doing a reverse
lookup on the IP address. This forces the program to display
each record as it is discovered (the opposite of the -s option).
-s Suppress display of the individual matching records and only
show the totals. This forces the suppression of reverse lookups
since they wouldn't be displayed anyway (the opposite of the -r
option).
-v Display detailed program version information and exit.
IGNORING ADDRESSES
You typically do not want your own addresses to appear in a web log
analysis. ´waccess´ has the ability to ignore records containing any
one of a set of addresses (partial or complete IP quads) you specify.
You do this by editing the .waccessignored file in your home directory.
Each line of this file should contain a full or partial IP quad. No
comments, whitespace, blank lines or other information should appear in
this file. Addresses found in this file will be ignored by ´waccess´
and never appear in the output. (However, records matching these
addresses do count toward the total records processed count.)
Suppose you are running an internet-facing machine with address 1.2.3.4
and an internal network on 192.168.3.*. Then your .waccessignored file
might look like this:
127.0
192.168.3
1.2.3.4
Accesses from any of these address spaces to your web server would then
be ignored by ´waccess´.
This feature is disabled with the ´-i´ option.
You can see which addresses are being ignored with the ´-l´ option.
This will cause a list of ignored addresses to be included in the sum‐
mary output.
EXAMPLESwaccess myreport.pdf
Searches the web access log displaying all access records containing
the string ´myreport.pdf´. When log search is finished, ´waccess´ dis‐
plays the total number of records examined and how many matching
entries were found.
waccess-r myreport.pdf
Searches the web access log displaying all access records containing
the string ´myreport.pdf´. This time, for each matching record, ´wac‐
cess´ will try to figure out (and display) the hostname of the access‐
ing machine via a reverse IP lookup.
waccess-s myreport.pdf
Look for and count records in the web access log containing ´myre‐
port.pdf´, but do not display them. Only display the totals when the
analysis is complete.
OTHER
You must have a reasonably current copy of 'python' installed for ´wac‐
cess´ to operate.
´waccess´ is set up to process ´apache´ access logs, but the field def‐
initions are symbolic within the program and should be easy to modify
for other log layouts.
FILES
~./waccessignored - optional file which contains complete or partial IP
quads to ignore during processing.
BUGS AND MISFEATURES
None known as of this release.
COPYRIGHT AND LICENSINGwaccess is Copyright(c) 2001, 2002, TundraWare Inc. For terms of use,
see the waccess-license.txt file in the program distribution. If you
install waccess on a FreeBSD system using the 'ports' mechanism, you
will also find this file in /usr/local/share/doc/waccess.
AUTHOR
Tim Daneliuk
tundra@tundraware.com
TundraWare waccess(1)