NAME
HTTPD::Log::Filter - a module to filter entries out of an httpd log.
SYNOPSIS
my $hlf = HTTPD::Log::Filter->new(
exclusions_file => $exclusions_file,
agent_re => '.*Mozilla.*',
format => 'ELF',
);
while( <> )
{
my $ret = $hlf->filter( $_ );
die "Error at line $.: invalid log format\n" unless defined $ret;
print $_ if $ret;
}
print grep { $hlf->filter( $_ ) } <>;
$hlf = HTTPD::Log::Filter->new(
capture => [ qw(
host
ident
authexclude
date
request
status
bytes
) ];
);
while( <> )
{
next unless $hlf->filter( $_ );
print $hlf->host, "\n";
}
print grep { $hlf->filter( $_ ) } <>;
DESCRIPTION
This module provide a simple interface to filter entries out of an httpd logfile. The constructor can be passed regular expressions to match against particular fields on the logfile. It does its filtering line by line, using a filter method that takes a line of a logfile as input, and returns true if it matches, and false if it doesn't.
There are two possible non-matching (false) conditions; one is where the line is a valid httpd logfile entry, but just doesn't happen to match the filter (where "" is returned). The other is where it is an invalid entry according to the format specified in the constructor.
CONSTRUCTOR
The constructor is passed a number of options as a hash. These are:
- exclusions_file
-
This option can be used to specify a filename for entries that don't match the filter to be written to.
- invert
-
This option, is set to true, will invert the logic of the fliter; i.e. will return only non-matching lines.
- format
-
This should be one of:
- CLF
-
Common Log Format (CLF):
"%h %l %u %t \"%r\" %>s %b"
- ELF
-
NCSA Extended/combined Log format:
"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
- XLF
-
Some bespoke format based on extended log format + some junk at the end:
"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" %j
where %j is .* in regex-speak.
See http://httpd.apache.org/docs/mod/mod_log_config.html for more information on log file formats.
- SQUID
-
Logging format for Squid (v1.1+) caching / proxy servers. This is of the form:
"%9d.%03d %6d %s %s/%03d %d %s %s %s %s%s/%s %s"
where the fields are:
time elapsed remotehost code_status bytes method url rfc931 peerstatus_peerhost type
(see http://www.squid-cache.org/Doc/FAQ/FAQ-6.html for more info).
- (host|ident|authexclude|date|request|status|bytes|referer|agent)_re
-
This class of options specifies the regular expression or expressions which are used to filter the logfile for httpd logs.
- (time|elapsed|remotehost|code_status|method|url|rfc931|peerstatus_peerhost|type)_re
-
Ditto for Squid logs.
- capture [ <fieldname1>, <fieldname2>, ... ]
-
This option requests the filter to capture the contents of given named fields so that they can be examined if the filtering is successful. This is done by simply putting capturing parentheses around the appropriate segment of the filtering regex. Fields to be captured are passed as an array reference. WARNING; do not try to insert your own capturing parentheses in the custom field regexes, as this will have unpredictable results when combined with the capture option.
Captured fields can be accessed after each call to filter using a method call with the same name as the captured field; e.g.
my $filter = HTTPD::Logs::Filter->new( capture => [ 'host', 'request' ] ); while ( <> ) { next unless $filter->filter( $_ ); print $filter->host, " requested ", $filter->request, "\n"; }
METHODS
filter
Filters a line of a httpd logfile. returns true (the line) if it matches, and false ("" or undef) if it doesn't.
There are two possible non-matching (false) conditions; one is where the line is a valid httpd logfile entry, but just doesn't happen to match the filter (where "" is returned). The other is where it is an invalid entry according to the format specified in the constructor.
re
Returns the current filter regular expression.
format
Returns the current format.
(host|ident|authexclude|date|request|status|bytes|referer|agent|junk)
If the capture option has been specified, these methods return the captured string for each field as a result of the previous call to filter.
AUTHOR
Ave Wrigley <Ave.Wrigley@itn.co.uk>
COPYRIGHT
Copyright (c) 2001 Ave Wrigley. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.