Search HTTPD Log Links Macro
=search_httpd_log_links() is a script macro to report search links in the HTTPD log file.
search_httpd_log_links(site, s)
init
status =piktstatus
level =piktlevel
task "Report new search httpd log links"
input logfile "=httpd_logdir/access_log_(site)"
filter "=httpd_cgibin_root/webstats.pl -f -(s) -sl |
=sort | =uniq -c | =sort +0n"
rule
output mail $inlin
webstats.pl is a Perl script (not shown) to filter HTTPD log files and output certain types of information in various formats.
You might invoke the =search_httpd_log_links() macro in your alarms.cfg for more than one website log file thusly:
///////////////////////////////////////////////////////////////////////////////
SearchHttpdLogLinksEMC
=search_httpd_log_links(emc, e)
///////////////////////////////////////////////////////////////////////////////
SearchHttpdLogLinksPIKT
=search_httpd_log_links(pikt, p)
///////////////////////////////////////////////////////////////////////////////
Output from the SearchHttpdLogLinksEMC script might look like, for example:
INFO:
SearchHttpdLogLinksEMC
Report new search httpd log links
...
2 http://www.google.com.ph/search?q=wind+instrument&hl=en&start=1\0&sa=n
2 http://www.google.com/search?hl=en&q=martin+davids
2 http://www.google.com/search?hl=en&q=peter+tkach+harpsichords
2 http://www.google.com/search?hl=en&q=virginals+for+sale
...
And output from the SearchHttpdLogLinksPIKT script might look like, for example:
INFO:
SearchHttpdLogLinksPIKT
Report new search httpd log links
...
1 http://www.google.com/search?hl=en&q=remote+command+line
1 http://www.google.com/search?hl=en&q=reset+iptables&btng=google\+search
1 http://www.google.com/search?hl=en&q=roadrunner+name+server
1 http://www.google.com/search?hl=en&q=sulog
1 http://www.google.com/search?hl=en&q=sysdown+service
...
For more examples, see Samples.
