Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Marketplace
default.png

Web Analytics

Web Analytics normalizes Web Analytics events and enables you to analyze Web Analytics data using pre-set dashboard views.

Release Details
Version: 5.1.0
Release date: May 02, 2024
Supported On: Logpoint v7.4.0 or later for log source template
SHA 256: b2f995d7221d733f3fdeacfd813280109427582272c114929ab9263306db1580
Download

Package Details

Web Analytics components:

  1. Dashboard Package
    • LP_Web Analytics
  2. Normalization Packages
    • LP_NginX  
    • LP_WebServer Common Log Format 
    • LP_Apache HTTP Server 
    • LP_ApacheTomcat 
    • LP_Apache HTTP Server Generic 
    • LP_Nginx Ctl 
  3. Report Package
    • LP_Web Analytics Report 

 

Enhancement

Description Issue ID Reference ID
Added Syslog Collector based Web Analytics log source template, simplifying the log source configuration process. To learn more, go to Creating Log Source via a Template.

KB-22697

 -

Installation

To install Web Analytics:

  1. Download the .pak file from the Download link above. 
  2. Go to Settings >> System Settings from the navigation bar and click Applications.
  3. Click Import.
  4. Browse to the downloaded .pak file.
  5. Click Upload.

Past Release

Web Analytics v5.0.0

Release Date: May 14, 2020

Supported On: Logpoint v6.0.0 and later

Download: WebAnalytics_5.0.0.pak

SHA256: a1813848ccbeba195b18b57cd6b21018590954dd09365ebd82f9f66aa4c94149

Enhancement

A minor update has been done in the Web Analytics normalizer for better signature handling.

Supported Versions

  • Apache HTTP Server 2.2 (Specific to Common Log Format)
  • WebServer Common Log Format or Generic WebServer
  • NginX HTTP/Proxy Server

Log Formats

Expected Log Format

Apache HTTP Server

Log Sample

[Wed Feb 21 11:10:58 2001] [error] [client 1.1.1.1] Premature end of script headers: /www/htdocs/deus/scripts/show.cgi

<181>Oct 28 14:50:20 HOSTANON httpd: IPAxxx - - [28/Oct/2014:14:50:19 +0100] "POST /ANONYMIZED/table?platz_id=1005030&ticket_type=lm&pay_type=0&location_type=abc HTTP/1.1" 200 7324 "https://ANONYMIZED/#15" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"

Expected Log Format

Apache HTTP Server

Log Sample

<14>Mar 6 08:28:02 apache: 1.1.1.1 - - [06/Mar/2012:08:28:02 +0100] "GET /cms/en/contact_us HTTP/1.0" 200 14922 "http://www.abc.com/cms/en/about" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.12.12.12 Safari/534.30" Sep 20 07:47:26 web02 apache: 1.1.1.1 - - [20/Sep/2012:07:47:26 +0200] "GET /list//type/LOGHOST/version/4_2/hardwarekey/A84A-A125-RT86-RS10/softwarekey/1111-1111111111 HTTP/1.0" 404 3422 "-" "Wget/1.10.2" 3.3.3.3 - - [22/Jan/2012:13:03:24 +0545] "POST /getlabelsonly HTTP/1.1" 302 45 "https://4.4.4.4/" "Mozilla/5.0 (X11; Linux i686; rv:8.0.1) Gecko/20100101 Firefox/8.0.1" 3.4

168.2.23 - - [24/Jan/2012:09:02:35 +0000] "-" 400 0 "-" "-" 0.206 1.1.1.1 - - [15/Feb/2012:15:11:46 +0545] "-" 400 0 "-" "-" 4.992 - - [22/Jan/2012:04:58:27 +0000] "GET /data?_dc=1327208305514&requestData=%7B%22search_id%22%3A%224629f0d6456044a68f317fa49fbf4686%22%2C%22waiter_id%22%3A%22waiter-id-95831%22%2C%22seen_version%22%3A0%7D HTTP/1.1" 400 0 "https://2.2.2.2:44300/" "Mozilla/5.0 (X11; Linux i686; rv:8.0.1) Gecko/20100101 Firefox/8.0.1"

Expected Log Format

NginX

Log Sample

2012/02/17 12:06:59 [error] 31608#0: *7538 open() "/opt/immune/installed/webserver/static/images/icons/risk_None.png" failed (2: No such file or directory), client: 1.1.1.1, server: _, request: "GET /static/images/icons/risk_None.png HTTP/1.1", host: "2.2.2.2", referrer: "https://2.2.2.2/" 2012/02/20 07:00:43 [error] 2693#0: *6181 connect() faileddd (111: Connection refused) while connecting to upstream, client: 11.11.11.11, server: _, request: "POST /createcorrelationrule HTTP/1.1", upstream: "http://1.0.0.1:18000/createcorrelationrule", host: "1.1.1.3:44300", referrer: "https://1.1.1.3:44300/"

2012/02/17 12:07:36 [error] 31608#0: *7551 open() "/opt/immune/installed/webserver/static/images/icons/risk_None.png" failed (2: No such file or directory), client: 1.1.1.1, server: _, request: "GET /static/images/icons/risk_None.png HTTP/1.1", host: "1.1.1.2", referrer: "https://1.1.1.2/" 2012/02/20 07:00:40 [error] 2693#0: *5804 upstream prematurely closed connection while reading response header from upstream, client: 3.3.3.3, server: _, request: "GET /data?_dc=1329721235164&requestData=%7B%22search_id%22%3A%22life_1a172b9363ee11b6dd79470d66532d1a9e853865%22%2C%22waiter_id%22%3A%22waiter-id-71965%22%2C%22seen_version%22%3A%22a2404c6135e04eadb63fabdacc8666de%22%7D HTTP/1.1", upstream: "http://1.0.0.1:18000/data?_dc=1329721235164&requestData=%7B%22search_id%22%3A%22life_1a172b9363ee11b6dd79470d66532d1a9e853865%22%2C%22waiter_id%22%3A%22waiter-id-71965%22%2C%22seen_version%22%3A%22a2404c6135e04eadb63fabdacc8666de%22%7D", host: "8.8.8.8:44300", referrer: "https://2.2.2.2:44300/"

To export data to Logpoint, use the Syslog collector on port 514 of the Logpoint server.

 

Support

If you have any questions or require assistance, create a support ticket.

Comments

Article is closed for comments.

Follow

Related articles

  • Ransomware Analytics
  • WhoIsLookup
  • Websense
  • Solar Winds Supply Chain Attack
  • Shibboleth
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.

Note: We use cookies that are essential for the smooth functioning of our website.