Web Analytics
Web Analytics normalizes Web Analytics events and enables you to analyze Web Analytics data using pre-set dashboard views.
Package Details
Web Analytics components:
- Dashboard Package
- LP_Web Analytics
- Normalization Packages
- LP_NginX
- LP_WebServer Common Log Format
- LP_Apache HTTP Server
- LP_ApacheTomcat
- LP_Apache HTTP Server Generic
- LP_Nginx Ctl
- Report Package
- LP_Web Analytics Report
Enhancement
| Description | Issue ID | Reference ID |
|---|---|---|
| Added Syslog Collector based Web Analytics log source template, simplifying the log source configuration process. To learn more, go to Creating Log Source via a Template. |
KB-22697 |
- |
Installation
To install Web Analytics:
- Download the .pak file from the Download link above.
- Go to Settings >> System Settings from the navigation bar and click Applications.
- Click Import.
- Browse to the downloaded .pak file.
- Click Upload.
Past Release
Web Analytics v5.0.0
Supported On: Logpoint v6.0.0 and later
Download: WebAnalytics_5.0.0.pak
SHA256: a1813848ccbeba195b18b57cd6b21018590954dd09365ebd82f9f66aa4c94149
Enhancement
A minor update has been done in the Web Analytics normalizer for better signature handling.
Supported Versions
- Apache HTTP Server 2.2 (Specific to Common Log Format)
- WebServer Common Log Format or Generic WebServer
- NginX HTTP/Proxy Server
Log Formats
Expected Log Format
Apache HTTP Server
Log Sample
[Wed Feb 21 11:10:58 2001] [error] [client 1.1.1.1] Premature end of script headers: /www/htdocs/deus/scripts/show.cgi
<181>Oct 28 14:50:20 HOSTANON httpd: IPAxxx - - [28/Oct/2014:14:50:19 +0100] "POST /ANONYMIZED/table?platz_id=1005030&ticket_type=lm&pay_type=0&location_type=abc HTTP/1.1" 200 7324 "https://ANONYMIZED/#15" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"
Expected Log Format
Apache HTTP Server
Log Sample
<14>Mar 6 08:28:02 apache: 1.1.1.1 - - [06/Mar/2012:08:28:02 +0100] "GET /cms/en/contact_us HTTP/1.0" 200 14922 "http://www.abc.com/cms/en/about" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.12.12.12 Safari/534.30" Sep 20 07:47:26 web02 apache: 1.1.1.1 - - [20/Sep/2012:07:47:26 +0200] "GET /list//type/LOGHOST/version/4_2/hardwarekey/A84A-A125-RT86-RS10/softwarekey/1111-1111111111 HTTP/1.0" 404 3422 "-" "Wget/1.10.2" 3.3.3.3 - - [22/Jan/2012:13:03:24 +0545] "POST /getlabelsonly HTTP/1.1" 302 45 "https://4.4.4.4/" "Mozilla/5.0 (X11; Linux i686; rv:8.0.1) Gecko/20100101 Firefox/8.0.1" 3.4
168.2.23 - - [24/Jan/2012:09:02:35 +0000] "-" 400 0 "-" "-" 0.206 1.1.1.1 - - [15/Feb/2012:15:11:46 +0545] "-" 400 0 "-" "-" 4.992 - - [22/Jan/2012:04:58:27 +0000] "GET /data?_dc=1327208305514&requestData=%7B%22search_id%22%3A%224629f0d6456044a68f317fa49fbf4686%22%2C%22waiter_id%22%3A%22waiter-id-95831%22%2C%22seen_version%22%3A0%7D HTTP/1.1" 400 0 "https://2.2.2.2:44300/" "Mozilla/5.0 (X11; Linux i686; rv:8.0.1) Gecko/20100101 Firefox/8.0.1"
Expected Log Format
NginX
Log Sample
2012/02/17 12:06:59 [error] 31608#0: *7538 open() "/opt/immune/installed/webserver/static/images/icons/risk_None.png" failed (2: No such file or directory), client: 1.1.1.1, server: _, request: "GET /static/images/icons/risk_None.png HTTP/1.1", host: "2.2.2.2", referrer: "https://2.2.2.2/" 2012/02/20 07:00:43 [error] 2693#0: *6181 connect() faileddd (111: Connection refused) while connecting to upstream, client: 11.11.11.11, server: _, request: "POST /createcorrelationrule HTTP/1.1", upstream: "http://1.0.0.1:18000/createcorrelationrule", host: "1.1.1.3:44300", referrer: "https://1.1.1.3:44300/"
2012/02/17 12:07:36 [error] 31608#0: *7551 open() "/opt/immune/installed/webserver/static/images/icons/risk_None.png" failed (2: No such file or directory), client: 1.1.1.1, server: _, request: "GET /static/images/icons/risk_None.png HTTP/1.1", host: "1.1.1.2", referrer: "https://1.1.1.2/" 2012/02/20 07:00:40 [error] 2693#0: *5804 upstream prematurely closed connection while reading response header from upstream, client: 3.3.3.3, server: _, request: "GET /data?_dc=1329721235164&requestData=%7B%22search_id%22%3A%22life_1a172b9363ee11b6dd79470d66532d1a9e853865%22%2C%22waiter_id%22%3A%22waiter-id-71965%22%2C%22seen_version%22%3A%22a2404c6135e04eadb63fabdacc8666de%22%7D HTTP/1.1", upstream: "http://1.0.0.1:18000/data?_dc=1329721235164&requestData=%7B%22search_id%22%3A%22life_1a172b9363ee11b6dd79470d66532d1a9e853865%22%2C%22waiter_id%22%3A%22waiter-id-71965%22%2C%22seen_version%22%3A%22a2404c6135e04eadb63fabdacc8666de%22%7D", host: "8.8.8.8:44300", referrer: "https://2.2.2.2:44300/"
To export data to Logpoint, use the Syslog collector on port 514 of the Logpoint server.
Support
If you have any questions or require assistance, create a support ticket.
Comments
Article is closed for comments.