-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathvisited.1
535 lines (513 loc) · 17.8 KB
/
visited.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
.TH VISITORS "1" "April 2005" "Visitors 0.7"
.SH NAME
visitors \- a fast web server log analyzer
.SH SYNOPSIS
.B visitors
[\fIoptions] \fI<filename> [\fI<filename> ...]
.SH DESCRIPTION
.PP
.I Visitors
generates access statistics from specified web log files.
The resulting reports contain a number of useful informations and
statistics:
.IP \[bu] 2
Requested pages
.IP \[bu]
Requested images
.IP \[bu]
Referers by number of visits and age
.IP \[bu]
Unique visitors in each day
.IP \[bu]
Page views per visit
.IP \[bu]
Pages accessed by the Google crawler (and the date of google's last
access on every page)
.IP \[bu]
Pages accessed by the AdSense crawler (and the date of adsense's last
access on every page)
.IP \[bu]
Percentage of visits originated from Google searches for every day
.IP \[bu]
User navigation patterns (web trails)
.IP \[bu]
Keyphrases used in Google searches
.IP \[bu]
Human languages used in google searches
.IP \[bu]
User agents
.IP \[bu]
Weekdays and Hours distributions of accesses
.IP \[bu]
Weekdays/Hours combined bidimensional map
.IP \[bu]
Month/Day combined bidimensional map
.IP \[bu]
Visual path analysis with Graphviz
.IP \[bu]
Operating systems, browsers and domains popularity
.IP \[bu]
Visitors screen resolution and color depth
.IP \[bu]
404 errors
.PP
The web log files don't need to follow a strict format, except: the date
MUST be included between [ and ] chars, the client hostname MUST be the
first entry in the log, referers and requests MUST be included between
double quote chars. Out of the box Apache log file will work without
problems.
It's possible to use Visitors with IIS log files converting them using
the iis2apache.pl utility distributed with Visitors (The utility is
the same you can find at http://www.jammed.com/~jwa/hacks/ and
is distributed under the GPL license).
Note that logfile can be a \- character to use the standard input.
.PP
.SS "Available options:"
.TP 8
.BI "\-A \-\-all"
Activate all the optional reports. This option is equivalent to
.B -GKUWRDOB.
Note that
.B --trails
is not implicitly included in this option because it also requires
.B --prefix.
See the
.B --trails
option documentation for details.
.PP
.TP 8
.BI "\-T \-\-trails"
Enable the Web Trails feature. The report will show what are the more
frequent moves between pages of your site. This option requires the
.B --prefix
option to work.
.PP
.TP 8
.BI "\-G \-\-google"
Activate two reports about pages accessed by the Google and Adsense web
crawlers. Pages are shown ordered accordingly to the last time the Google
web crawler requested the page. The first page shown is the latest that was
accessed.
.PP
.TP 8
.BI "\-K \-\-google\-keyphrases"
Activate a report that shows common search keyphrases used to found your
web site from Google.
.PP
.TP 8
.BI "\-Z \-\-google\-keyphrases-age"
Activate a report that shows common the lastest keyphrases used to found your
site from Google.
.PP
.TP 8
.BI "\-H \-\-google\-human-language"
Activate a report that shows common human languages used to serach
from Google. This feature uses the 'hl' variable of the Google
referer URL.
.PP
.TP 8
.BI "\-U \-\-user\-agents"
Show information about common user agents.
.PP
.TP 8
.BI "\-W \-\-weekday\-hour\-map"
Activate the generation of a combined weekdays/hours bidimensional map
that shows information about traffic in every 168 different hours of a 7
days week. Brighter colors mean higher traffic. This is ideal to figure
what's the best moment on a week for a maintenance downtime, what's the
target of the site, if people are accessing it from work or from home,
and so on. The map is generated as pure html inside the report.
.PP
.TP 8
.BI "\-M \-\-month\-day\-map"
Activate the generation of a combined month/day bidimensional map
that shows information about traffic in every 365 different days of
the year. Brighter colors mean higher traffic. This is useful in order
to figure with a quick look traffic trends and days with particuarly high
or low traffic. The map is generated as pure html inside the report.
.PP
.TP 8
.BI "\-R \-\-referers\-age"
Shows referers ordered by age. The 'age' of a referer is the date it
appeared the first time. In the report, newer referers are on top. This
report is useful to check for new external links.
.PP
.TP 8
.BI "\-D \-\-domains"
Activate the generation of information about Top Level Domains
popularity. This information may be useful to guess the amount of visits
from different countries. Note that Visitors will not resolve numerical
IP addresses if they are not already resolved in the log file. All the
unresolved IP addresses will be shown in this report under the entry
Unresolved IP.
.PP
.TP 8
.BI "\-O \-\-operating\-systems"
Activate the report about Operating Systems popularity, sorted by number
of accesses. All the common operating systems are listed in the report,
while unknown operating systems will be summed in the unknown entry.
.PP
.TP 8
.BI "\-B \-\-browsers"
Activate the report about Browsers popularity, sorted by number of
accesses. All the common browsers are listed in the report, while
unknown browsers will be summed in the unknown entry. Browsers are
listed by family (for example Internet Explorer, Opera, and so on), and
not by specific version.
.PP
.TP 8
.BI "\-X \-\-error404"
Activate the generation of missing documents (404 error) report. This
report will show files requested, but missing, ordered by number of
requests. The report is useful in order to discover if for some mistake
there is some file missing in the web site, but often you will see
bizarre requests performed by users or internet worms and security
scans.
.PP
.TP 8
.BI "\-Y \-\-pageviews"
Activate the generation of a report that shows (and approximation) of
the percentage of pages viewed per unique visit. The goal of this report
is to understand the usage pattern of the site and the level of interest
of the visitors. For example, in a site that provides a number of pages
with interesting contents, the percentage of visitors performing a
single page view per visit is probably searching for something else.
.PP
.TP 8
.BI "\-S \-\-robots"
Activate the generation of a report that shows user agents of clients
requesting the file robots.txt, with the exception of the MSIE Crawler
requests. The result is a list of web robots and spieders that accessed
your web site, ordered by number of requests of robots.txt.
.PP
.TP 8
.BI "\-\-screen\-info"
Activate the screen resolution and color depth reports. Note that for this
report to work you have to insert on your HTML pages the javascript code
you can find in the README file in the visitors tarball.
.PP
.TP 8
.BI "\-\-stream"
Enable the Stream Mode (see the
.B STREAM MODE DETAILS
section for more information). Shortly: when in stream mode
.I Visitors
will process all the log files specified (possibly none, that's valid in
this mode) as usual, producing the report. Then the stream mode is
entered and
.I Visitors
will start to read from standard input for a continuous stream of web
logs, updating the statistics incrementally as new data is available. A
new report is produced periodically if new data arrived, accordingly to
the
.B --update-every
option (default is to update the statistics every ten minutes). It's
possible to ask
.I Visitors
to reset the statistics after some period of time using the
.B --reset-every
option. This allows to have a snapshot of what is going on in the last
five minutes, hour, day or week. Note that
.B --stream
requires
.B --output-file
because
.I Visitors
needs to overwrite the report for every update, so can't output to
standard output as usually. If you plan to use the stream mode, also
check the
.B --tail
option.
.PP
.TP 8
.BI "\-\-update\-every" " seconds"
By default in Stream Mode statistics are updated every 10 minutes. This
option specifies a different period in seconds.
.PP
.TP 8
.BI "\-\-reset\-every" " seconds"
By default in Stream Mode statistics are never reset, but continuously
updated incrementally. This option specifies to reset statistics after
the given amount of time in seconds. This is useful to have a snapshot
of the web site usage.
.PP
.TP 8
.BI "\-f \-\-output\-file" " file"
Write output to
.I file
instead of stdout.
.PP
.TP 8
.BI "\-m \-\-max\-lines" " number"
Set the max number of entries that should be shown in reports like
referers, keyphrases and so on. This option sets all the reports max
number of entries for all the reports at once.
.PP
.TP 8
.BI "\-r \-\-max\-referers" " number"
Set the max number of entries in the referer report.
.PP
.TP 8
.BI "\-p \-\-max\-pages" " number"
Set the max number of entries in the accessed pages report.
.PP
.TP 8
.BI "\-i \-\-max\-images" " number"
Set the max number of entries in the accessed images report.
.PP
.TP 8
.BI "\-x \-\-max\-error404" " number"
Set the max number of entries in the missing documents report.
.PP
.TP 8
.BI "\-u \-\-max\-useragents" " number"
Set the max number of entries in the user agents report.
.PP
.TP 8
.BI "\-t \-\-max\-trails" " number"
Set the max number of entries in the web trails report.
.PP
.TP 8
.BI "\-g \-\-max\-googled" " number"
Set the max number of entries in the crawled pages report (google bot).
.PP
.TP 8
.BI " \-\-max\-adsensed" " number"
Set the max number of entries in the crawled pages report (adsense bot).
.PP
.TP 8
.BI "\-k \-\-max\-google\-keyphrases" " number"
Set the max number of entries in the Google keyphrases report.
.PP
.TP 8
.BI "\-a \-\-max\-referers\-age" " number"
Set the max number of entries in the referers by date report.
.PP
.TP 8
.BI "\-d \-\-max\-domains" " number"
Set the max number of entries in the domains report.
.PP
.TP 8
.BI "\-P \-\-prefix" " string"
Prefixes specify to visitors how a link should look like to be
classified as internal to your site. This option is required for
.B --trails
and will also have the nice effect to avoid that internal links are
shown in the referers report. If you are analyzing statistics for
http://www.your.site.com/, just use:
.B --prefix http://www.your.site.com
If your site is reachable using more hostnames you should specify all
these, like in the following example:
.br
.B --prefix http://www.your.site.com --prefix http://your.site.com
.PP
.TP 8
.BI "\-o \-\-output" " html|text"
Output module. You can use text or html. The default is html.
.PP
.TP 8
.BI "\-V \-\-graphviz"
This option enables the Graphviz mode:
.I Visitors
will analyze the log file and create a graph describing the access
patterns of your web site. The information used to create the graph is
the same as the web trails report (that you can enable with --trails),
but as a graph it can be more readable for non trivial sites. An example
on how to use this feature:
% visitors access.log --prefix http://www.hping.org \\
--graphviz > graph.dot
% dot /tmp/graph.dot -Tpng > graph.png
On Debian systems, the
.B dot
command is included in the
.B graphviz
package. The generated graph will have edges of different colors, from
blue to red to specify a low to high level of popularity of a given
movement from one page to another of the web site. This option requires
one or more
.B --prefix
options in order to work, just like the
.B --trails
option.
.PP
.TP 8
.BI "\-V \-\-graphviz-ignorenode-google"
Don't put the google node on the generated graph. Only useful
with
.B --trails
.PP
.TP 8
.BI "\-V \-\-graphviz-ignorenode-external"
Don't put the external referer node on the generated graph. Only useful
with
.B --trails
.PP
.TP 8
.BI "\-V \-\-graphviz-ignorenode-noreferer"
Don't put the node indicating requests without referer on the generated graph.
Only useful with
.B --trails
.PP
.TP 8
.BI "\-\-tail"
When this option is specified
.I Visitors
will emulate the Unix command tail -f --max-unchanged-stats=1 -q. You
can specify the log file names to monitor for changes, once new data is
appended in any of the specified file, visitors will output the new data
to the standard output. This option is useful conjunction to the Stream
Mode (--stream). Files can be log-rotated because
.I Visitors
in Tail Mode will always try to reopen the file to check for changes.
.PP
.TP 8
.BI "\-\-time\-delta" " delta"
If your web server is in a different timezone than most of your visitors
or yourself, you will notice a shift in the reports regarding time and
days of week. By default,
.I Visitors
will generate output using the host's locale. You can use the
.B --time-delta
option in order to adjust the output. Positive values will shift on the
right (toward future) from the given number of hours, negative values
will shift on the left (toward past). In the future this option may have
support to directly specify the output timezone.
.PP
.TP 8
.BI "\-\-filter\-spam"
Filter referer spam using a keyword-based filter (see blacklist.h
for more information on keywords). If you don't know what referer
spam is check this Wikipedia page: http://en.wikipedia.org/wiki/Referer_spam
.PP
.TP 8
.BI "\-\-ignore\-404"
When this option is turned on log lines with 404 errors are just used to generate the 404 errors report and not used for other reports.
.PP
.TP 8
.BI "\-\-grep" " pattern"
Process only log lines matching the specified pattern.
Patterns are matched using the glob-style matching (the one
used by the unix shell):
.RS
.IP \fB*\fR 10
Matches any sequence of characters in \fIstring\fR, including a null
string.
.IP \fB?\fR 10
Matches any single character in \fIstring\fR.
.IP \fB[\fIchars\fB]\fR 10
Matches any character in the set given by \fIchars\fR. If a sequence
of the form \fIx\fB\-\fIy\fR appears in \fIchars\fR, then any
character between \fIx\fR and \fIy\fR, inclusive, will match.
.IP \fB\e\fIx\fR 10
Matches the single character \fIx\fR. This provides a way of avoiding
the special interpretation of the characters \fB*?[]\e\fR in
\fIpattern\fR.
.RE
For default matching is performed in a case sensitive way, but
case insensitive matching may be forced prefixing the pattern
with the string \fBcs:\fR, so for example the pattern \fBcs:firefox\fR
will match all the log lines containing the string firefox, FireFox,
FIREFOX and so on.
.PP
.TP 8
.BI "\-\-exclude" " pattern"
Works exactly like \fB--grep\fR, but only lines NOT matching
the specified pattern are processed. Note that --grep and --exclude
can be used multiple times, and are processed sequentially.
For example \fBvisitors --grep firefox --exclude download\fR will
process only lines including the string firefox but not including
the string download.
.PP
.TP 8
.BI "\-\-debug"
Show additional information on errors. For example invalid lines
are printed on the standard error if found. Mainly useful for developers and
error reporting.
.PP
.TP 8
.BI "\-h \-\-help"
Show usage and copyright information.
.PP
.TP 8
.BI "\-v \-\-version"
Show program version.
.SH EXAMPLES
The simplest usage, to be used interactively when you have a web log to
check (for example over ssh in your web server), just use:
% visitors access.log | less
That will produce a human readable output in text only. To generate html
web stats with much more information you may use instead this:
% visitors --output text -A -m 30 access.log -o html > report.html
If you want information on the usage patterns for your site you must
provide the url prefix of your web site, and specify the
.B --trails
option. The next example produces an HTML report with usage patterns
information.
% visitors -A -m 30 access.log --trails \\
--prefix http://www.hping.org > report.html
Note that it's ok to specify multiple file names, or to provide the
input using the standard input like in the following two examples:
% visitors /var/log/apache/access.log.*
.br
% zcat access.log.*.gz | visitors -
.SH STREAM MODE DETAILS
.PP
The usual way to run
.I Visitors
is to specify some option to control the report generation, and the name
of log files. For example to generate a report from two Apache's access
log files you can write:
% visitors -A access.log.1 access.log.2 > report.html
.I Visitors
will analyze the log files, and will output the report. Sometimes it
can be more interesting to have web statistics updated continuously,
almost in real time, as new data is available. In order to provide this
feature
.I Visitors
implements a mode called Stream Mode that reads a stream of logs from
the standard input. The following command line shows how to use it (but
check the --stream option documentation for more information).
% tail -f /var/log/apache/access.log | \\
visitors --stream -A --update-every 60 \\
--output-file /tmp/report.html
.I Visitors
will incrementally update the statistics as new logs are available and
will update the html report every 60 seconds. As you can see in this
mode is required to specify the report file name using the
.B --output-file
option because
.I Visitors
needs to overwrite the report to update it. Note that instead of the
tail command in the above example it is possible to use instead
.I Visitors
in Tail Mode (an emulation for the tail program):
% visitors --tail /var/log/apache/access.log | \\
visitors --stream -A --update-every 60 \\
--output-file /tmp/report.html
It's possible to generate real time statistics about the last N seconds
of web traffic, where N is configurable and can be from few seconds to
one week or more, using the
.B --reset-every
option. The following example generates statistics updated every 30
seconds about the last hour of traffic:
% visitors --tail /var/log/apache/access.log | \\
visitors --stream -A --update-every 30 --reset-every 3600 \\
--output-file /tmp/report.html
.SH "AUTHORS"
.PP
.I Visitors
was written by Salvatore Sanfilippo <[email protected]>.
.SH "COPYING"
Copyright
.if t \(co
.if n (C)
2004,2005 Salvatore Sanfilippo <[email protected]>.
.PP
.I Visitors
is distributed under the GNU General Public License.
.PP
This manual page was written (based on the original HTML documentation)
by Romain Francoise <[email protected]> for the Debian GNU/Linux
system, but may be used by others.
Salvatore Sanfilippo updated this man page starting from Visitors 0.5, this
manual page is now part of the Visitors tarball.