Forum Discussion
jkstraw_44238
Apr 23, 2007Nimbostratus
Hello,
Thank you again for the responses to my initial inquiry. I have a follow up question in regards to the following two items:
HTTP::header exists Referer
HTTP::cookie exists JSESSIONID
These return integer values - I need to get the URL returned for the referer and the actual session ID for the JSESSIONID (eg. AB139DD9528EFA30971A6144EA0C1D55.clusterinstance).
I also tried to reformat the output of the log file so I could parse it easily. I tried the following modification:
when HTTP_REQUEST {
set http_request_time [clock clicks -milliseconds]
set request_log_line "\
[HTTP::request_num],\
[IP::remote_addr],\
[HTTP::method],\
[HTTP::version],\
[HTTP::host],\
\"[HTTP::uri]\",\
\"[HTTP::header Referer]\",
\"[HTTP::header User-Agent]\",\
\"[HTTP::cookie JSESSIONID]",\
[SSL::cipher name],\
[SSL::cipher version],\
[SSL::cipher bits]"
}
when HTTP_RESPONSE {
set http_response_time [ clock clicks -milliseconds ]
log local0. "$request_log_line, \
HTTP status: [HTTP::status], \
Response Size: [HTTP::payload length], \
Duration: [expr $http_response_time - $http_request_time]"
}
The error I received was:
01070151:3: Rule [Halogen_Logging] error: line 12: [parse error: extra characters after close-quote] [SSL::cipher name [SSL::cipher version [SSL::cipher bits]] line 23: [use curly braces to avoid double substitution] [$http_response_time]"
I was trying to ensure that all well controlled fields were separated by commas and fields that could contain a comma were enclosed in quotes.
Thanks again for any assistance.