NAME

HTTPD::Log::Filter - a module to filter entries out of an httpd log.

SYNOPSIS

    my $hlf = HTTPD::Log::Filter->new(
        exclusions_file     => $exclusions_file,
        agent_re            => '.*Mozilla.*',
        format              => 'ELF',
    );

    while( <> )
    {
        my $ret = $hlf->filter( $_ );
        die "Error at line $.: invalid log format\n" unless defined $ret;
        print $_ if $ret;
    }

    print grep { $hlf->filter( $_ ) } <>;

    $hlf = HTTPD::Log::Filter->new(
        capture => [ qw(
            host
            ident
            authexclude
            date
            request
            status
            bytes
        ) ];
    );

    while( <> )
    {
        next unless $hlf->filter( $_ );
        print $hlf->host, "\n";
    }

    print grep { $hlf->filter( $_ ) } <>;

DESCRIPTION

This module provide a simple interface to filter entries out of an httpd logfile. The constructor can be passed regular expressions to match against particular fields on the logfile. It does its filtering line by line, using a filter method that takes a line of a logfile as input, and returns true if it matches, and false if it doesn't.

There are two possible non-matching (false) conditions; one is where the line is a valid httpd logfile entry, but just doesn't happen to match the filter (where "" is returned). The other is where it is an invalid entry according to the format specified in the constructor.

CONSTRUCTOR

The constructor is passed a number of options as a hash. These are:

exclusions_file: This option can be used to specify a filename for entries that don't match the filter to be written to.
invert: This option, is set to true, will invert the logic of the fliter; i.e. will return only non-matching lines.
format: This should be one of:

CLF

Common Log Format (CLF):

"%h %l %u %t \"%r\" %>s %b"

ELF

NCSA Extended/combined Log format:

"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""

XLF

Some bespoke format based on extended log format + some junk at the end:

"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" %j

where %j is .* in regex-speak.

See <http://httpd.apache.org/docs/mod/mod_log_config.html> for more information on log file formats.

SQUID

Logging format for Squid (v1.1+) caching / proxy servers. This is of the form:

"%9d.%03d %6d %s %s/%03d %d %s %s %s %s%s/%s %s"

where the fields are:

    time 
    elapsed 
    remotehost 
    code_status 
    bytes 
    method 
    url 
    rfc931
    peerstatus_peerhost 
    type

(see <http://www.squid-cache.org/Doc/FAQ/FAQ-6.html> for more info).

This class of options specifies the regular expression or expressions which are used to filter the logfile for httpd logs.

Ditto for Squid logs.

capture [ <fieldname1>, <fieldname2>, ... ]

This option requests the filter to capture the contents of given named fields so that they can be examined if the filtering is successful. This is done by simply putting capturing parentheses around the appropriate segment of the filtering regex. Fields to be captured are passed as an array reference. WARNING; do not try to insert your own capturing parentheses in the custom field regexes, as this will have unpredictable results when combined with the capture option.

Captured fields can be accessed after each call to filter using a method call with the same name as the captured field; e.g.

    my $filter = HTTPD::Logs::Filter->new(
        capture => [ 'host', 'request' ]
    );
    while ( <> )
    {
        next unless $filter->filter( $_ );
        print $filter->host, " requested ", $filter->request, "\n";
    }

METHODS

filter

Filters a line of a httpd logfile. returns true (the line) if it matches, and false ("" or undef) if it doesn't.

There are two possible non-matching (false) conditions; one is where the line is a valid httpd logfile entry, but just doesn't happen to match the filter (where "" is returned). The other is where it is an invalid entry according to the format specified in the constructor.

AUTHOR

Ave Wrigley <Ave.Wrigley@itn.co.uk>