X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=tools%2Fprivoxy-log-parser.pl;h=f1a776b788384057e32f214dba2fc07ca9c3fa23;hp=c50218a5e4e2c9fc073da50c1fca8ea5f1d65eb9;hb=d2fcc92169b6847df5c86c22f0542e3f5bf97d8d;hpb=d1a32a688bb2d2e1020cd3e612c4629b5325f288 diff --git a/tools/privoxy-log-parser.pl b/tools/privoxy-log-parser.pl index c50218a5..f1a776b7 100755 --- a/tools/privoxy-log-parser.pl +++ b/tools/privoxy-log-parser.pl @@ -8,7 +8,7 @@ # # http://www.fabiankeil.de/sourcecode/privoxy-log-parser/ # -# $Id: privoxy-log-parser.pl,v 1.114 2008/08/21 07:18:57 fk Exp $ +# $Id: privoxy-log-parser.pl,v 1.118 2008/11/01 14:10:53 fk Exp $ # # TODO: # - LOG_LEVEL_CGI, LOG_LEVEL_ERROR, LOG_LEVEL_WRITE content highlighting @@ -612,7 +612,7 @@ sub h ($) { return $result; } -sub higlight_known_headers ($) { +sub highlight_known_headers ($) { my $content = shift; our %header_colours; @@ -630,7 +630,7 @@ sub higlight_known_headers ($) { return $content; } -sub higlight_matched_request_line ($$) { +sub highlight_matched_request_line ($$) { my $result = shift; # XXX: Stupid name; my $regex = shift; @@ -657,9 +657,9 @@ sub highlight_request_line ($) { # XXX: save these: ($method, $path, $http_version) = ($1, $2, $3); $rl =~ s@^(\w+)@$h{'method'}$1$h{'Standard'}@; if ($rl =~ /http:\/\//) { - $rl = higlight_matched_url($rl, '[^\s]*(?=\sHTTP)'); + $rl = highlight_matched_url($rl, '[^\s]*(?=\sHTTP)'); } else { - $rl = higlight_matched_pattern($rl, 'request_', '[^\s]*(?=\sHTTP)'); + $rl = highlight_matched_pattern($rl, 'request_', '[^\s]*(?=\sHTTP)'); } $rl =~ s@(HTTP\/\d\.\d)$@$h{'http-version'}$1$h{'Standard'}@; @@ -667,7 +667,7 @@ sub highlight_request_line ($) { } elsif ($rl =~ m/\.\.\. \[too long, truncated\]$/) { $rl =~ s@^(\w+)@$h{'method'}$1$h{'Standard'}@; - $rl = higlight_matched_url($rl, '[^\s]*(?=\.\.\.)'); + $rl = highlight_matched_url($rl, '[^\s]*(?=\.\.\.)'); } elsif ($rl =~ m/^ $/) { @@ -709,7 +709,7 @@ sub highlight_response_line ($) { return $rl; } -sub higlight_matched_url ($$) { +sub highlight_matched_url ($$) { my $result = shift; # XXX: Stupid name; my $regex = shift; @@ -724,7 +724,7 @@ sub higlight_matched_url ($$) { return $result; } -sub higlight_matched_host ($$) { +sub highlight_matched_host ($$) { my $result = shift; # XXX: Stupid name; my $regex = shift; @@ -736,7 +736,7 @@ sub higlight_matched_host ($$) { return $result; } -sub higlight_matched_pattern ($$$) { +sub highlight_matched_pattern ($$$) { our %h; my $result = shift; # XXX: Stupid name; @@ -753,7 +753,7 @@ sub higlight_matched_pattern ($$$) { } -sub higlight_matched_path ($$) { +sub highlight_matched_path ($$) { my $result = shift; # XXX: Stupid name; my $regex = shift; @@ -842,8 +842,8 @@ sub handle_loglevel_header ($) { } elsif ($c =~ m/^New host is: ([^\s]*)\./) { # New host is: trac.vidalia-project.net. Crunching Referer: http://www.vidalia-project.net/ - $c = higlight_matched_host($c, '(?<=New host is: )[^\s]+'); - $content = higlight_matched_url($c, '(?<=Crunching Referer: )[^\s]+'); + $c = highlight_matched_host($c, '(?<=New host is: )[^\s]+'); + $content = highlight_matched_url($c, '(?<=Crunching Referer: )[^\s]+'); } elsif ($c =~ m/^Text mode enabled by force. (Take cover)!/) { @@ -860,12 +860,12 @@ sub handle_loglevel_header ($) { # Adjusted Content-Length to 2132 # Adjust Content-Length to 33533 $content =~ s@(?<=Content-Length to )(\d+)@$h{'Number'}$1$h{'Standard'}@; - $content = higlight_known_headers($content); + $content = highlight_known_headers($content); } elsif ($c =~ m/^Destination extracted from "Host:" header. New request URL:/) { # Destination extracted from "Host:" header. New request URL: http://www.cccmz.de/~ridcully/blog/ - $content = higlight_matched_url($content, '(?<=New request URL: ).*'); + $content = highlight_matched_url($content, '(?<=New request URL: ).*'); } elsif ($c =~ m/^Couldn\'t parse:/) { @@ -920,7 +920,9 @@ sub handle_loglevel_header ($) { # Modified: User-Agent: Mozilla/5.0 (X11; U; SunOS i86pc; pl-PL; rv:1.8.1.1) Gecko/20070214 Firefox/2.0.0.1 # Accept-Language header crunched and replaced with: Accept-Language: pl-pl - # cookie 'Set-Cookie: eZSessionCookie=07bfec287c197440d299f81580593c3d; expires=Thursday, 12-Apr-07 15:16:18 GMT; path=/' send by http://wirres.net/article/articleview/4265/1/6/ appears to be using time format 1 (XXX: gone with the wind) + # cookie 'Set-Cookie: eZSessionCookie=07bfec287c197440d299f81580593c3d; \ + # expires=Thursday, 12-Apr-07 15:16:18 GMT; path=/' send by \ + # http://wirres.net/article/articleview/4265/1/6/ appears to be using time format 1 (XXX: gone with the wind) # Cookie rewritten to a temporary one: Set-Cookie: NSC_gffe-iuuq-mc-wtfswfs=8efb33a53660;path=/ # Text mode is already enabled # Denied request with NULL byte(s) turned into line break(s) @@ -946,7 +948,8 @@ sub handle_loglevel_header ($) { # Content-Disposition header crunched and replaced with: content-disposition: filename=baz # Reducing white space in 'X-LWS-Test: "This is quoted" this is not "this is " but " this again is not' # Ignoring single quote in 'X-LWS-Test: "This is quoted" this is not "this is " but " this again is not' - # Converting tab to space in 'X-LWS-Test: "This is quoted" this is not "this is " but " this again is not' + # Converting tab to space in 'X-LWS-Test: "This is quoted" this is not "this is " but "\ + # this again is not' } elsif ($c =~ m/^scanning headers for:/) { @@ -966,7 +969,8 @@ sub handle_loglevel_header ($) { } elsif ($c =~ m/^(Transforming \")(.*?)(\" to \")(.*?)(\")/) { - # Transforming "Proxy-Authenticate: Basic realm="Correos Proxy Server"" to "Proxy-Authenticate: Basic realm="Correos Proxy Server"" + # Transforming "Proxy-Authenticate: Basic realm="Correos Proxy Server"" to\ + # "Proxy-Authenticate: Basic realm="Correos Proxy Server"" $content =~ s@(?<=^Transforming \")(.*)(?=\" to)@$h{'Header'}$1$h{'Standard'}@; $content =~ s@(?<=to \")(.*)(?=\")@$h{'Header'}$1$h{'Standard'}@; @@ -978,7 +982,8 @@ sub handle_loglevel_header ($) { } elsif ($c =~ m/^Content-Type: .* not replaced/) { - # Content-Type: application/octet-stream not replaced. It doesn't look like text. Enable force-text-mode if you know what you're doing. + # Content-Type: application/octet-stream not replaced. It doesn't look like text.\ + # Enable force-text-mode if you know what you're doing. # XXX: Could highlight more here. $content =~ s@(?<=^Content-Type: )(.*)(?= not replaced)@$h{'content-type'}$1$h{'Standard'}@; @@ -989,7 +994,7 @@ sub handle_loglevel_header ($) { # Highlight headers unless ($c =~ m/^Transforming/) { - $content = higlight_known_headers($content) unless $no_special_header_highlighting; + $content = highlight_known_headers($content) unless $no_special_header_highlighting; } return $content; @@ -1108,7 +1113,7 @@ sub handle_loglevel_re_filter ($) { $c =~ s@(?<=produced )(\d+)(?= hits)@$h{'Number'}$1$h{'Standard'}@; $c =~ s@([^\s]+?)(\'? produced)@$h{'filter'}$1$h{'Standard'}$2@; - $c = higlight_matched_host($c, '(?<=filtering )[^\s]+'); + $c = highlight_matched_host($c, '(?<=filtering )[^\s]+'); $c =~ s@\.$@ @; $c .= "(" . $h{'Number'}; @@ -1160,7 +1165,8 @@ sub handle_loglevel_re_filter ($) { return '' if (SUPPRESS_SUCCEEDED_FILTER_ADDITIONS && m/succeeded/); # Adding re_filter job ... - # Adding dynamic re_filter job s@^(?:\w*)\s+.*\s+HTTP/\d\.\d\s*@IP-ADDRESS: $origin@D to filter client-ip-address succeeded. + # Adding dynamic re_filter job s@^(?:\w*)\s+.*\s+HTTP/\d\.\d\s*@IP-ADDRESS: $origin@D\ + # to filter client-ip-address succeeded. } elsif ($c =~ m/^Reading in filter/) { @@ -1186,28 +1192,30 @@ sub handle_loglevel_redirect ($) { if ($c =~ m/^Decoding "([^""]*)"/) { $req{$t}{'original-destination'} = $1; - $c = higlight_matched_path($c, '(?<=Decoding ")[^"]*'); + $c = highlight_matched_path($c, '(?<=Decoding ")[^"]*'); $c =~ s@\"@@g; } elsif ($c =~ m/^Checking/) { - # Checking /_ylt=A0geu.Z76BRGR9kAH2RXNyoA/SIG=14gqhtscv/EXP=1175861755/**http://search.yahoo.com/search?p=view+odb+presentation+on+freebsd&ei=UTF-8&xargs=0&pstart=1&fr=moz2&b=11 for redirects. + # Checking /_ylt=A0geu.Z76BRGR9k/**http://search.yahoo.com/search?p=view+odb+presentation+on+freebsd\ + # &ei=UTF-8&xargs=0&pstart=1&fr=moz2&b=11 for redirects. # TODO: Change colour if really url-decoded $req{$t}{'decoded-original-destination'} = $1; - $c = higlight_matched_path($c, '(?<=Checking ")[^"]*'); + $c = highlight_matched_path($c, '(?<=Checking ")[^"]*'); $c =~ s@\"@@g; } elsif ($c =~ m/^pcrs command "([^""]*)" changed "([^""]*)" to "([^""]*)" \((\d+) hits?\)/) { - # pcrs command "s@&from=rss@@" changed "http://it.slashdot.org/article.pl?sid=07/03/02/1657247&from=rss" to "http://it.slashdot.org/article.pl?sid=07/03/02/1657247" (1 hit). + # pcrs command "s@&from=rss@@" changed "http://it.slashdot.org/article.pl?sid=07/03/02/1657247&from=rss"\ + # to "http://it.slashdot.org/article.pl?sid=07/03/02/1657247" (1 hit). my ($pcrs_command, $url_before, $url_after, $hits) = ($1, $2, $3, $4); # XXX: save these? $c =~ s@(?<=pcrs command )"([^""]*)"@$h{'filter'}$1$h{'Standard'}@; - $c = higlight_matched_url($c, '(?<=changed ")[^""]*'); + $c = highlight_matched_url($c, '(?<=changed ")[^""]*'); $c =~ s@(?<=changed )"([^""]*)"@$1@; # Remove quotes - $c = higlight_matched_url($c, '(?<=to ")[^""]*'); + $c = highlight_matched_url($c, '(?<=to ")[^""]*'); $c =~ s@(?<=to )"([^""]*)"@$1@; # Remove quotes $c =~ s@(\d+)(?= hits?)@$h{'hits'}$1$h{'Standard'}@; @@ -1219,9 +1227,10 @@ sub handle_loglevel_redirect ($) { $c = $1 . h('rewritten-URL') . $2 . h('Standard'); } elsif ($c =~ m/No pcrs command recognized, assuming that/) { - # No pcrs command recognized, assuming that "http://config.privoxy.org/user-manual/favicon.png" is already properly formatted. + # No pcrs command recognized, assuming that "http://config.privoxy.org/user-manual/favicon.png"\ + # is already properly formatted. # XXX: assume the same? - $c = higlight_matched_url($c, '(?<=assuming that \")[^"]*'); + $c = highlight_matched_url($c, '(?<=assuming that \")[^"]*'); } else { @@ -1299,13 +1308,13 @@ sub handle_loglevel_request ($) { $content =~ s@\(($reason)\)@$reason_colours{$reason}($1)$h{'Standard'}@g; } # Highlight request URL domain and ditch 'crunch!' - $content = higlight_matched_pattern($content, 'request_', '[^ ]*(?= crunch!)'); + $content = highlight_matched_pattern($content, 'request_', '[^ ]*(?= crunch!)'); $content =~ s@ crunch!@@; } elsif ($content =~ m/\[too long, truncated\]$/) { # config.privoxy.org/edit-actions-submit?f=3&v=1176116716&s=7&Submit=Submit[...]&filter... [too long, truncated] - $content = higlight_matched_pattern($content, 'request_', '^.*(?=\.\.\. \[too long, truncated\]$)'); + $content = highlight_matched_pattern($content, 'request_', '^.*(?=\.\.\. \[too long, truncated\]$)'); } elsif ($content =~ m/(.*)/) { # XXX: Pretty stupid @@ -1332,14 +1341,14 @@ sub handle_loglevel_connect ($) { # Connect: via 10.0.0.1:8123 to: www.example.org.noconnect - $c = higlight_matched_host($c, '(?<=via )[^\s]+'); - $c = higlight_matched_host($c, '(?<=to: )[^\s]+'); + $c = highlight_matched_host($c, '(?<=via )[^\s]+'); + $c = highlight_matched_host($c, '(?<=to: )[^\s]+'); } elsif ($c =~ m/connect to: .* failed: .*/) { # connect to: www.example.org.noconnect failed: Operation not permitted - $c = higlight_matched_host($c, '(?<=connect to: )[^\s]+'); + $c = highlight_matched_host($c, '(?<=connect to: )[^\s]+'); $c =~ s@(?<=failed: )(.*)@$h{'error'}$1$h{'Standard'}@; @@ -1348,13 +1357,13 @@ sub handle_loglevel_connect ($) { # Connect: to www.nzherald.co.nz successful return '' if SUPPRESS_SUCCESSFUL_CONNECTIONS; - $c = higlight_matched_host($c, '(?<=to )[^\s]+'); + $c = highlight_matched_host($c, '(?<=to )[^\s]+'); } elsif ($c =~ m/to ([^\s]*)$/) { # Connect: to lists.sourceforge.net:443 - $c = higlight_matched_host($c, '(?<=to )[^\s]+'); + $c = highlight_matched_host($c, '(?<=to )[^\s]+'); } elsif ($c =~ m/^accepted connection from .*/ or $c =~ m/^OK/) { @@ -1363,13 +1372,13 @@ sub handle_loglevel_connect ($) { # Privoxy 3.0.6 and earlier just say: # OK return '' if SUPPRESS_ACCEPTED_CONNECTIONS; - $c = higlight_matched_host($c, '(?<=connection from ).*'); + $c = highlight_matched_host($c, '(?<=connection from ).*'); } elsif ($c =~ m/^write header to: .* failed:/) { # write header to: 10.0.0.1 failed: Broken pipe - $c = higlight_matched_host($c, '(?<=write header to: )[^\s]*'); + $c = highlight_matched_host($c, '(?<=write header to: )[^\s]*'); $c =~ s@(?<=failed: )(.*)@$h{'Error'}$1$h{'Standard'}@; } elsif ($c =~ m/^write header to client failed:/) { @@ -1404,12 +1413,70 @@ sub handle_loglevel_connect ($) { } elsif ($c =~ m/^Denying suspicious CONNECT request from/) { # Denying suspicious CONNECT request from 10.0.0.1 - $c = higlight_matched_host($c, '(?<=from )[^\s]+'); # XXX: not an URL + $c = highlight_matched_host($c, '(?<=from )[^\s]+'); # XXX: not an URL } elsif ($c =~ m/^socks5_connect:/) { $c =~ s@(?<=socks5_connect: )(.*)@$h{'error'}$1$h{'Standard'}@; + } elsif ($c =~ m/^Found reusable socket/) { + + # Found reusable socket 9 for www.privoxy.org:80 in slot 0. + $c =~ s@(?<=Found reusable socket )(\d+)@$h{'Number'}$1$h{'Standard'}@; + $c = highlight_matched_host($c, '(?<=for )[^\s]+'); + $c =~ s@(?<=in slot )(\d+)@$h{'Number'}$1$h{'Standard'}@; + + } elsif ($c =~ m/^Marking open socket/) { + + # Marking open socket 9 for www.privoxy.org:80 in slot 0 as unused. + $c =~ s@(?<=Marking open socket )(\d+)@$h{'Number'}$1$h{'Standard'}@; + $c = highlight_matched_host($c, '(?<=for )[^\s]+'); + $c =~ s@(?<=in slot )(\d+)@$h{'Number'}$1$h{'Standard'}@; + + } elsif ($c =~ m/^No reusable/) { + + # No reusable socket for addons.mozilla.org:443 found. Opening a new one. + $c = highlight_matched_host($c, '(?<=for )[^\s]+'); + + } elsif ($c =~ m/^(Remembering|Forgetting) socket/) { + + # Remembering socket 13 for www.privoxy.org:80 in slot 0. + # Forgetting socket 38 for www.privoxy.org:80 in slot 5. + $c =~ s@(?<=socket )(\d+)@$h{'Number'}$1$h{'Standard'}@; + $c = highlight_matched_host($c, '(?<=for )[^\s]+'); + $c =~ s@(?<=in slot )(\d+)@$h{'Number'}$1$h{'Standard'}@; + + } elsif ($c =~ m/^Socket/) { + + # Socket 18 for www.privoxy.org:80 in slot 0 is no longer usable. Closing. + # Socket 16 already forgotten or never remembered. + $c =~ s@(?<=Socket )(\d+)@$h{'Number'}$1$h{'Standard'}@; + $c = highlight_matched_host($c, '(?<=for )[^\s]+'); + $c =~ s@(?<=in slot )(\d+)@$h{'Number'}$1$h{'Standard'}@; + + } elsif ($c =~ m/^The connection to/) { + + # The connection to www.privoxy.org:80 in slot 0 timed out. Closing. + $c = highlight_matched_host($c, '(?<=connection to )[^\s]+'); + $c =~ s@(?<=in slot )(\d+)@$h{'Number'}$1$h{'Standard'}@; + + } elsif ($c =~ m/^Initialized/) { + + # Initialized 20 socket slots. + $c =~ s@(?<=Initialized )(\d+)@$h{'Number'}$1$h{'Standard'}@; + + } elsif ($c =~ m/^Done reading from server/) { + + # Done reading from server. Expected content length: 24892. \ + # Actual content length: 24892. Most recently received: 4412. + $c =~ s@(?<=Expected content length: )(\d+)@$h{'Number'}$1$h{'Standard'}@; + $c =~ s@(?<=Actual content length: )(\d+)@$h{'Number'}$1$h{'Standard'}@; + $c =~ s@(?<=received: )(\d+)@$h{'Number'}$1$h{'Standard'}@; + + } elsif ($c =~ m/^Looks like we reached/) { + + # Looks like we reached the end of the last chunk. We better stop reading. + } else { found_unknown_content($c); @@ -1430,7 +1497,7 @@ sub handle_loglevel_info ($) { if ($c =~ m/^Rewrite detected:/) { # Rewrite detected: GET http://10.0.0.2:88/blah.txt HTTP/1.1 - $c = higlight_matched_request_line($c, '(?<=^Rewrite detected: ).*'); + $c = highlight_matched_request_line($c, '(?<=^Rewrite detected: ).*'); } elsif ($c =~ m/^Decompress(ing deflated|ion didn)/ or $c =~ m/^Compressed content detected/ or @@ -1438,7 +1505,8 @@ sub handle_loglevel_info ($) { ) { # Decompressing deflated iob: 117 # Decompression didn't result in any content. - # Compressed content detected, content filtering disabled. Consider recompiling Privoxy with zlib support or enable the prevent-compression action. + # Compressed content detected, content filtering disabled. Consider recompiling Privoxy\ + # with zlib support or enable the prevent-compression action. # Tagger 'complete-url' created empty tag. Ignored. # Ignored for now @@ -1486,15 +1554,29 @@ sub handle_loglevel_info ($) { $c =~ s@(CONNECT)@$h{'method'}$1$h{'Standard'}@; $c =~ s@(?<=to port )(\d+)@$h{'port'}$1$h{'Standard'}@; + } elsif ($c =~ m/^Status code/) { + + # Status code 304 implies no body. + $c =~ s@(?<=Status code )(\d+)@$h{'status-code'}$1$h{'Standard'}@; + + } elsif ($c =~ m/^Method/) { + + # Method HEAD implies no body. + $c =~ s@(?<=Method )([^\s]+)@$h{'method'}$1$h{'Standard'}@; + } elsif ($c =~ m/^No logfile configured/ or $c =~ m/^Malformerd HTTP headers detected and MS IIS5 hack enabled/ or - $c =~ m/^Invalid \"chunked\" transfer/ + $c =~ m/^Invalid \"chunked\" transfer/ or + $c =~ m/^Support for/ ) { # No logfile configured. Please enable it before reporting any problems. - # Malformerd HTTP headers detected and MS IIS5 hack enabled. Expect an invalid response or even no response at all. + # Malformerd HTTP headers detected and MS IIS5 hack enabled. Expect an invalid \ + # response or even no response at all. # No logfile configured. Logging disabled. # Invalid "chunked" transfer encoding detected and ignored. + # Support for 'Connection: keep-alive' is experimental, incomplete and\ + # known not to work properly in some situations. } else { @@ -1541,12 +1623,12 @@ sub handle_loglevel_force ($) { # Ignored force prefix in request: "GET http://10.0.0.1/PRIVOXY-FORCE/block HTTP/1.1" $c =~ s@^(Ignored)@$h{'ignored'}$1$h{'Standard'}@; - $c = higlight_matched_request_line($c, '(?<=request: ")[^"]*'); + $c = highlight_matched_request_line($c, '(?<=request: ")[^"]*'); } elsif ($c =~ m/^Enforcing request:/) { # Enforcing request: "GET http://10.0.0.1/block HTTP/1.1". - $c = higlight_matched_request_line($c, '(?<=request: ")[^"]*'); + $c = highlight_matched_request_line($c, '(?<=request: ")[^"]*'); } else { @@ -1724,7 +1806,9 @@ sub parse_loop () { } elsif (m/^(\d+\.\d+\.\d+\.\d+) - - \[(.*)\] "(.*)" (\d+) (\d+)/) { # LOG_LEVEL_CLF lines look like this - # 61.152.239.32 - - [04/Mar/2007:18:28:23 +0100] "GET http://ad.yieldmanager.com/imp?z=1&Z=120x600&s=109339&u=http%3A%2F%2Fwww.365loan.co.uk%2F&r=1 HTTP/1.1" 403 1730 + # 61.152.239.32 - - [04/Mar/2007:18:28:23 +0100] "GET \ + # http://ad.yieldmanager.com/imp?z=1&Z=120x600&s=109339&u=http%3A%2F%2Fwww.365loan.co.uk%2F&r=1\ + # HTTP/1.1" 403 1730 our ($ip, $timestamp, $request_line, $status_code, $size) = ($1, $2, $3, $4, $5); print_clf_message();