Email Website Webfolders Plans
Spam Free Stuff   Register

OwnMail - Free Stuff



BENEFITS

  • Maintenance-free email for business, schools and sites
  • Uses the Internet, can be given anywhere
  • No need for a server or a technician
  • Browser interface with all features, no need to load software
  • Can be used from shared computers
  • Huge mailboxes, no need to delete old mail
  • Mail can be read while travelling
  • Dramatically lower cost of servicing branch offices
  • Archiving ensures continuity despite employee turnover
  • Complete helpdesk support for switchover to OwnMail

 Register Now

GeoIP Patch for Analog

Analog is a powerful tool to analyze log files that generates beautiful reports complete with pie charts. Written in C, it is blazingly fast. However, Analog in stock form is not equipped with GeoIP resolution i.e it does not give geographical locations of access by IP addresses of hosts. It does have a DNS lookup feature but that usually just gives the name of the user's ISP, not a very interesting feature. We have patched Analog to add GeoIP resolution i.e it can produce reports with geographical location of access. We achieved this by substituting GeoIP-report in place of Operating System and Browser report, which is of less significance, and has least side effects on other reports. Example report

Implementation
Analog-6.0 has a command "UNCOMPRESS" which can be used to specify a user-specified program to uncompress the log file if it has been compressed in some other format. Thus using "UNCOMPRESS" command we can pre-process the log file data before analog actually reads it . Accordingly, we have replaced uncompress program with another that intercepts the log data and substitutes browser info in each logline with GeoIP location at runtime.
To do this we used MaxMind.com Geolocation APIs. MaxMind provides professional GeoIp solutions as well as a free/open source binary GeoIp database accessible by a C-code API. For more details visit http://www.maxmind.com.
What you need to do
  1. Download analog.
  2. Download the logfile convertor and the analog patch
  3. Apply patch to these files :
    4. tree.c -> source file in "analog-6.0/src" directory
    uk.lng -> language file in "analog-6.0/lang" directory
    Example:
    go to directory analog-6.0/src, copy file "tree.c.patch" there and use patch utility to apply patch as follows
    $ patch tree.c tree.c.patch
    go to directory analog-6.0/lang and use patch utility to apply patch as follows
    $ patch uk.lng uk.lng.patch
  4. Compile analog-6.0 :
    5. in analog-6.0 directory
    $ make
  5. Download C-API to access GeoIP database :
    6. download C-API
    copy GeoIP-1.4.4.tar.gz to analog-6.0/ directory and untar and unzip using following command.
    $ tar -xzvf GeoIP-1.4.4.tar.gz
    go to "analog-6.0/GeoIP-1.4.4" directory
    follow the readme to install GeoIP-1.4.4 in analog directory.
    $ ./configure
    $ make
    $ make check
    $ make install
  6. Download GeoLiteCity.dat.gz :
    7. You need to download this binary database and keep this file after unzipping in "analog-6.0/GeoIP-1.4.4/data" directory.
  7. Compile GeoIp.c :
    8. GeoIp.c is a C source file which filters the log file lines with Country and City information by accessing "analog-6.0/GeoIP-1.4.4/data/GeoLiteCity.dat" binary database. This is the actual pre-processing.
    Copy GeoIp.c file in analog-6.0/GeoIP-1.4.4/ directory.
    Compile this file to produce executable file "GeoIp" ...
    $ gcc -lGeoIP GeoIp.c -o GeoIp
    Example :
    For the following apache log file line:
    203.199.110.89 news.linq.in - [14/Apr/2008:10:37:06 +0530] "GET /sn.e HTTP/1.1" 200 6173 "-" "Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13" "ravikumar"
    At run-time this line will be replaced with new line with GeoIP location:
    203.199.110.89 news.linq.in - [14/Apr/2008:10:37:06 +0530] "GET /sn.e HTTP/1.1" 200 6173 "-" "GeoIp; India:Bombay^" "ravikumar"
    Note that we have replaced "Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13" information field with "GeoIp; India:Bombay^" field.
  8. Important to make GeoIP work:
    1. Your specification of log format to analog must be as below, except the last parameter which represents user. You can provide this format to analog at runtime as follows
      2. +C"LOGFORMAT (%s %v %j [%d/%M/%Y:%h:%n:%j] \"%j %r %j\" %c %b %f \"%B\" \"%u\")"
      where,
      %s : host (the client hostname, or address of the computer making the request) Ex. 203.199.110.89
      %v : virtual host (the server hostname, also called the virtual domain) Ex. news.linq.in
      %j : junk: ignore this field (field can be empty too) Ex. -
      [%d/%M/%Y:%h:%n:%j] : date and time field in format Ex. [14/Apr/2008:10:37:06 +0530]
      \"%j %r %j\" : file requested Ex. "GET /sn.e HTTP/1.1"
      %c : HTTP status code Ex. 200
      %b : number of bytes transferred Ex. 6173
      %f : referrer Ex. "-" note that this may contain referrer site.
      \"%B\" : browser Ex. "Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13"
      \"%u\" : user (tip: a cookie or session id can usefully be defined as %u too) Ex. "ravikumar"
    2. You need to use UNCOMPRESS command line argument of analog as follows if it's in zipped format.
      3. +C"UNCOMPRESS < name of log file with full path > (gunzip -c < name of log file with full path > | analog-6.0/GeoIP-1.4.4/GeoIp )"
      If it is not zipped then you need to provide it as follows
      +C"UNCOMPRESS < name of log file with full path > (cat < name of log file with full path > | analog-6.0/GeoIP-1.4.4/GeoIp )"
    3. You must have OS-report on and Browser-report and Browser-summary off.
      4. OSREP ON
      BROWSERREP OFF
      BROWSERSUM OFF
      Go through "http://www.analog.cx/docs/Readme.html" before implementing this feature.
Example report in html format with only GeoIP report switched on. This patch and preprocessor is open source, written by ravikumarstaff.ownmail.com, and currently maintained by him.