cancel
Showing results for 
Search instead for 
Did you mean: 
karthago
Level 9

MWG 7.3.2.3.0 corrupted log lines

Hi,

we just found that our access.logs contain the following lines:

[18/Oct/2013:14:06:10 +0200] "\" 10.xxx.xxx.xxx 10.xxx.xxx.xxx 401 "POST http://xxxxxx.xxxxxx.at:8080/VersionControl/v1.0/upload.asmx HTTP/1.1" "-" "-" "-" 428 "Team Foundation (devenv.exe, 10.0.40219.445)" "-" "0"

[18/Oct/2013:14:06:10 +0200] "\" 10.xxx.xxx.xxx 255.255.255.255 400 "ñ/3  Px xr ÃŒ2>'ªüÎÒB‡¥”€þùót´øöO(öþ­ßæ7üd)~ý ¹~#•þß $ý ý6òö¯ÿ'‹ ö‰ÿÕo  " "-" "-" "-" 3041 "-" "-" "0"

[18/Oct/2013:14:06:10 +0200] "\" 10.xxx.xxx.xxx 10.xxx.xxx.xxx 200 "POST http://xxxxxx.xxxxxx.at:8080/VersionControl/v1.0/upload.asmx HTTP/1.1" "-" "-" "-" 293 "Team Foundation (devenv.exe, 10.0.40219.445)" "-" "0"

and the same error occurs when MWG tries to find the media type:

[21/Oct/2013:15:30:27 +0200] "DOMAIN\user" 10.xxx.xxx.xxx 77.72.164.29 200 "GET http://austria1.adverserve.net/RealMedia/ads/adstream_lx.ads/www.tt.com/sport/fussball/story/211013_... HTTP/1.1" "Web Ads" "Unverified" "€ ÄfN+" 444 "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET4.0E)" "-" "0"

and our log line definition:

time_stamp "auth_user" src_ip dst_ip status_code "req_line" "categories" "rep_level" "media_type" bytes_to_client "user_agent" "virus_name" "block_res"

Web Reporter hangs when parsing corrupted log lines so we cannot run any reports at the moment.

Did anyone observe the same problem?

Thanks!

0 Kudos