0 Replies Latest reply on Oct 23, 2013 3:56 AM by karthago

    MWG 7.3.2.3.0 corrupted log lines

    karthago

      Hi,

       

      we just found that our access.logs contain the following lines:

       

      [18/Oct/2013:14:06:10 +0200] "\" 10.xxx.xxx.xxx 10.xxx.xxx.xxx 401 "POST http://xxxxxx.xxxxxx.at:8080/VersionControl/v1.0/upload.asmx HTTP/1.1" "-" "-" "-" 428 "Team Foundation (devenv.exe, 10.0.40219.445)" "-" "0"

      [18/Oct/2013:14:06:10 +0200] "\" 10.xxx.xxx.xxx 255.255.255.255 400 "ñ/3  Px xr ÃŒ2>'ªüÎÒB‡¥”€þùót´øöO(öþÂßæ7üd)~ý ¹~#•þß $ý ý6òö¯ÿ'‹ ö‰ÿÕo  " "-" "-" "-" 3041 "-" "-" "0"

      [18/Oct/2013:14:06:10 +0200] "\" 10.xxx.xxx.xxx 10.xxx.xxx.xxx 200 "POST http://xxxxxx.xxxxxx.at:8080/VersionControl/v1.0/upload.asmx HTTP/1.1" "-" "-" "-" 293 "Team Foundation (devenv.exe, 10.0.40219.445)" "-" "0"

       

      and the same error occurs when MWG tries to find the media type:

       

      [21/Oct/2013:15:30:27 +0200] "DOMAIN\user" 10.xxx.xxx.xxx 77.72.164.29 200 "GET http://austria1.adverserve.net/RealMedia/ads/adstream_lx.ads/www.tt.com/sport/fu ssball/story/211013_spo_koller_alm/1891453980/x08/ttcom/default/empty.gif/507470 3634552b5770574141436c4472?_RM_EMPTY_&width=1003 HTTP/1.1" "Web Ads" "Unverified" "€ ÄfN+" 444 "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET4.0E)" "-" "0"

       

      and our log line definition:

       

      time_stamp "auth_user" src_ip dst_ip status_code "req_line" "categories" "rep_level" "media_type" bytes_to_client "user_agent" "virus_name" "block_res"

       

      Web Reporter hangs when parsing corrupted log lines so we cannot run any reports at the moment.

       

      Did anyone observe the same problem?

       

      Thanks!