View Full Version : Understanding my error logs
Hi,
Does anyone know of a place to get information on interpreting your error logs?
I have things on mine that I don't understand. Here's an example: %% [Wed May 26 22:17:12 1999] GET /cgi-bin/cframes/compose?disk=216.32.180.74_d705&login=mrideas29&f=33793&curmbox=A CTIVE&_lang= HTTP/1.0
What is that?
Thank you!
[This message has been edited by pc (edited 06-02-99)]
fuddmain
06-16-1999, 10:32 AM
I don't have any info on interpreting error logs (as I haven't looked at mine yet), but I can decipher the example you cited.
Basically, that's an HTTP request header sent by a web agent (browser, robot, etc.). The "GET" part is the agent stating it wants to receive a particular resource.[nbsp][nbsp]In this case that resource is "/cgi-bin/cframes/compose".[nbsp][nbsp]All the stuff after the "?" are arguments to be passed to "compose".[nbsp][nbsp]If you split that junk on the "&" you are left with:
disk=216.32.180.74_d705
login=mrideas29
f=33793
curmbox=ACTIVE
_lang=
The HTTP/1.0 part is the agent telling the server which version of HTTP it would like to use.
Anyway, "compose" should have variables named disk, login, f, curmbox and _lang.[nbsp][nbsp]Presumably, compose can take the values assigned to these, do some magic and return something to the agent.
This probably showed up in your error log because there is no "/cgi-bin/cframes/compose" resource at your site.
This may be more info than you need, but I hope it helps.[nbsp][nbsp]I've just learned about HTTP myself, so there may be other people who could shed more light.
For more info on HTTP, head to www.w3.org (http://www.w3.org) or pick up "Web Client Programming with Perl" by O'Reilly.
------------------
Brian
[nbsp]fuddmain@gdi.net[nbsp]
[This message has been edited by fuddmain (edited 06-16-99)]
Thank you. Still a bit above my head but a little clearer.
I really don't understand where these odd requests come from when there is no such program in my cgi bin. That is what confuses me. I understand some of the things in my logs, like when I'm trying to install something and it's not working. ;)
I'll check the url you left and see if that can clarify things for me ever more.
Charles Capps
06-17-1999, 01:04 AM
Hm, that looks a LOT like a hotmail URL...![nbsp][nbsp]Is that the only instance?[nbsp][nbsp]Weird...[nbsp][nbsp]:)
------------------
"Okay, so I'm not "SANE" so to speak, but uh... I'm the lovable kind of psycho"
http://solareclipse.net/
No, there have been more similar entries. There are lots of bizarre things in my logs. That's why I'm trying to understand them.
If that 216.32.180.74 is an IP address, it belongs to:
Exodus Commnications Inc. (NETBLK-ECI-7)
1605 Wyatt Dr.
Santa Clara CA 95054
Netname: ECI-7
Netblock: 216.32.0.0 - 216.35.255.255
Maintainer: ECI
Coordinator:
DeLong, Owen[nbsp][nbsp](OD19-ARIN)[nbsp][nbsp]owen@DELONG.SJ.CA.US
(408) 539-9559 (408)-532-9362
Domain System inverse mapping provided by:
NS.EXODUS.NET[nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp]206.79.230.10
NS2.EXODUS.NET[nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp] 207.82.198.150
Here's some more strange ones that happen over and over:
[Mon May 31 16:40:41 1999] GET /cgi-bin/dmailweb.exe?cmd=item&utoken=lajambe@208.160.88.2_4b4659135a19692 50700&item=668&fld=0&& HTTP/1.0
[Mon Apr 19 16:11:23 1999] GET /cgi-bin/dmailweb.cgi?cmd=item&item=31&utoken=croley@205.216.77.3_21733340 3e536b210d00&part=5&fld=0 HTTP/1.1
[Sat Apr 24 21:30:42 1999] GET /cgi-bin/dmailweb.cgi?cmd=item&item=199&utoken=brock@205.216.77.3_27004c6b 1a166f1f0e00&part=5&fld=0 HTTP/1.1
[Thu May[nbsp][nbsp]6 00:53:49 1999] GET /cgi-bin/mailweb.cgi?cmd=item&utoken=ruth1@206.67.111.28_2900&item=264&fld =0&& HTTP/1.1
????
Terra
06-17-1999, 01:57 AM
Possibly someone is scanning/probing your domain for these particular programs...[nbsp][nbsp]There could be a potential exploit in those programs, if you were to have them...
--
Terra
--What? me paranoid?!?--
FutureQuest
Nope, don't have 'em. The only things I have is a recommend thing (birdcast), webadverts, and a guestbook. Oops, forgot I just added UBB.
You and Deb have assured me there's no problem with these, I just want to figure out why I keep getting so MANY of these errors.
I have a partially free day tomorrow, so I'm going to try and read up on the url fuddmain supplied, so I'll understand these things better.
Maybe then I'll understand all these smart techies ;) that post in these forums. It's hard when you're Internet challenged. :)
fuddmain
06-17-1999, 08:39 AM
I did a search on "dmailweb.exe" and came up with the following url: http://netwinsite.com/dmailweb/index.htm.[nbsp][nbsp]Apparently, it's a way to provide web-based email on your site.[nbsp][nbsp]Terra's thought on someone trying to exploit these programs is probably valid, but you don't have them installed, so no worries.
You're going to find lot's of wierd stuff in your log as times goes on.[nbsp][nbsp]It's very easy to write robots which scour the web searching for various information.[nbsp][nbsp]Most are benign and are written by folks trying to save a little time.[nbsp][nbsp]If they become a nuisance, there are steps you can take to limit their access to your site.
Don't worry about being internet challeged.[nbsp][nbsp]It wasn't that long ago that I was in the same boat.[nbsp][nbsp]Then the company I work for gave me their website project and I had to sink or swim.[nbsp][nbsp]I found out it wasn't too hard and being a geek is cool. I know, I know, I'm a sick puppy.
------------------
Brian
[nbsp]brian@fuddmain.com[nbsp]
vBulletin® v3.6.8, Copyright ©2000-2008, Jelsoft Enterprises Ltd.