Active Log Monitor

Active Log Monitor from World Wide Creations allows you to monitor access to your weebserver in realtime, i.e. you can see which pages are being accessed as they are being viewed. If you use an Apache webserver for your site, or any other webserver that uses the combined log format or common log format for its access log (the log that tracks access to your webpages), then you can use Active Log Monitor. The program, which is a PHP script, uses the tail command, which is found on most Unix and Linux systems. Microsoft provides a tail program for free as part of the Windows Server 2003 Resource Kit Tools. You can also download a free tail program for Windows from Tail for Win32

The developer dscribes the Active Log Monitor program at Monitoring Your Website For Free as follows:

Monitoring your web site is a very important task that many webmasters attempt every day. There are many commercial methods to accomplishing this but if you have a Unix/Linux/*nix based server with Apache, you can monitor your traffic free of cost with very little work.

We at WorldWideCreations.com have released a free program that will let you watch your users as they come in, and which pages/files they are viewing and also quite a bit of information about them. You can find the Active Log Monitor here:

http://www.worldwidecreations.com/free_scripts.htm

The ALM basically just uses the tail program that comes with Linux/Unix to monitor the Apache log file and parses the information to present it to you in a readable form to your web browser. You could use the tail program from your shell, but for many, the information tells them little in raw form.

With the ALM script in place, you get to watch your activity in real time, so if your server all of a sudden is getting bogged down with a lot of hits, you can investigate these hits and even see where the visitors are coming from with the referral information. IP√Ęs can easily be resolved with one click on the interface so you can get an idea where a particular user is coming from.

We recommend you run this script in a password protected directory because only you should view your log activity.

You have to register at the developer's website in order to download the script. The developer is releasing the software under a GNU General Public License (GPL), but, since he has requested that distribution be done only through his site, I'm not providing it here.

Since it is just a PHP script, there is no installation process. You just place the PHP file somewhere on your site. It should be placed in a location that isn't publicly accessible, e.g. you could place it in a password protected directory or simply not provide any link to it from anywhere else on your website, so that your log file isn't accessible to everyone in the world.

There are only two variables within the script that you need to change before you can use the script. You need to edit the two lines below for the variables $path_to_access_file and site_base_url to change those variables. You can also modify the maximum number of log lines to display by changing the value of $number_to_tail.

### This is the ABSOLUTE path (and filename) to your servers Apache access log file
$path_to_access_file = '/var/log/httpd/access_log';

### This is the default amount of lines to grab from the log file
$number_to_tail = 100;

### This is the base URL to your site.  NO TRAILING SLASH
$site_base_url = 'http://www.yoursite.com';

The script should then work fine, if you are using the combined log format for the log file for your website. However, if you don't see any entries displayed, then you may be using the common log format without logging the referer and browser agent. So, if Active Log Monitor doesn't appear to be working, check your log format. An explanation of the two formats can be found at Apache Access Log Format.

If you are using the common log format without logging the referer and agent, then you need to make another change to the script (this is presuming you are using version 1.0 of the script, which is the current version as of June 2, 2009).

Locate the format_log_line function:

  function format_log_line($line)
  {
    preg_match("/^(\S+) (\S+) (\S+) \[([^:]+):(\d+:\d+:\d+) ([^\]]+)\] \"(\S+) (.*?) (\S+)\" (\S+) (\S+) (\".*?\") (\".*?\")$/", $line, $matches); // pattern to format the line
    return $matches;
  }

You need to remove the (\".*?\") (\".*?\"), which would match against the referer and agent fields in each log entry. So instead for preg_match, which is a built-in PHP function (see Preg_Match PHP Function for information on how it works), you would have the following:

preg_match("/^(\S+) (\S+) (\S+) \[([^:]+):(\d+:\d+:\d+) ([^\]]+)\] \"(\S+) (.*?) (\S+)\" (\S+) (\S+)$/", $line, $matches); // pattern to format the line

You then should see something similar to the following when you use monitor.php, which is the PHP script for Active Log Monitor.

IPTimePageRefererAgent
173.171.87.81 21:22:58/hardware/power/adapters/ ...
202.33.162.24521:25:28 /network/email/exchange/message-logging/ ...
66.249.67.105 21:26:46/blog/blosxom/2009/03/21 ...
203.122.227.198 21:27:19 /os/windows/xp/firewall/remotely-disable-windows-firewall.ht ...
115.73.29.27 21:31:11/blog/blosxom/os/windows/utilities/backup/ghost ...
115.73.29.27 21:31:13/blog/blosxom/os/windows/utilities/backup/ghost ...
116.12.182.17821:32:11/os/unix/solaris/samba-solaris10-docusp.php ...
216.82.215.65 21:38:39/os/windows/xp/firewall/remotely-disable-windows-firewall.ht...
66.249.67.10521:39:24 /blog/blosxom/2004/02/13/ ...
72.30.81.157 21:39:28/blog/blosxom/2006...
72.64.168.28 21:41:45/os/windows/utilities/backup/ghost/Intel_Pro100_VE/ ...

No referer nor agent values appear in this case, because the common log format is being used without logging those values.

Note: I found a couple of typos in version 1.0 of the script, but they shouldn't affect your use of the script. E.g. in the following section, $formated_log['user'] should be equal to $logs[3], not $logs[2].

      $formated_log['ip'] = $logs[1];
      $formated_log['identity'] = $logs[2];
      $formated_log['user'] = $logs[2];
      $formated_log['date'] = $logs[4];

Also "protocol" is misspelled as "protocal" in $formated_log['protocal'] = $logs[9];, but, again, since the value isn't used elswhere, it doesn't matter.

References:

  1. Apache Access Log Format
    Date: June 2, 2009
    MoonPoint Support
  2. Gathering Visitor Information: Customising Your Logfiles
    First published: 7th February 1997
    Apache Week - The essential free resource for users of the world's most popular web server
  3. Log Files - Apache HTTP Server
    The Apache HTTP Server Project

Valid HTML 4.01 Transitional