waccess / waccess.1
.TH waccess 1 TundraWare
waccess \- Quick And Dirty Web Log Analysis
waccess [-achilqrsv -f logfile]  search-key search-key ...

\'waccess\' is a quick way to check a web access log for particular
"hits" or accesses.  \'waccess\' will search the log looking for and
displaying all the access records which contain any of the search keys
you name on the command line.  By default, a summary of its findings -
including total number of records processed, number of accesses per
search key, and number of unique IPs accessing each search key - is

\'waccess\' is not a replacement for a serious web log analysis tool,
but is surprisingly useful for "quickie" lookups.

.B -a
Sort the summary output by search key.

.B -c
Ignore case when looking for search keys in access records

.B -f logfile
Allows you to specify the name of the access log to process, thereby
overriding the default (/var/log/httpd-access.log).

.B -h
Display help information and exit.

.B -i
Do not ignore addresses found in
.B .waccessignored.

.B -l
List the ignored addresses in the summary output.  Canceled by the
presence of the -i command.

.B -q
Quiet mode - suppresses output of final summary information.

.B -r
Try to determine the hostname of each access by doing a reverse lookup
on the IP address. This forces the program to display each record as
it is discovered (the opposite of the -s option).

.B -s
Suppress display of the individual matching records and only show the
totals.  This forces the suppression of reverse lookups since they
wouldn't be displayed anyway (the opposite of the -r option).

.B -v
Display detailed program version information and exit.


You typically do not want your own addresses to appear in a web log
analysis.  \'waccess\' has the ability to ignore records containing
any one of a set of addresses (partial or complete IP quads) you
specify.  You do this by editing the 
.B .waccessignored
file in your home directory.  Each line of this file should contain a
full or partial IP quad. No comments, whitespace, blank lines or other
information should appear in this file.  Addresses found in this file
will be ignored by \'waccess\' and never appear in the
output. (However, records matching these addresses do count toward the
total records processed count.)

Suppose you are running an internet-facing machine with address and an internal network on 192.168.3.*.  Then your
.B .waccessignored 
file might look like this:


Accesses from any of these address spaces to your web server would then be
ignored by \'waccess\'.

This feature is disabled with the \'-i\' option.

You can see which addresses are being ignored with the \'-l\' option.
This will cause a list of ignored addresses to be included in the
summary output.


.B waccess myreport.pdf

Searches the web access log displaying all access records containing the
string \'myreport.pdf\'.  When log search is finished, \'waccess\' displays
the total number of records examined and how many matching entries were found.

.B waccess -r myreport.pdf

Searches the web access log displaying all access records containing the
string \'myreport.pdf\'.  This time, for each matching record, \'waccess\'
will try to figure out (and display) the hostname of the accessing machine 
via a reverse IP lookup.

.B waccess -s myreport.pdf

Look for and count records in the web access log containing \'myreport.pdf\',
but do not display them.  Only display the totals when the analysis is complete.

You must have a reasonably current copy of 'python' installed for \'waccess\'
to operate.

\'waccess\' is set up to process \'apache\' access logs, but the field
definitions are symbolic within the program and should be easy to
modify for other log layouts.

~./waccessignored - optional file which contains complete or partial IP quads to
ignore during processing.

None known as of this release.

waccess is Copyright(c) 2001, 2002, TundraWare Inc.
For terms of use, see the waccess-license.txt file in the program distribution.
If you install waccess on a FreeBSD system using the 'ports' mechanism, you will
also find this file in /usr/local/share/doc/waccess.
Tim Daneliuk