alscan > Learn
Concepts
Access Logs
The raw material used by alscan are web access logs.
One or more log files must be defined for the tool to have something to do.
Control Panels (cPanel Support)
The software was designed to support a web hosting environment.
In such an environment, there may be thousands of access logs, one for each
of the virtual hosts that the server supports. When a server fails, it may
be due to activity on any of the virtual hosts.
The most common software (at least when alscan was developed),
to control all of these sites is called
cPanel
Control Panel Support
- No control panel
- Global cPanel installation
- cPanel user installation
When cPanel is detected, alscan allows for additional options used
to select access log files. For example, the --account=<name>
option will load the cPanel meta-data associated with the named account, and then
use that data to include all of the log files associated with the account.
In all cases, you can select specific log files, or all of the log files which are contained within a directory.
Time
alscan supports "slicing" and "dicing" of the log file data. Depending
upon what you are looking to do, you may want to report on all of the log entries
from all of the logs. Or you may want to compare the results from one time
period to another.
Start and Stop
The first cuts are used to determine if a specific log event is included in any report.
The start time is used as the lower bound for any event's timestamp that is included
in the requested report. The default start time is 2001-01-01T00:00:00Z.
The stop time is used as the upper bound for any event's timestamp. The default stop
time is the time of the report's execution.
There is also a concept of being outside of the reporting time.
There is a before time, and an after
time where all events that happen before or after the events which are
included in the reported events. Including this information is sometime useful
to know how much data is "missing" from the report.
Time Slots
When comparing time periods, the data from the logs is put into groups, which are called Time Slots. By default, the time period covered by a time slot is one hour. It is also possible to place all of the events into a single time slot, when you want a report on all of the events in the log file.
Selection Criteria
The selection criteria does the dicing. Which events are you reporting upon? There are options to select each of the fields of the log. The overall selection criteria is the product (AND) of each of the different fields, and the sum (OR) of all of the settings of each of the fields.
For example, alscan --code=200 --method=get --method=post,
would select all records that have a status code of 200 (OK), as well as
either a GET or a POST method.
Report Types
There are five report types supported.
- Summary
- Terse
- Downtime
- Deny
- Request