> On Thu, Sep 8, 2011 at 8:59 PM, Amos Jeffries wrote:
>> On 09/09/11 07:02, alexus wrote:
>>>
>>> Is there a way to analyze somehow deeper what's going on with this?
>>>
>>> tss# grep -c 'http://ecs.amazonaws.com/onca/xml?' access.log
>>> 3065
>>> tss# grep 'http://ecs.amazonaws.com/onca/xml?' access.log | tail -1
>>> 66.55.138.70 - - [08/Sep/2011:18:59:26 +0000] "GET
>>> http://ecs.amazonaws.com/onca/xml? HTTP/1.1" 200 135861 "-"
>>> "Mozilla/4.1" TCP_MISS:DIRECT
>>> tss#
>>>
>>> I'd like to capture it somehow so I can look what kind of request is that.
>>>
>>
>> Data retrieval from an amazon online API. You have stripped the query
>> parameters from the logged information so there is no way to tell how many
>> different requests are being bunched together in that 3065 count.
>>
>> The above line count has about the same meaning as:
>> grep -c 'http://ecs.amazonaws.com/' access.log
>>
>> (and probably a similar count.)
>>
On 10/09/11 02:15, alexus wrote:
> Sorry I wasn't clear ... All lines are the same just different time stamp
>
The log lines are all cropped down to the "?".
Fetching that URL produces a message far shorter than 135KB:
"<?xml version="1.0"
encoding="UTF-8"?><Errors><Error><Code>AWS.MissingServiceParameter</Code><Message>Your
request is missing the Service parameter. Please add the Service
parameter to your request and retry.</Message></Error></Errors>
"
You need the full original URL to do much useful analysis about what the
HTTP details for a particular object are.
FWIW: the message above comes back with the header "Vary:
Accept-Encoding,User-Agent".
User-Agent is pretty much a free-form field these days where browsers
and other tools get to put any text they like. There are over 14
million unique User-Agent strings known today with hundreds being added
to the databases every month. So that Vary: header could be essentially
forcing MISS on almost every request.
Beyond that can't tell from the given incomplete URL.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.15 Beta testers wanted for 3.2.0.11Received on Fri Sep 09 2011 - 14:30:51 MDT
This archive was generated by hypermail 2.2.0 : Fri Sep 09 2011 - 12:00:02 MDT