On Wed, 2010-12-29 at 01:23 -0500, Kevin J. Cummings wrote:
www.203.238.22 - - [28/Dec/2010:11:56:23 -0500] "GET
/dav/Home.ics HTTP/1.1" 200 112440 "-" "Mozilla/5.0 (X11; U; Linux
x86_64; en-US; rv:1.9.2.13) Gecko/20101209 Fedora/3.1.7-0.35.b3pre.fc14 Lightning/1.0b3pre
Thunderbird/3.1.7"
It gets the file, a rather large file.
www.203.238.22 - - [28/Dec/2010:11:56:25 -0500] "PUT
/dav/Home.ics HTTP/1.1" 401 485 "-" "Mozilla/5.0 (X11; U; Linux
x86_64; en-US; rv:1.9.2.13) Gecko/20101209 Fedora/3.1.7-0.35.b3pre.fc14 Lightning/1.0b3pre
Thunderbird/3.1.7"
It tries to put a file there, but is not authorised (401 error), the 485
bytes is probably an error message. The client will try again, this
time logging in. The next log entry shows the username it logs in as.
www.203.238.22 - cummings [28/Dec/2010:11:57:32 -0500] "PUT
/dav/Home.ics HTTP/1.1" 500 632 "-" "Mozilla/5.0 (X11; U; Linux
x86_64; en-US; rv:1.9.2.13) Gecko/20101209 Fedora/3.1.7-0.35.b3pre.fc14 Lightning/1.0b3pre
Thunderbird/3.1.7"
It tries to put a file there, but the server has a 500 error, the 632
bytes is probably an error message about it. I would have thought
that'd mean the original file was left alone, but it could be that the
server fouled it up during whatever error happened.
Syntax of the log entries are:
address username username datestamp "command path protocol" response-code
bytes-transferred "" "user-agent"
The username field will either show a dash for no name, or the name that
was used. There's two username fields, because one's from the clients
identd service (if it responds), the other is the auth name used with
the HTTP request (if it logs in).
You can find out about these log entries by looking up HTTP error codes
(or HTTP response codes), and Apache log format (many things use the
same log format).
--
[tim@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686
Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.