gweather & mgetmetar.pl
Mike Vanecek
rh_list at mm-vanecek.cc
Tue Jun 15 14:26:36 UTC 2004
On Tue, 15 Jun 2004 11:11:23 +0800, Ed Greshko wrote
> On Tue, 2004-06-15 at 10:53, Mike Vanecek wrote:
>
> > ./access_log:192.168.1.1 - - [01/Jun/2004:08:41:27 -0500] "GET
> > /cgi-bin/mgetmetar.pl?cccc=KHOT HTTP/1.0" 404 1054 "-"
> > "gnome-vfs/2.2.2"
> >
> > /error_log:[Tue Jun 01 08:41:27 2004] [error] [client 192.168.1.1]
> > script not
> > found or unable to stat: /var/www/cgi-bin/mgetmetar.pl
> >
> > Well, the problem call is from gnome-vfs or an application using
> > gnome-vfs?
>
> I don't think so....
>
> Take a look in your httpd.conf file and look to see what format is being
> used for the "access log". It seems to be using the "combined" format.
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access_log combined
> Look then at the documentation for the logs of apache and you will find
> that "gnome-vfs/2.2.2" is probably the "User-agent" identity being sent
> by the client on 192.168.1.1.
>
> What kind of system is 192.168.1.1?
The client is the server itself. Ip 192.169.1.1 is a linksys router/switch.
GETs from the server to itself show up in the logs as being from 192.168.1.1.
For example, I use openwebmail as my email client. It is web based. All GETs
to the server show up in the log as being from the router. However, the router
logs do not show that packet as having passed through the router.
>
> > Can gweather still be the bandit?
>
> Nope...
Best I can tell is that gweather issues a "GET
http://weather.noaa.gov/cgi-bin/mgetmetar.pl?cccc=KHOT to get the current
conditions at Hot Springs. Why it sometimes uses gnome-vfs to call
/cgi-bin/mgetmetar.pl?cccc=KHOT is a puzzler. Maybe if weather.noaa does not
respond, it issues a read via gnome-vfs (the binary does have calles to it).
Still looks like a gweather issue to me.
Thanks.
More information about the redhat-list
mailing list