tomr
2017-10-09 23:50:01 UTC
Hi,
I'm seeing a ton of log entries with scheme "UNKNOWN", a garbled HTTP
response code (circa 20 chars long), and not a huge amount of the detail
I'd normally expect - apart from client ip, which appears sensible.
A lot of the requests come from our own monitoring infrastructure, so
there's a decent chance I'll be able to reproduce (though I can't yet).
Does anyone have any suggestions about where I could start looking?
We're using ATS 7.0.0, and seeing this for about 0.5% of log lines on a
few million hits per day.
Log format is: %<chi> %<caun> [%<cqtn>] \"%<cqhm> /%<cqup> %<cqhv>\"
%<cqus> %<{Host}cqh> %<pssc> %<pscl> \"%<{User-Agent}cqh>\" %<crc>
%<psct> %<pqsn> %<ttms> %<cquc>
And an example bogus logline (with IP replaced) is:
0.0.0.0 - [09/Oct/2017:07:22:59 -0000] "- /- HTTP/1.0" UNKNOWN
8242834443987517485 0 "" ERROR_UNKNOWN(7811903955520716845) Z -
7587266184633188397 ��
tia,
Tom
I'm seeing a ton of log entries with scheme "UNKNOWN", a garbled HTTP
response code (circa 20 chars long), and not a huge amount of the detail
I'd normally expect - apart from client ip, which appears sensible.
A lot of the requests come from our own monitoring infrastructure, so
there's a decent chance I'll be able to reproduce (though I can't yet).
Does anyone have any suggestions about where I could start looking?
We're using ATS 7.0.0, and seeing this for about 0.5% of log lines on a
few million hits per day.
Log format is: %<chi> %<caun> [%<cqtn>] \"%<cqhm> /%<cqup> %<cqhv>\"
%<cqus> %<{Host}cqh> %<pssc> %<pscl> \"%<{User-Agent}cqh>\" %<crc>
%<psct> %<pqsn> %<ttms> %<cquc>
And an example bogus logline (with IP replaced) is:
0.0.0.0 - [09/Oct/2017:07:22:59 -0000] "- /- HTTP/1.0" UNKNOWN
8242834443987517485 0 "" ERROR_UNKNOWN(7811903955520716845) Z -
7587266184633188397 ��
tia,
Tom