Worlds.com     |  Development Kit Table of Contents  |

Installing log collector on a client

This checklist steps through the procedure for installing the log collection software on a new client. The installation consists of creating the logger account on the client, ensuring that ssh is available and working between the client and the log server (logger.worlds.net), installing and configuring the collector, and testing that the collector is working.

1.0 CREATE NEW ACCOUNT ON CLIENT: Log into the client as root and create a new user and group, both named logger. If possible, the user and group ids should both be 125. The logger's home directory should be /home/logger, and the shell should be /bin/csh. There is a perl script, /home/logger/loggeradd, on logger.worlds.net that automates this step. This script can be copied to /tmp and executed as follows:

client% /usr/local/bin/scp logger.worlds.net:/home/logger/loggeradd /tmp
client% /usr/local/bin/perl /tmp/loggeradd

The loggeradd script will prompt for the password and confirmation. This is the preferred method as it also tests that ssh and perl are both properly installed. If scp and/or perl fail, make sure they are installed properly before continuing.

2.0 VERIFY THAT SSH IS CONFIGURED: While logged in as root on the client, attempt to use ssh to login to the log server, logger.worlds.net. You must be able to do this without supplying a password in order for the collector to function properly. Try the following test:

client% /usr/local/bin/slogin -v -l logger logger.worlds.net

This will produce verbose output which will be useful if you are prompted for a password. If you are not prompted for a password, you are home free, just exit and continue. If you are prompted, enter the password. Use the following steps to correct this problem.

2.A DETERMINE HOST NAME OF CLIENT: The full hostname for the client is needed to setup ssh properly. It can be found in the verbose output of slogin. It is the client host on a line that looks like:

oprah: Remote: Rhosts/hosts.equiv authentication refused: client user 'logger', server user 'logger', client host 'm214.worlds.net'.

2.B EDIT THE SHOSTS FILE ON LOGGER: You should already be logged into logger.worlds.net, so now edit ~logger/.shosts and add an entry with the client's full host name and the user root to the end of ~logger/.shosts. Following our example we would add:

m214.worlds.net root

2.C SLOGIN BACK TO CLIENT: To complete the authentication, it is necessary to slogin from logger.worlds.net back to the client using the client's full host name found above. Don't worry if you are prompted for a password, this will not effect the log collection. This step isneeded so that ssh on logger.worlds.net knows to trust the client. To continue our example:

logger% slogin m214.worlds.net
Password: ********
client%

2.D VERIFY SSH IS PROPERLY CONFIGURED: Just to be sure, exit back to logger.worlds.net and back to the client. Then try slogin back to logger.worlds.net. This time you should get the shell prompt without being asked for a password. If you are prompted for a password, find an ssh expert before continuing.

client% slogin -l logger logger.worlds.net
logger%

3.0 INSTALL THE COLLECTOR: Now login to the client as user logger and create two subdirectories, bin and log, in logger's home directory. The log directory will store the collector's log file and the bin directory will hold the perl scripts and configuration file. Now install the files:

client% alias scp /usr/local/bin/scp
client% scp -p logger.worlds.net:bin/CollectLogs.pl bin/
client% scp -p logger.worlds.net:bin/Logger.pm bin/
client% scp logger.worlds.net:bin/CollectLogs.default bin/CollectLogs.config

This installs the perl script and the default configuration file which will collect the collector's log file and the standard system log files.

4.0 TEST COLLECTOR INSTALLATION: Next, test to see that the collector is installed properly by running it once by hand and verifying the default files make it to logger.worlds.net.

4.A RUN COLLECTOR BY HAND: Login to the client as root (or become the superuser) and execute the collector script, preferably in debug mode.

client% su
Password: ********
client# /home/logger/bin/CollectLogs.pl -debug |& tee debug.log

This will produce lots of output with hopefully no FATAL errors, ERRORs or WARNINGs. If there are errors or warnings, examine the debug.log that was created and correct the problems before proceeding. Some of the log rotations may take several minutes, so don't be alarmed by having to wait for up to 10 minutes.

4.B VERIFY LOG FILES ON SERVER: Login to logger.worlds.net and use ls to verify the default files made it.

logger% ls -1 /logger/incoming/client
CollectLogs.log.2000-01-12
cron_log.2000-01-12.gz
messages.2000-01-12.gz
sulog.2000-01-12.gz

If this test should fail, examine the debug.log created above and correct the problems before proceeding.

5.0 MODIFY ROOT CRONTAB: Now a job must be added to the root crontab on the client so that the collector runs every hour.

5.A REMOVE LOGCHECKER: The root crontab probably runs logchecker which rotates the cron log file. Our default collection configuration also rotates this log, so we should remove (or comment) the line that looks like:

10 3 * * 0,4 /etc/cron.d/logchecker

5.B ADD LOG COLLECTOR: Add the following at the end of the root crontab:

#
# Collect logs every hour
0 * * * * /home/logger/bin/CollectLogs.pl

6.0 ADD OTHER LOGS TO BE COLLECTED: Consult the "Adding a log file to the collector" checklist in order to add additional log files to the collector on this new client.

 

Log Collection Configuration Guide

This guide explains the options available for configuring the log collector on a client machine. The collector runs hourly on the client and uses its configuration file to determine which log files to collect and transfer to the log server, logger.worlds.net.

Configuration File

The log collector's configuration file, CollectLogs.config, is located in the same directory as its Perl script, typically /home/logger/bin. This file is a plain text file that can be edited with any editor. There are two types of options in the file, general options and log file options. Each will be explained below.

General Options

There is a set of options that controls the overall running of the collector. Some of the more useful ones will be explained here, but to find all of them, take a look at the script and look for $ConfigFile{parameter}. Most of these parameters have reasonable defaults, so it is only necessary to change them on rare occasions.

General options are specified one per line with the parameter name, an equal size ("=") and the value. Whitespace around the equal sign is optional, everything to the right of the equal sign (and optional whitespace) is used for the value.

For example:

LOG=/home/logger/log/CollectLogs.log

In this example, the collector's log is configured to be the file /home/logger/log/CollectLogs.log. The following table describes some of the common options.

DEBUG

 

The debugging output level.

 

0

- No debug output, the default

 

1

- Logging information only

 

2

- Standard debugging output

 

3

- Extra verbose output

LOG

 

The location of the collector's log file.
Default:
CollectLogs.log in the directory the script is started from.

REMOTEHOST

 

The name of log server (the machine that the logs will be sent to).
Default:
logger.worlds.net

REMOTEUSER

 

The name of the account that will be used for executing remote commands.
Default:
logger

REMOTEROOT

 

The root directory on the log server under which the logs will be stored.
Default:
/logger/incoming

TIMEOUT

 

Specifies the default number of minutes to wait for a new log file to be created after the old one has been rotated. See below to instructions on how to override this for an individual file.
Default: 5

Log File Options

The second set of options in the configuration file specifies the names and locations of the files to be collected and any options for handling each specific file. Each file and all of its options is specified on its own line, for example:

LOGFILE=/home/apache/logs/access_log,TYPE=APACHE,COMPRESS

This line specifies that the file /home/apache/logs/access_log is to be collected; it is of TYPE APACHE and it is to be COMPRESSed.

Each log file configuration line must begin with LOGFILE, an equal sign ("=") and the full path name to the file (some exceptions to the full path name rule will be discussed below). The name of the log file is followed by any optional parameters for the file in the key=value form, separated by commas. White space around commas and equal signs is optional. If the =value portion of an option is omitted, then the option's value is set to 1 (that is, COMPRESS and COMPRESS=1 are equivalent).

Examples of all supported file types can be found in the the file Example.config.

The following table describes all the log file options available:

NAME

 

Specifies the name to be given to this file on the log server. This is useful if two log files have the same name locally or to give a more descriptive name on the server. For example, in the default configuration, the cron log (/var/cron/log) is collected with a NAME of cron_log.

COMPRESS

 

Specifies that the log file is to be compressed.

CREATENEW

 

Specifies that when this file is rotated, a new empty file with the same owner, group and permissions should be created in its place. This is useful for log files from CGI scripts since they often run under a different username and/or group than the owner of the directory that holds the log file.

FLOCK

 

Specifies that flock should be used to obtain a write long on the file after rotating it to ensure that other processes have finished writing to it. In order for this to work properly, the other processes must also use flock to write to the file.

TIMEOUT

 

Overrides the general TIMEOUT option for this particular file.

TRUNCATE

 

Do not use this! This option is available for one and only one special case which is the system cron log.

TYPE

 

Specifies the type for this file. The type is used to group files so they can be processed together and also, there are several file types that require special handling. Some of the special types have their own general and log file specific options. These special types are described in the following table:

APACHE

Apache server logs. After these log files are rotated, the Apache server is restarted using the command specified with the RESTARTAPACHE general option. The default for this option is "/home/apache/bin/apachectl restart"

NETSCAPE*

Netscape server logs. After these logs files are rotated, a HUP signal is sent to the process id read from the file that is specified in the file given in the PIDNETSCAPE* general option. The * indicates that the type name may be extended to allow multiple Netscape servers to run on the same server. The extension added to the NETSCAPE type name must match the PIDNETSCAPE general option, for example NETSCAPE1 and PIDNETSCAPE1.

NUMBERED

Files rotated using the numbering scheme .0, .1, .2, and so on. These files are not rotated by the collector, the rotated files are just collected as they become available starting with .1. The .0 is not used since there is a chance that another process may still be using that file when the collector gets to it. The collector can only handle files that are rotated no more frequently than one per day. This type supports the KEEP and REMOVE log file options.

NFS

Store order and status archives that are named with the following format:

yyyymmdd.<name>

The <name> portion of the file name is taken from the LOGFILE name for this file and yyyymmdd. is prepended to it. This type supports the KEEP and REMOVE log file options.

USERS

These are the user activity log files which have names with the following format:

<name>yyyymmdd

The <name> portion of the file name is taken from the LOGFILE name for this file and yyyymmdd is appended to it. This type supports the KEEP and REMOVE log file options.

TRC

Oracle trace files. Any files that are created on a particular day are concatenated together and collected. These file are named with the following format:

<name>.<ext>

The <ext> portion of the name is taken from the LOGFILE name for this file and <name> can be just about anything. This type supports the KEEP and REMOVE log file options.

WSLOG

World server log files (both User servers and Room servers).

KEEP

 

For files of type NUMBERED, NFS, USERS or TRC, specifies the number of days to keep files before they are collected.

REMOVE

 

For files of type NUMBERED, NFS, USERS or TRC, specifies that the file should be removed after it is collected.

 

Adding a log file to the collector
This checklist steps through the procedure to be used to add a log file to the log file collection process. The collector is configured through a configuration file on the client that the file is to be collected from.

Throughout this checklist there will be references to two machines, the log server (logger.worlds.net, aka the server) and the log client. The client is the machine from which the log file is to be collected.
 

1.0 LOGIN: Log into the log server, logger.worlds.net, as user logger. From this account and machine it should be possible to use slogin to login to any other machine from which, logs are collected.

2.0 VERIFY LOGGER ACCOUNT: Verify the logger account is installed on the client.

2.A "slogin <client>".

IF THIS FAILS, obtain and follow the "Installing log collector on a client" checklist.

2.B Check the crontab of the root user on the client to verify that it is running the collector:

client% su
Password: ********
client# crontab -l | grep CollectLogs
0 * * * * /home/logger/bin/CollectLogs.pl

IF IT DOES NOT, obtain and follow the "Installing log collector on a client" checklist.

3.0 MODIFY CLIENT CONFIG FILE: The client's config file is:

/home/logger/bin/CollectLogs.config

To add a log file, one line should be added to the file that specifies the location of the file and any options required for handling that file.

3.A READ THE DOCUMENTATION: The "Log Collection Configuration Guide" explains all the options available in the configuration file.

3.B CONSULT THE EXAMPLE CONFIG: Look at the example config file (Example.config) which contains examples of all the types of files currently collected by the collector. If there is one similar (or identical) to the one you are adding, use it as a starting point.

3.C CHECK FOR DUPLICATE NAMES: Compare the name of the log file that you are adding to the names of the other log files mentioned in the config file. If there is a conflict, supply a NAME= option for your log file. (Be sure to look for names in both the actual log file names as well as any NAME= options).

4.0 TEST NEW CONFIGURATION: The new configuration can be tested by waiting for the next scheduled run for the collector (currently it is run hourly) or it can be run by hand. To run it by hand, log in as root and run the collector perl script as follows:

client% su
Password: *******
client% /home/logger/bin/CollectLogs.pl -debug

4.A CHECK LOG FILE FOR ERRORS: Once the collector has run, check the log file for errors. The log file will typically be in /home/logger/log/CollectLogs.log. However, you should check the configuration file to see if another location has been specified by the configuration parameter LOG. If any errors were encountered determine if they were due to changes in the configuration and fix appropriately.

4.B CHECK THE SERVER: Check on the server to see if the log file was stored properly. The default location for the collected logs on the server is /logger/incoming/<client>, where client is the hostname of the client machine. The root directory (/logger/incoming) can be configured on the client machine, so it is a good idea to check there and look for the parameter REMOTEROOT. In that directory you should see the log file with the date appended and another file, in the status subdirectory, with the same name and a ".status" extension. If these files are not present, recheck the collector's log file for errors

Worlds.com Log Files

Logfile

Fields/Data

Category

Server(s)

Directory

Rotation

Comments

access_log
combined_log

IP 
ident
(probably empty, '-') 
authuser
(mostly empty, '-') 
date/time 
request 
status 
bytes
refURL
agent 

Apache

all (?)

/home/www/var/apache/log/ 
/home/apache/logs/

can use collector

Jeremy - not currently analyzed 
Could be modified to collect more data

Example: 
63.67.120.226 - - [13/Oct/1999:12:40:00 -0400] "POST /cgi-bin/edit.pl HTTP/1.0" 200 376 "http://www.3dcd.com/cgi-bin/edit.pl" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)"

error_log

Apache Errors

Apache

all (?)

/home/www/var/apache/log/ 
/home/apache/logs/

can use collector

ditto

Example: none

scripts.log

IP 
authuser 
date/time 
script[:module] 
script specific data

???

most

/home/apache/logs/

can use collector, should use flock

Jeremy - read by period.pl, currently reports are broken

Example: See seperate document

vip.log

duration 
worldUsername 
user 
email 
cardType 
cardNumber 
cardExpires 
address 
city 
state 
zip 
country 
unix time()

Store

ss100

/InterShop/Data/log/

Already rotated

Bo - probably won't need data, data available elsewhere 
Could have duplicate entries, there may be better place to get this information

Example: 
12 J0NNYBLAZE Maria Ditty 6236 Gila RD Visa 4600-0332-0059-6309 08/01 6236 Gila RD El Paso Texas 79905 UNITED STATES 945324364

intershop.log

InterShop error messages

Store

ss100

/InterShop/Data/log/

Already rotated

none 

Example: none

order_archive/

 

'H' 
orderNum 
date/time 
'source' 
email 
shipName2 
shipName1 
shipName 3 
shipStreet 
shipCity 
shipState 
shipZip 
shipCountry 
shipRegion (?) 
shipPhone 
deliveryMode 
shipPrice 

totalPrice 
cardType 
cardNumber 
cardExpires 
custName2 
custName1 
custName3 
custStreet 
custCity 
custState 
custZip 
custCountry 
custRegion 
custPhone

'D' 
orderNum 
productNo 
quantity 
unitCost 
0

Store

ss100

/InterShop/Data/log/

can't be rotated

Bo - files are named by date, may want to retrieve them (via rsync?), but they must be left there. Are they needed for reports?

Example:
H 2906 19990413 123545 source spalecek@hotmail.com stephen palecek suite 15 15 main ave. ocean grove NJ07756 7327759157 1 6.95 0 42.45 stephen palecek suite 15 15 main ave. ocean grove NJ 07756 7327759157 
D 2906 HB1037 1 17.75 0 
D 2906 HB1016 1 17.75 0

order_archive.3dcd/

orderNum 
shipName 
shipStreet 
shipCity 
shipState 
shipZip 
shipCountry 
shipRegion(?) 
numBasic 
numVIP

Store

ss100

/InterShop/Data/log/

ditto

ditto

Example: 
"3098","James Ridinger","103 glancy st.","columbus grove","OH","45830",""," ","Basic: 0","VIP: 1"

status_archive/

'S' 
orderNum 
productNo 
status 
quantity

status: 
 

885

received order at warehouse

845

backordered

831

hard decline on credit card

877

soft decline on credit card

862

permanently out of stock

863

permanently out of stock

864

permanently out of stock

819

backorder cancel

829

backorder cancel

875

shipped

876

returned for refund

Store

ss100

/InterShop/Data/log/

ditto

ditto

Example: 
S 8099 FHB712 831 001

initrefs.log

unix time() 
affiliateProgram 
affiliateID 
IP

Store

ss100

/InterShop/Data/log/affiliate_data/

already rotated, could grab rotated files, probably need to use flock

Bo - Most (all?) data is already in database (see bin/payup.pl). Is this needed for reports?

Example: 
945410666 Worlds 102042TD 196.34.250.5

session.log

unix time() 
IP 
sessionID 
referringURL 
asciiDate

Store

ss100

/InterShop/Data/log/affiliate_data/

ditto

ditto

Example:
945456184 195.147.246.146 1185866859 http://www.encycmet.com/shop/ 1999-12-17@13:43:4

confirmation.log

unix time() 
IP 
sessionID 
confNum

Store

ss100

/InterShop/Data/log/affiliate_data/

ditto

ditto

Example: 
945453987 152.206.175.62 1492338757 991217-16131

purchase.log

unix time() 
confNum 
paymentType 
product 
quantity 
totalCost 
email 
zipcode 
description

Store

ss100

/InterShop/Data/log/affiliate_data/

ditto

ditto

Example: 
945455206 991217-16133 1- Credit Card Online Entry (secure) 9K104-7 1 1775 poppyannie@hotmail.com 75034 Korn - Mesh T-shirt

access

same as Apache access_log

Netscape

ss100

~www/https-storeweb-secure/logs/

already rotated daily

none 

Example: See access_log

access_ref

same as Apache access_log, plus 

referringURL 
userAgent 
method 
query

Netscape

ss100

~www/https-storeweb/logs/

ditto

none

Example: See access_log

errors

Netscape errors

Netscape

ss100

~www/https-storeweb-secure/logs/ 
~www/https-storeweb/logs/

ditto

none

Example: none

alert_prod.log

Oracle logging info

Oracle

us1 
uk0

/ora1/app/oracle/admin/prod/bdump/

rotate and  wait

Is there anything useful?

Example: none

*.trc

errors

Oracle

us1 
uk0

/ora1/app/oracle/admin/prod/bdump
/ora1/app/oracle/admin/prod/udump/

just copy and delete

none 

Example: none

userfile

serialNo 
E-Mail 
Hobbies 
Musical Tastes 
Likes 
Dislikes 
City 
State 
Zip-code 
Country 
Occupation 
Age 
Sex 
Birthdate

Register

uk0

/home/apache/logs/

New user information

Example:
AHAU995623239688
    E-Mail:: Windcha@aol.com 
    Hobbies: (public): Collecting, Computers, Music, Soccer, Art
    Tastes: (public): Folk, Oldies, Show Tunes, Pop, Classical
    Likes: (public):
    Dislikes: (public):
    City: (public): Charleston
    State: (public): West Virginia
    Zip-code:: 25312
    Country: (public): UNITED STATES
    Occupation: (public): College/Graduate Student
    Age:: 20
    Sex:: Female
    Birthdate:: December 2, 1979

users/

serialNo 
times 
totalmins

?

us1

/home/apache/logs/

?

?

Example: 
YKZU999536375924 4 13

feedback.log

date/time 
username 
realname 
email 
comments

?

various

/home/apache/logs/

?

none

Example: 
Date: 99 10 29 2:52:49 
Username: Twittlebug 
Realname: Kandra Pitcher 
EMail: Jupiter16T@CS.Com 
Comments: It will not let me sign on anymore please help me to discover what is wrong.\n\nThank you 

edit.log

serialNo 
E-Mail 
Hobbies 
Musical Tastes 
Likes 
Dislikes 
City 
State 
Zip-code 
Country 
Occupation 
Age 
Sex 
Birthdate

Register

us1 
uk0 
(more?)

/home/apache/logs/

?

Changes to user information

Example: See userfile

lastlog

unix logins

System

all

/var/adm/

?

Binary data!

Example: none

sulog

unix superusers

System

all

/var/adm/

?

none

Example: none

messages

unix errors/warnings

System

all

/var/adm/

rotated by system, grabe the .0 file

none

Example: none

syslog

sendmail 
ftpd 
rlogind 
telnetd 
rshd

System

all

/var/log/

rotated by system, grab the .0 file

none

Example: none

{name}US.{pid}.log

date/time 
username 
IP 
clientVersion 
'connected' or 'active' 
start date/time

UserServer

us1

~wserver/logs/US_.rundir/

rotated weekly

what does 'active' versus 'connected' mean?

Example: 
Sun Oct 31 02:05:53 1999 HammerHead (206.141.244.99)
  connected since Sun Oct 31 02:05:20 1999 

Sun Oct 31 02:05:53 1999 HammerHead (206.141.244.99)
  active since Sun Oct 31 02:05:27 1999 

{name}US.{pid}.out

date/time 
username 
keyword
data 

UserServer

us1

~wserver/logs/US_.rundir/

rotated weekly

needs further analysis
Is there useful data?
Also lots of error/debug messages

Example:
Oct 31 01:36:14 (Blondie) - USUser::sessionExit: received

{name}RS.{pid}.log

date/time 
username 
IP 
start date/time 
numMessages 
avatar 
(also periodically outputs server stats)

RoomServer

rs100 
rs101

~wserver/logs/RS_.rundir/

rotated weekly

none

Example:
Fri Dec 17 14:05:32 1999 LilRog (63.24.129.46) 
  on since Fri Dec 17 13:41:45 1999 
  1 text messages, avatar = avatar:boy.mov 

{name}RS.{pid}.out

date/time 
username 
keyword
data 

RoomServer

rs100 
rs101

~wserver/logs/RS_.rundir/

rotated weekly

none

Example: 
Dec 17 14:09:48 (Oggman) - User::sessionExit: received

notification.log

?

CyberCash

ss100

/InterShop/Data/worldsinc-69/logs/

?

Bo - The notification.log might be useful for seeing why Cybercash rejected 
a credit card.  In my rewrite of the VIP system, I try to log that 
same information.

Example: none
See CyberCash document http://www.cybercash.com/cybercash/merchants/docs/dev.pdf, Appendix A

order.log

?

CyberCash

ss100

/InterShop/Data/worldsinc-69/logs/

?

ditto

Example: none

serverstat.log

date/time 
service 
host 
port 
up/down

Network

oprah

~maint/bin/

use collector with flock

none

Example: 
12/17/1999 12:30 GMT - http://freeserve1.chat.worlds.net:80 has become inaccessible 
12/17/1999 12:40 GMT - http://freeserve1.chat.worlds.net:80 has become accessible

Other Comments/Notes:

Bo

2DChat/eShare moving to NT, how will logs be collected there?

Matt

uk0's hostname() is us0! Beware!

Records in scripts.log

Common Fields

IP
authuser
date/time
script
keyword

 

Script

Keyword

Fields

Comments

emailback.pl

All

nUsername
nCodewords
email

number of username/passwords and codewords emailed to address

Example: 
195.44.19.83  [13/12/1999:19:02:16 +0] /cgi-bin/emailback.pl All 1 + 0 to E-Mail: stevebeech@cwcom.net

passwd.pl

Bad

password

invalid password entered

Example: 
195.92.197.55  [29/11/1999:21:06:05 +0] /cgi-bin/passwd.pl Bad password: freebyme

Changed

username
serialNo
oldPassword

username is lowercase

Example: 
195.92.194.76  [02/12/1999:13:04:16 +0] /cgi-bin/passwd.pl Changed password for media (FSZU483355353423) from nadine

changemail.pl
chemail.pl

Changed

from
to
nTimes

none

Example: 
24.94.60.154  [09/12/1999:05:37:08 +0] /cgi-bin/changemail.pl Changed dbal1@stny.rr.com to dmills1@stny.rr.com 5 times

username.pl

Bad

password

invalid password entered

Example: 
205.216.76.186  [12/12/1999:04:19:35 +0] /cgi-bin/username.pl Bad password: 9356510

Changed

serialNo
from
to

none

Example: 
63.23.238.32  [16/10/1999:22:36:40 +0] /cgi-bin/username.pl Changed username of REGV976827332988 from janis to Adell

register.pl
/cgi-bin/regah.pl
/cgi-bin/regbowie.pl
/cgi-bin/regdown.pl
/cgi-bin/regfs.pl
/cgi-bin/regfsdown.pl
/cgi-bin/reghanson.pl
/cgi-bin/register.pl
/cgi-bin/regrr.pl
/cgi-bin/test/register.pl
/perl/regbowie.pl
/perl/regbowiedown.pl
/perl/regdown.pl
/perl/regfs.pl
/perl/regfsdown.pl
/perl/reggq.pl
/perl/reghanson.pl
/perl/register.pl
/perl/regrr.pl
/perl/regtest.pl
/perl/regtest2.pl
/perl/regyankdown.pl

Cleared

serialNo
id (?)

none

Example: 
209.253.236.9  [17/10/1999:08:36:43 +0] /perl/reghanson.pl Cleared HNXV544325773226 for 979945902

Re-sent

serialNo
oldEmail
newEmail

none

Example: 
152.206.0.84  [16/10/1999:23:01:15 +0] /perl/reghanson.pl Re-sent HNXU994375883898 RUBYB2@aol.com -> RUBYB2@aol.com

Register

serialNo
email

none

Example: 
164.138.228.83  [16/10/1999:07:58:40 +0] /perl/reghanson.pl Register HNXU953574923532 -> thee92@yahoo.com

Sign-up

serialNo
email
trans (?)
amount

trans is always '!', huh?

Example: 
24.26.105.220  [07/11/1999:10:16:48 +0] /perl/regrr.pl:BankAccount Sign-up bonuses RRGU866393272875 'bk@cfl.rr.com' ! 5000

regbowie.pl

Allocated

PIN
serialNo

 

Example:
195.8.80.36 [22/10/1999:14:53:37 +0] /cgi-bin/regbowie.pl Allocated PIN # 2 to BWXU498247662235

codeword.pl
manualdial.pl
prepay.pl
bank.pl

Level

level
duration
serialNo
email
trans (?)
amount

Mostly redundant with Subscription

Example: 
24.92.219.51  [20/10/1999:17:12:42 +0] /cgi-bin/manualdial.pl:BankAccount Level 1 VIP for 12 months DWLV995623247976 'mdavis51@tampabay.rr.com' ! 7500

Renew

level
duration
serialNo
email
trans (?)
amount

Mostly redundant with Renewal

Example:
209.20.219.33 [30/11/1999:02:33:09 +0] /cgi-bin/manualdial.pl:BankAccount Renew level 1 VIP + 6 months RGXU499672335893 'freeservechatsupport@wor lds.com' ! 1000

Renewal

serialNo
newlevel
duration
amount
type

 

Example:
216.78.83.3 [13/01/2000:02:58:39 +0] /cgi-bin/manualdial.pl:BankAccount Renewal HANV647225285739 1 6 750 3

Subscription

serialNo
newLevel
duration
amount
type

none

Example: 
207.90.127.40  [20/10/1999:21:21:24 +0] /cgi-bin/manualdial.pl:BankAccount Subscription HNXU676479633489 1 12 1200 3

Cancellation

reason
serialNo

 

Example:
168.191.68.15 bank [21/10/1999:12:53:49 +0] /bank/cgi-bin/bank.pl:BankAccount Cancellation 4 DWLV332455779682 ! ! ! !

/affiliates/*

Confirmed

affiliateID
emails

There may be multiple emails separated by a space

Example:
199.174.129.202 [08/01/2000:16:17:28 +0] /affiliates/Korn/Welcome.html Confirmed 105209 crizzie87@hotmail.com Crizzie87@hotmail.com

Referral

affiliateID
first
last
email

 

Example:
24.92.75.208 [22/12/1999:20:44:35 +0] /affiliates/Worlds/Agreement1.html Referral 104839 Ben:Dickerson:CompuMM@yahoo.com:

Registered

artist
affiliateID
emails

There may be multiple emails separated by a space

Example:
216.90.106.20 [16/12/1999:00:18:24 +0] /affiliates/Worlds/Agreement1.html Registered Worlds 104705 natez@cardinalcommerce.com tims@cardinalcommer ce.com chandrab@cardinalcommerce.com

newhost.pl

None!

serialNo
username
email
oldname

 

Example:
209.204.27.163 [02/12/1999:00:51:33 +0] /cgi-bin/newhost.pl 'HSXV000000000054' 'HOST-Misty' 'grizzly@vtc.net' Shania

ban.pl

None!

serialNo
username
accountStatus

 

Example:
209.20.219.33 [08/12/1999:06:05:54 +0] /cgi-bin/ban.pl YKZU229826629344 (I-Hate-Whispers) accountStatus set to 0