Worlds.com | Gamma Documentation

Installing log collector on a client

This checklist steps through the procedure for installing the log collection software on a new client. The installation consists of creating the logger account on the client, ensuring that ssh is available and working between the client and the log server (logger.worlds.net), installing and configuring the collector, and testing that the collector is working.

1.0 CREATE NEW ACCOUNT ON CLIENT: Log into the client as root and create a new user and group, both named logger. If possible, the user and group ids should both be 125. The logger's home directory should be /home/logger, and the shell should be /bin/csh. There is a perl script, /home/logger/loggeradd, on logger.worlds.net that automates this step. This script can be copied to /tmp and executed as follows:

client% /usr/local/bin/scp logger.worlds.net:/home/logger/loggeradd /tmp
client% /usr/local/bin/perl /tmp/loggeradd

The loggeradd script will prompt for the password and confirmation. This is the preferred method as it also tests that ssh and perl are both properly installed. If scp and/or perl fail, make sure they are installed properly before continuing.

2.0 VERIFY THAT SSH IS CONFIGURED: While logged in as root on the client, attempt to use ssh to login to the log server, logger.worlds.net. You must be able to do this without supplying a password in order for the collector to function properly. Try the following test:

client% /usr/local/bin/slogin -v -l logger logger.worlds.net

This will produce verbose output which will be useful if you are prompted for a password. If you are not prompted for a password, you are home free, just exit and continue. If you are prompted, enter the password. Use the following steps to correct this problem.

2.A DETERMINE HOST NAME OF CLIENT: The full hostname for the client is needed to setup ssh properly. It can be found in the verbose output of slogin. It is the client host on a line that looks like:

oprah: Remote: Rhosts/hosts.equiv authentication refused: client user 'logger', server user 'logger', client host 'm214.worlds.net'.

2.B EDIT THE SHOSTS FILE ON LOGGER: You should already be logged into logger.worlds.net, so now edit ~logger/.shosts and add an entry with the client's full host name and the user root to the end of ~logger/.shosts. Following our example we would add:

m214.worlds.net root

2.C SLOGIN BACK TO CLIENT: To complete the authentication, it is necessary to slogin from logger.worlds.net back to the client using the client's full host name found above. Don't worry if you are prompted for a password, this will not effect the log collection. This step isneeded so that ssh on logger.worlds.net knows to trust the client. To continue our example:

logger% slogin m214.worlds.net
Password: ********
client%

2.D VERIFY SSH IS PROPERLY CONFIGURED: Just to be sure, exit back to logger.worlds.net and back to the client. Then try slogin back to logger.worlds.net. This time you should get the shell prompt without being asked for a password. If you are prompted for a password, find an ssh expert before continuing.

client% slogin -l logger logger.worlds.net
logger%

3.0 INSTALL THE COLLECTOR: Now login to the client as user logger and create two subdirectories, bin and log, in logger's home directory. The log directory will store the collector's log file and the bin directory will hold the perl scripts and configuration file. Now install the files:

client% alias scp /usr/local/bin/scp
client% scp -p logger.worlds.net:bin/CollectLogs.pl bin/
client% scp -p logger.worlds.net:bin/Logger.pm bin/
client% scp logger.worlds.net:bin/CollectLogs.default bin/CollectLogs.config

This installs the perl script and the default configuration file which will collect the collector's log file and the standard system log files.

4.0 TEST COLLECTOR INSTALLATION: Next, test to see that the collector is installed properly by running it once by hand and verifying the default files make it to logger.worlds.net.

4.A RUN COLLECTOR BY HAND: Login to the client as root (or become the superuser) and execute the collector script, preferably in debug mode.

client% su
Password: ********
client# /home/logger/bin/CollectLogs.pl -debug |& tee debug.log

This will produce lots of output with hopefully no FATAL errors, ERRORs or WARNINGs. If there are errors or warnings, examine the debug.log that was created and correct the problems before proceeding. Some of the log rotations may take several minutes, so don't be alarmed by having to wait for up to 10 minutes.

4.B VERIFY LOG FILES ON SERVER: Login to logger.worlds.net and use ls to verify the default files made it.

logger% ls -1 /logger/incoming/client
CollectLogs.log.2000-01-12
cron_log.2000-01-12.gz
messages.2000-01-12.gz
sulog.2000-01-12.gz

If this test should fail, examine the debug.log created above and correct the problems before proceeding.

5.0 MODIFY ROOT CRONTAB: Now a job must be added to the root crontab on the client so that the collector runs every hour.

5.A REMOVE LOGCHECKER: The root crontab probably runs logchecker which rotates the cron log file. Our default collection configuration also rotates this log, so we should remove (or comment) the line that looks like:

10 3 * * 0,4 /etc/cron.d/logchecker

5.B ADD LOG COLLECTOR: Add the following at the end of the root crontab:

#
# Collect logs every hour
0 * * * * /home/logger/bin/CollectLogs.pl

6.0 ADD OTHER LOGS TO BE COLLECTED: Consult the "Adding a log file to the collector" checklist in order to add additional log files to the collector on this new client.

Log Collection Configuration Guide

This guide explains the options available for configuring the log collector on a client machine. The collector runs hourly on the client and uses its configuration file to determine which log files to collect and transfer to the log server, logger.worlds.net.

Configuration File

The log collector's configuration file, CollectLogs.config, is located in the same directory as its Perl script, typically /home/logger/bin. This file is a plain text file that can be edited with any editor. There are two types of options in the file, general options and log file options. Each will be explained below.

General Options

There is a set of options that controls the overall running of the collector. Some of the more useful ones will be explained here, but to find all of them, take a look at the script and look for $ConfigFile{parameter}. Most of these parameters have reasonable defaults, so it is only necessary to change them on rare occasions.

General options are specified one per line with the parameter name, an equal size ("=") and the value. Whitespace around the equal sign is optional, everything to the right of the equal sign (and optional whitespace) is used for the value.

For example:

LOG=/home/logger/log/CollectLogs.log

In this example, the collector's log is configured to be the file /home/logger/log/CollectLogs.log. The following table describes some of the common options.

DEBUG

The debugging output level.

	0	- No debug output, the default
	1	- Logging information only
	2	- Standard debugging output
	3	- Extra verbose output

LOG

The location of the collector's log file.
Default: CollectLogs.log in the directory the script is started from.

REMOTEHOST

The name of log server (the machine that the logs will be sent to).
Default: logger.worlds.net

REMOTEUSER

The name of the account that will be used for executing remote commands.
Default:logger

REMOTEROOT

The root directory on the log server under which the logs will be stored.
Default: /logger/incoming

TIMEOUT

Specifies the default number of minutes to wait for a new log file to be created after the old one has been rotated. See below to instructions on how to override this for an individual file.
Default: 5

Log File Options

The second set of options in the configuration file specifies the names and locations of the files to be collected and any options for handling each specific file. Each file and all of its options is specified on its own line, for example:

LOGFILE=/home/apache/logs/access_log,TYPE=APACHE,COMPRESS

This line specifies that the file /home/apache/logs/access_log is to be collected; it is of TYPE APACHE and it is to be COMPRESSed.

Each log file configuration line must begin with LOGFILE, an equal sign ("=") and the full path name to the file (some exceptions to the full path name rule will be discussed below). The name of the log file is followed by any optional parameters for the file in the key=value form, separated by commas. White space around commas and equal signs is optional. If the =value portion of an option is omitted, then the option's value is set to 1 (that is, COMPRESS and COMPRESS=1 are equivalent).

Examples of all supported file types can be found in the the file Example.config.

The following table describes all the log file options available:

NAME

Specifies the name to be given to this file on the log server. This is useful if two log files have the same name locally or to give a more descriptive name on the server. For example, in the default configuration, the cron log (/var/cron/log) is collected with a NAME of cron_log.

COMPRESS

Specifies that the log file is to be compressed.

CREATENEW

Specifies that when this file is rotated, a new empty file with the same owner, group and permissions should be created in its place. This is useful for log files from CGI scripts since they often run under a different username and/or group than the owner of the directory that holds the log file.

FLOCK

Specifies that flock should be used to obtain a write long on the file after rotating it to ensure that other processes have finished writing to it. In order for this to work properly, the other processes must also use flock to write to the file.

TIMEOUT

Overrides the general TIMEOUT option for this particular file.

TRUNCATE

Do not use this! This option is available for one and only one special case which is the system cron log.

TYPE

Specifies the type for this file. The type is used to group files so they can be processed together and also, there are several file types that require special handling. Some of the special types have their own general and log file specific options. These special types are described in the following table:

APACHE	Apache server logs. After these log files are rotated, the Apache server is restarted using the command specified with the RESTARTAPACHE general option. The default for this option is "/home/apache/bin/apachectl restart"
NETSCAPE*	Netscape server logs. After these logs files are rotated, a HUP signal is sent to the process id read from the file that is specified in the file given in the PIDNETSCAPE* general option. The * indicates that the type name may be extended to allow multiple Netscape servers to run on the same server. The extension added to the NETSCAPE type name must match the PIDNETSCAPE general option, for example NETSCAPE1 and PIDNETSCAPE1.
NUMBERED	Files rotated using the numbering scheme .0, .1, .2, and so on. These files are not rotated by the collector, the rotated files are just collected as they become available starting with .1. The .0 is not used since there is a chance that another process may still be using that file when the collector gets to it. The collector can only handle files that are rotated no more frequently than one per day. This type supports the KEEP and REMOVE log file options.
NFS	Store order and status archives that are named with the following format: `yyyymmdd.<name>` The <name> portion of the file name is taken from the LOGFILE name for this file and yyyymmdd. is prepended to it. This type supports the KEEP and REMOVE log file options.
USERS	These are the user activity log files which have names with the following format: `<name>yyyymmdd` The <name> portion of the file name is taken from the LOGFILE name for this file and yyyymmdd is appended to it. This type supports the KEEP and REMOVE log file options.
TRC	Oracle trace files. Any files that are created on a particular day are concatenated together and collected. These file are named with the following format: `<name>.<ext>` The <ext> portion of the name is taken from the LOGFILE name for this file and <name> can be just about anything. This type supports the KEEP and REMOVE log file options.
WSLOG	World server log files (both User servers and Room servers).

KEEP

For files of type NUMBERED, NFS, USERS or TRC, specifies the number of days to keep files before they are collected.

REMOVE

For files of type NUMBERED, NFS, USERS or TRC, specifies that the file should be removed after it is collected.

Adding a log file to the collector
This checklist steps through the procedure to be used to add a log file to the log file collection process. The collector is configured through a configuration file on the client that the file is to be collected from.

Throughout this checklist there will be references to two machines, the log server (logger.worlds.net, aka the server) and the log client. The client is the machine from which the log file is to be collected.

1.0 LOGIN: Log into the log server, logger.worlds.net, as user logger. From this account and machine it should be possible to use slogin to login to any other machine from which, logs are collected.

2.0 VERIFY LOGGER ACCOUNT: Verify the logger account is installed on the client.

2.A "slogin <client>".

IF THIS FAILS, obtain and follow the "Installing log collector on a client" checklist.

2.B Check the crontab of the root user on the client to verify that it is running the collector:

client% su
Password: ********
client# crontab -l | grep CollectLogs
0 * * * * /home/logger/bin/CollectLogs.pl

IF IT DOES NOT, obtain and follow the "Installing log collector on a client" checklist.

3.0 MODIFY CLIENT CONFIG FILE: The client's config file is:

/home/logger/bin/CollectLogs.config

To add a log file, one line should be added to the file that specifies the location of the file and any options required for handling that file.

3.A READ THE DOCUMENTATION: The "Log Collection Configuration Guide" explains all the options available in the configuration file.

3.B CONSULT THE EXAMPLE CONFIG: Look at the example config file (Example.config) which contains examples of all the types of files currently collected by the collector. If there is one similar (or identical) to the one you are adding, use it as a starting point.

3.C CHECK FOR DUPLICATE NAMES: Compare the name of the log file that you are adding to the names of the other log files mentioned in the config file. If there is a conflict, supply a NAME= option for your log file. (Be sure to look for names in both the actual log file names as well as any NAME= options).

4.0 TEST NEW CONFIGURATION: The new configuration can be tested by waiting for the next scheduled run for the collector (currently it is run hourly) or it can be run by hand. To run it by hand, log in as root and run the collector perl script as follows:

client% su
Password: *******
client% /home/logger/bin/CollectLogs.pl -debug

4.A CHECK LOG FILE FOR ERRORS: Once the collector has run, check the log file for errors. The log file will typically be in /home/logger/log/CollectLogs.log. However, you should check the configuration file to see if another location has been specified by the configuration parameter LOG. If any errors were encountered determine if they were due to changes in the configuration and fix appropriately.

4.B CHECK THE SERVER: Check on the server to see if the log file was stored properly. The default location for the collected logs on the server is /logger/incoming/<client>, where client is the hostname of the client machine. The root directory (/logger/incoming) can be configured on the client machine, so it is a good idea to check there and look for the parameter REMOTEROOT. In that directory you should see the log file with the date appended and another file, in the status subdirectory, with the same name and a ".status" extension. If these files are not present, recheck the collector's log file for errors

Worlds.com Log Files

Logfile

Fields/Data

Category

Server(s)

Directory

Rotation

Comments

access_log
combined_log

IP
ident (probably empty, '-')
authuser (mostly empty, '-')
date/time
request
status
bytes
refURL
agent

Apache

all (?)

/home/www/var/apache/log/
/home/apache/logs/

can use collector

Jeremy - not currently analyzed
Could be modified to collect more data

Example:
63.67.120.226 - - [13/Oct/1999:12:40:00 -0400] "POST /cgi-bin/edit.pl HTTP/1.0" 200 376 "http://www.3dcd.com/cgi-bin/edit.pl" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)"

error_log

Apache Errors

Apache

all (?)

/home/www/var/apache/log/
/home/apache/logs/

can use collector

ditto

Example: none

scripts.log

IP
authuser
date/time
script[:module]
script specific data

???

most

/home/apache/logs/

can use collector, should use flock

Jeremy - read by period.pl, currently reports are broken

Example: See seperate document

vip.log

duration
worldUsername
user
email
cardType
cardNumber
cardExpires
address
city
state
zip
country
unix time()

Store

ss100

/InterShop/Data/log/

Already rotated

Bo - probably won't need data, data available elsewhere
Could have duplicate entries, there may be better place to get this information

Example:
12 J0NNYBLAZE Maria Ditty 6236 Gila RD Visa 4600-0332-0059-6309 08/01 6236 Gila RD El Paso Texas 79905 UNITED STATES 945324364

intershop.log

InterShop error messages

Store

ss100

/InterShop/Data/log/

Already rotated

none

Example: none

order_archive/

'H'
orderNum
date/time
'source'
email
shipName2
shipName1
shipName 3
shipStreet
shipCity
shipState
shipZip
shipCountry
shipRegion (?)
shipPhone
deliveryMode
shipPrice
0
totalPrice
cardType
cardNumber
cardExpires
custName2
custName1
custName3
custStreet
custCity
custState
custZip
custCountry
custRegion
custPhone

'D'
orderNum
productNo
quantity
unitCost
0

Store

ss100

/InterShop/Data/log/

can't be rotated

Bo - files are named by date, may want to retrieve them (via rsync?), but they must be left there. Are they needed for reports?

Example:
H 2906 19990413 123545 source spalecek@hotmail.com stephen palecek suite 15 15 main ave. ocean grove NJ07756 7327759157 1 6.95 0 42.45 stephen palecek suite 15 15 main ave. ocean grove NJ 07756 7327759157
D 2906 HB1037 1 17.75 0
D 2906 HB1016 1 17.75 0

order_archive.3dcd/

orderNum
shipName
shipStreet
shipCity
shipState
shipZip
shipCountry
shipRegion(?)
numBasic
numVIP

Store

ss100

/InterShop/Data/log/

ditto

Example:
"3098","James Ridinger","103 glancy st.","columbus grove","OH","45830",""," ","Basic: 0","VIP: 1"

status_archive/

'S'
orderNum
productNo
status
quantity

status:

`885`	received order at warehouse
`845`	backordered
`831`	hard decline on credit card
`877`	soft decline on credit card
`862`	permanently out of stock
`863`	permanently out of stock
`864`	permanently out of stock
`819`	backorder cancel
`829`	backorder cancel
`875`	shipped
`876`	returned for refund

Store

ss100

/InterShop/Data/log/

ditto

Example:
S 8099 FHB712 831 001

initrefs.log

unix time()
affiliateProgram
affiliateID
IP

Store

ss100

/InterShop/Data/log/affiliate_data/

already rotated, could grab rotated files, probably need to use flock

Bo - Most (all?) data is already in database (see bin/payup.pl). Is this needed for reports?

Example:
945410666 Worlds 102042TD 196.34.250.5

session.log

unix time()
IP
sessionID
referringURL
asciiDate

Store

ss100

/InterShop/Data/log/affiliate_data/

ditto

Example:
945456184 195.147.246.146 1185866859 http://www.encycmet.com/shop/ 1999-12-17@13:43:4

confirmation.log

unix time()
IP
sessionID
confNum

Store

ss100

/InterShop/Data/log/affiliate_data/

ditto

Example:
945453987 152.206.175.62 1492338757 991217-16131

purchase.log

unix time()
confNum
paymentType
product
quantity
totalCost
email
zipcode
description

Store

ss100

/InterShop/Data/log/affiliate_data/

ditto

Example:
945455206 991217-16133 1- Credit Card Online Entry (secure) 9K104-7 1 1775 poppyannie@hotmail.com 75034 Korn - Mesh T-shirt

access

same as Apache access_log

Netscape

ss100

~www/https-storeweb-secure/logs/

already rotated daily

none

Example: See access_log

access_ref

same as Apache access_log, plus

referringURL
userAgent
method
query

Netscape

ss100

~www/https-storeweb/logs/

ditto

none

Example: See access_log

errors

Netscape errors

Netscape

ss100

~www/https-storeweb-secure/logs/
~www/https-storeweb/logs/

ditto

none

Example: none

alert_prod.log

Oracle logging info

Oracle

us1
uk0

/ora1/app/oracle/admin/prod/bdump/

rotate and wait

Is there anything useful?

Example: none

*.trc

errors

Oracle

us1
uk0

/ora1/app/oracle/admin/prod/bdump
/ora1/app/oracle/admin/prod/udump/

just copy and delete

none

Example: none

userfile

serialNo
E-Mail
Hobbies
Musical Tastes
Likes
Dislikes
City
State
Zip-code
Country
Occupation
Age
Sex
Birthdate

uk0

/home/apache/logs/

New user information

Example:
AHAU995623239688
    E-Mail:: Windcha@aol.com
    Hobbies: (public): Collecting, Computers, Music, Soccer, Art
    Tastes: (public): Folk, Oldies, Show Tunes, Pop, Classical
    Likes: (public):
    Dislikes: (public):
    City: (public): Charleston
    State: (public): West Virginia
    Zip-code:: 25312
    Country: (public): UNITED STATES
    Occupation: (public): College/Graduate Student
    Age:: 20
    Sex:: Female
    Birthdate:: December 2, 1979

users/

serialNo
times
totalmins

us1

/home/apache/logs/

Example:
YKZU999536375924 4 13

feedback.log

date/time
username
realname
email
comments

various

/home/apache/logs/

none

Example:
Date: 99 10 29 2:52:49
Username: Twittlebug
Realname: Kandra Pitcher
EMail: Jupiter16T@CS.Com
Comments: It will not let me sign on anymore please help me to discover what is wrong.\n\nThank you

edit.log

serialNo
E-Mail
Hobbies
Musical Tastes
Likes
Dislikes
City
State
Zip-code
Country
Occupation
Age
Sex
Birthdate

us1
uk0
(more?)

/home/apache/logs/

Changes to user information

Example: See userfile

lastlog

unix logins

System

all

/var/adm/

Binary data!

Example: none

sulog

unix superusers

System

all

/var/adm/

none

Example: none

messages

unix errors/warnings

System

all

/var/adm/

rotated by system, grabe the .0 file

none

Example: none

syslog

sendmail
ftpd
rlogind
telnetd
rshd

System

all

/var/log/

rotated by system, grab the .0 file

none

Example: none

{name}US.{pid}.log

date/time
username
IP
clientVersion
'connected' or 'active'
start date/time

UserServer

us1

~wserver/logs/US_.rundir/

rotated weekly

what does 'active' versus 'connected' mean?

Example:
Sun Oct 31 02:05:53 1999 HammerHead (206.141.244.99)
connected since Sun Oct 31 02:05:20 1999

Sun Oct 31 02:05:53 1999 HammerHead (206.141.244.99)
active since Sun Oct 31 02:05:27 1999

{name}US.{pid}.out

date/time
username
keyword
data

UserServer

us1

~wserver/logs/US_.rundir/

rotated weekly

needs further analysis
Is there useful data?
Also lots of error/debug messages

Example:
Oct 31 01:36:14 (Blondie) - USUser::sessionExit: received

{name}RS.{pid}.log

date/time
username
IP
start date/time
numMessages
avatar
(also periodically outputs server stats)

RoomServer

rs100
rs101

~wserver/logs/RS_.rundir/

rotated weekly

none

Example:
Fri Dec 17 14:05:32 1999 LilRog (63.24.129.46)
on since Fri Dec 17 13:41:45 1999
1 text messages, avatar = avatar:boy.mov

{name}RS.{pid}.out

date/time
username
keyword
data

RoomServer

rs100
rs101

~wserver/logs/RS_.rundir/

rotated weekly

none

Example:
Dec 17 14:09:48 (Oggman) - User::sessionExit: received

notification.log

?

CyberCash

ss100

/InterShop/Data/worldsinc-69/logs/

Bo - The notification.log might be useful for seeing why Cybercash rejected
a credit card. In my rewrite of the VIP system, I try to log that
same information.

Example: none
See CyberCash document http://www.cybercash.com/cybercash/merchants/docs/dev.pdf, Appendix A

order.log

?

CyberCash

ss100

/InterShop/Data/worldsinc-69/logs/

ditto

Example: none

serverstat.log

date/time
service
host
port
up/down

Network

oprah

~maint/bin/

use collector with flock

none

Example:
12/17/1999 12:30 GMT - http://freeserve1.chat.worlds.net:80 has become inaccessible
12/17/1999 12:40 GMT - http://freeserve1.chat.worlds.net:80 has become accessible

Other Comments/Notes:

Bo	2DChat/eShare moving to NT, how will logs be collected there?
Matt	uk0's hostname() is us0! Beware!

Records in scripts.log

Common Fields

IP
authuser
date/time
script
keyword

Script	Keyword	Fields	Comments
`emailback.pl`	All	`nUsername` `nCodewords` `email`	number of username/passwords and codewords emailed to address
	Example: `195.44.19.83 [13/12/1999:19:02:16 +0] /cgi-bin/emailback.pl All 1 + 0 to E-Mail: stevebeech@cwcom.net`
`passwd.pl`	Bad	`password`	invalid password entered
	Example: `195.92.197.55 [29/11/1999:21:06:05 +0] /cgi-bin/passwd.pl Bad password: freebyme`
	Changed	`username` `serialNo` `oldPassword`	username is lowercase
	Example: `195.92.194.76 [02/12/1999:13:04:16 +0] /cgi-bin/passwd.pl Changed password for media (FSZU483355353423) from nadine`
`changemail.pl` `chemail.pl`	Changed	`from` `to` `nTimes`	none
	Example: `24.94.60.154 [09/12/1999:05:37:08 +0] /cgi-bin/changemail.pl Changed dbal1@stny.rr.com to dmills1@stny.rr.com 5 times`
`username.pl`	Bad	`password`	invalid password entered
	Example: `205.216.76.186 [12/12/1999:04:19:35 +0] /cgi-bin/username.pl Bad password: 9356510`
	Changed	`serialNo` `from` `to`	none
	Example: `63.23.238.32 [16/10/1999:22:36:40 +0] /cgi-bin/username.pl Changed username of REGV976827332988 from janis to Adell`
`register.pl` /cgi-bin/regah.pl /cgi-bin/regbowie.pl /cgi-bin/regdown.pl /cgi-bin/regfs.pl /cgi-bin/regfsdown.pl /cgi-bin/reghanson.pl /cgi-bin/register.pl /cgi-bin/regrr.pl /cgi-bin/test/register.pl /perl/regbowie.pl /perl/regbowiedown.pl /perl/regdown.pl /perl/regfs.pl /perl/regfsdown.pl /perl/reggq.pl /perl/reghanson.pl /perl/register.pl /perl/regrr.pl /perl/regtest.pl /perl/regtest2.pl /perl/regyankdown.pl	Cleared	`serialNo` `id (?)`	none
	Example: `209.253.236.9 [17/10/1999:08:36:43 +0] /perl/reghanson.pl Cleared HNXV544325773226 for 979945902`
	Re-sent	`serialNo` `oldEmail` `newEmail`	none
	Example: `152.206.0.84 [16/10/1999:23:01:15 +0] /perl/reghanson.pl Re-sent HNXU994375883898 RUBYB2@aol.com -> RUBYB2@aol.com`
	Register	`serialNo` `email`	none
	Example: `164.138.228.83 [16/10/1999:07:58:40 +0] /perl/reghanson.pl Register HNXU953574923532 -> thee92@yahoo.com`
	Sign-up	`serialNo` `email` `trans (?)` `amount`	trans is always '!', huh?
	Example: `24.26.105.220 [07/11/1999:10:16:48 +0] /perl/regrr.pl:BankAccount Sign-up bonuses RRGU866393272875 'bk@cfl.rr.com' ! 5000`
`regbowie.pl`	Allocated	`PIN` `serialNo`
	Example: 195.8.80.36 [22/10/1999:14:53:37 +0] /cgi-bin/regbowie.pl Allocated PIN # 2 to BWXU498247662235
`codeword.pl` `manualdial.pl` `prepay.pl` `bank.pl`	Level	`level` `duration` `serialNo` `email` `trans (?)` `amount`	Mostly redundant with Subscription
	Example: `24.92.219.51 [20/10/1999:17:12:42 +0] /cgi-bin/manualdial.pl:BankAccount Level 1 VIP for 12 months DWLV995623247976 'mdavis51@tampabay.rr.com' ! 7500`
	Renew	`level` `duration` `serialNo` `email` `trans (?)` `amount`	Mostly redundant with Renewal
	Example: 209.20.219.33 [30/11/1999:02:33:09 +0] /cgi-bin/manualdial.pl:BankAccount Renew level 1 VIP + 6 months RGXU499672335893 'freeservechatsupport@wor lds.com' ! 1000
	Renewal	`serialNo` `newlevel` `duration` `amount` `type`
	Example: 216.78.83.3 [13/01/2000:02:58:39 +0] /cgi-bin/manualdial.pl:BankAccount Renewal HANV647225285739 1 6 750 3
	Subscription	`serialNo` `newLevel` `duration` `amount` `type`	none
	Example: `207.90.127.40 [20/10/1999:21:21:24 +0] /cgi-bin/manualdial.pl:BankAccount Subscription HNXU676479633489 1 12 1200 3`
	Cancellation	`reason` `serialNo`
	Example: 168.191.68.15 bank [21/10/1999:12:53:49 +0] /bank/cgi-bin/bank.pl:BankAccount Cancellation 4 DWLV332455779682 ! ! ! !
`/affiliates/*`	Confirmed	`affiliateID` `emails`	There may be multiple emails separated by a space
	Example: 199.174.129.202 [08/01/2000:16:17:28 +0] /affiliates/Korn/Welcome.html Confirmed 105209 crizzie87@hotmail.com Crizzie87@hotmail.com
	Referral	`affiliateID` `first` `last` `email`
	Example: 24.92.75.208 [22/12/1999:20:44:35 +0] /affiliates/Worlds/Agreement1.html Referral 104839 Ben:Dickerson:CompuMM@yahoo.com:
	Registered	`artist` `affiliateID` `emails`	There may be multiple emails separated by a space
	Example: `2`16.90.106.20 [16/12/1999:00:18:24 +0] /affiliates/Worlds/Agreement1.html Registered Worlds 104705 natez@cardinalcommerce.com tims@cardinalcommer ce.com chandrab@cardinalcommerce.com
`newhost.pl`	None!	`serialNo` `username` `email` `oldname`
	Example: 209.204.27.163 [02/12/1999:00:51:33 +0] /cgi-bin/newhost.pl 'HSXV000000000054' 'HOST-Misty' 'grizzly@vtc.net' Shania
`ban.pl`	None!	`serialNo` `username` `accountStatus`
	Example: 209.20.219.33 [08/12/1999:06:05:54 +0] /cgi-bin/ban.pl YKZU229826629344 (I-Hate-Whispers) accountStatus set to 0