I have some iPlanet logs and am not sure what each line means. I found some info at [docs.sun.com...] but it doesn't explain everything. Below is an example of what I'm seeing.
[13/Dec/2006:13:51:01 -0600] hostName imapd: Account Notice: close [22.214.171.124] Bob 2006/12/13 13:50:23 0:00:38 262 733 0
I get the first part is the date/time the event happened. Next is the hostName. Next is processname/pid (imapd). Then category and log level (Account Notice). Next, event message (close) and IP address causing the event [126.96.36.199]. Next is username (Bob). Next is date/time the user logged in (12/13/2006 13:50:33). Next looks to be length logged on (0:00:38). I have no idea what those last 3 number mean.
Can someone tell me what they mean and confirm what I think everything else means?
Two of the last three are going to be kb sent and received, probably. The other one could be a substatus, which is often 0.
If you google on "iplanet server logs field names" you might get some more helpful sources.
iPlanet logs in my experience have one gigantic quirk --- most of them seem to record the events out of order (within certain limits), to the extent that many analysis programs can't handle it. The simple programs that don't try to sessionize hits don't really have issues, but the others might --- for example when trying to figure out what the entry page of a visit is. So, in the past we've had to sort iPlanet logs before submitting them to an analysis program. Just FYI.