Anyone?

... it is hard to tell with so few details.
Do you log further variables beyond the COMMON default?
Do you even log additional private variables %{p1} with apache_note out of PHP scripts into the common log file?

The only thing that comes into my mind is: if you log the X-FORWARDED-FOR sent by some proxies, it may contain more than just one IP address.

Regards,
R.

MrMacphisto

Can you past a few complete lines from the raw log file and more importantly, a copy of the CustomLogs and any other related (logformat, etc) Apache directives.

The reason that the directives are useful is that they tell us what Apache has been directed to record in the log:

CustomLog /docs/logs/access.log "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"

Larry

Thanks for your responses. I've no experience with server admin, so my apologies.

A few common entries -

68.*.*.* - - [21/Jul/2005:16:19:34 -0700] "GET /some-file.html HTTP/1.0" 200 2118 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050405 Firefox/1.0 (Ubuntu package 1.0.2)"

212.*.*.* - - [21/Jul/2005:09:00:45 -0700] "GET /css.css HTTP/1.0" 200 2137 "/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"

A sample double IP entry -

82.*.*.*, 62.*.*.* - - [02/Aug/2005:10:14:08 -0700] "GET /css.css HTTP/1.0" 200 2137 "referrer" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.8) Gecko/20050511 Firefox/1.0.4"

A sample triple entry -

10.*.*.*, 132.185.*.*, 132.185.*.* - - [04/Aug/2005:04:31:15 -0700] "GET / HTTP/1.0" 304 - "referrer" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"

I don't have access to the httpd.conf because the site in question is on a shared host. (lesson learned)
From the support pages on the host it seems only the default variables are being logged.

I was leaning towards proxies as an explanation and X-FORWARDED-FOR (default variable?) would make sense. Thanks again for your input.