This is release 1.3b of webalizer-asn Copyright (C) 2003-2007, Marco Steinacher Init Seven AG http://www.init7.net ABOUT This version is based on version 2.01-10 of The Webalizer extended by the AS number (ASN) lookup feature. The Webalizer is a cool web server analysis program written by Bradford L. Barrett. See http://www.webalizer.org for more information. With this extension The Webalizer has the ability to perform AS number lookups to generate additional statistics. The AS number identifies the AS (Autonomous System) a host is belonging to. An Autonomous System is a group of IP networks operated by one or more network operator/s which has a single and clearly defined external routing policy. (See RFC1930 for more information about AS numbers.) It can be useful for high-traffic sites and ISPs when they know from which networks their visitors come from. For example they can plan future peerings or other things based on this information. This document attempts to explain how it works and some things that you should be aware of when using the AS number lookup features. STATUS Please note that this is BETA-software that has NOT been tested on many systems with different configurations. See CHANGES.ASN for information about bugfixes etc. INSTALLATION 1. Download the Source at http://www.init7.net/webalizer_asn/. 2. Minimal installation steps: ./configure --enable-dns --enable-asn make make install If you get errors you maybe have to add other options for configure. For example: --with-dblib=/usr/lib or --with-dblib=/usr/local/lib --with-db=/usr/include/db1 --with-gdlib=/usr/local/lib See also the FAQ at http://www.mrunix.net/webalizer/faq.html. The option --enable-asn enables the ASN feature. If you enable the ASN feature you *must* also enable the DNS feature with '--enable-dns' See DNS.README for additional information. 3. Add a line to your crontab to update the ASN DB file regularly. See DOWNLOADING AND UPDATING THE ASN DB FILE below. HOW IT WORKS ASN lookups are made against an ASN DB file containing routes and AS numbers. Because the ASN lookup needs the IP address of each host also non-reverse DNS lookups are required. These are automatically made when he ASN feature is enabled. They are done like the reverse lookups using the same cache file etc. To enable the ASN feature you must either use the '-B' command line switch, or the 'ASNDB' configuration keyword. If no DB file is specified, no attempts to perform ASN lookups will be done. Note, that you also have to enable the DNS feature if you enable ASN lookups ('-D' or 'DNSCache, see DNS.README) unless you specify use the ASNWithoutDNS (-b) option (see hint 2 below). Hint 1: If you want reliable results or you see too much 'UNKNOWN' AS numbers in the report, it is recommended that you disable hostname lookups (HostnameLookups Off in your Apache configuration) and let The Webalizer do the hostname lookups. That is because the hostnames in the logfile may be outdated or unresolvable (e.g. dialup network of ISPs that only have reverse DNS records) and then the ASN lookups give you wrong or 'UNKNOWN' AS numbers. Hint 2: If you are only interested in IP addresses and AS numbers then you can speedup The Webalizer by disabling DNS lookups and using the ASNWithoutDNS (-b) option. But remember: In this case the logfile *must* only contain IP addresses but no hostnames! Other options/configuration keywords related to the ASN feature are: -O / TopASNs : Number of top AS numbers to be listed -Z / ASNGraph : Supress AS number graph AllASNs : Generate HTML page with all AS numbers DumpASNs : Dump all AS numbers to a tab separated file (asn_YYYYMM.tab) EXAMPLE webalizer -c test.conf -N 10 -D dns_cache.db -B /var/local/asn_db /var/log/my_www_log This will use the configuration file 'test.conf' to obtain normal configuration options such as hostname and output directory... it will use the DNS cache file 'dns_cache.db' (using 10 child processes) in the default output directory and the ASN DB file '/var/local/asn_db'. (Of course you can use the keywords DNSCache, DNSChildren and ASNDB in the configuration file instead of using the options -D, -N and -B.) DOWNLOADING AND UPDATING THE ASN DB FILE The ASN DB file is in the Alligator database format (ADB), generated by the Piranha/Alligator BGP route collector. Visit http://www.netlantis.org for more information. You can download a current ASN DB file from: http://www.init7.net/webalizer_asn/alligator/webalizer_asn.adb.gz It is recommended to update this ASN DB file weekly (e.g. with a cronjob). You can use the script webalizer-update-asndb to do so. CONSIDERATIONS Processing of live log files is discouraged, as the chances of log records being written between the time of ASN/DNS resolution and normal processing will cause problems. ASNDB-READER When compiling The Webalizer the tool 'asndb-reader' will be created in the source directory. You can use it to dump the content of the ASN DB file or to lookup the AS number for an IP address or even process a file with IP addresses. With this feature you can query the AS numbers for list of IP addresses very fast. CONTACT Send bug reports, suggestions, comments to msteinacher@init7.net. URL: http://www.init7.net/webalizer_asn/ COPYRIGHT Copyright (C) 2003-2007 Marco Steinacher, Init Seven AG webalizer-asn is free software. See the file COPYING for copying conditions. EOF