Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Contact Us
Online Help
Domain Status
Man Pages

Virtual Servers

Topology Map

Server Agreement
Year 2038

USA Flag



Man Pages

Manual Reference Pages  -  SNOWLOG (1)


snowlog - web server access log browser and analyzer




snowlog [-hfV] [--help|--logfile|--version]


Snowlog is a webserver access log browser/analyzer. It does not generate static reports, but let’s you browse through the requests in real time. Filters that accept regular expressions can be applied.


You can apply a filter to the current list of requests by pressing ’f’. Snowlog will present you a list of all filters it knows. Press the key next to the filter you want, to apply it. To get an unfiltered list again, just hit ’enter’ here.

The filters are read from the global file in /usr/local/share/snowlog/filters. You can put any site wide filters into this file. To add your own filters, put them into ~/.snowlog/filters.

The format of this file is described in the following:

[filter name]
type =match this
type !do not match this
type >200

Fields must be seperated by a single tab character! The name in brackets starts a new filter section. This is also the name of the filter snowlog will show. The following filter types are currently defined:

httpstatus server status reply (no regexps!)
content_length size of the transfered resource (no regexps!)
method GET/POST/etc.
request the resource requested
mime_type MIME type of the transferer resource
referer referer of this request
useragent useragent string
vhost virtual host for this request
authname logged user for this request
loghint loghint supplied by the server (see installation README)

In front of the string to match you must place an operator to tell snowlog if you either want this string to match or not to match. Of course you can also just use a regular expression to implement this logic.

= matches/is equal
! does not match/is not
> is greater than (only works for integers)
< is less than (only works for integers)

A filter that shows all requests of MP3 files on a virtual host that are at least 2MB in size, contain the string "scene" and were successfully delivered by the server would look like this:

[My legal MP3z]
mime_type =audio/mpeg
content_length >2097152
request =scene
httpstatus <300

User agent and search engine strings

Snowlog tries its best to make user agent strings and search engine queries look decent. It uses a collection of regular expressions to convert strings like "Snownews/1.5.2 (Linux; de_DE.UTF-8@euro;" into "Snownews/1.5.2 (Linux)". It also tries to parse search engine referers and extracts the query so you can see what the person looked for much easier. It will look like "Google: cool access log analyzer" in the program.

Snowlog already knows a lot of search engine and user agent strings. You can find the global definitions in the files useragents.regexp and referers.regexp in the directory /usr/local/share/snowlog. If you want to add your own regular expressions, put them into ~/.snowlog/useragents.regexp and ~/.snowlog/referers.regexp respectively. Do not edit the global definitions as they get overwritten when you install a new version of snowlog.

Referer Spam

If you have a log with so much referer spam that it becomes tedious to browse the request you can filter out these requests easily. If you select a host, you can press ’s’ to tell Snowlog it is spam. Snowlog will then remove all requests from this IP and all requests that have the same base URL referer.


You have a request

If you select this request and hit ’s’ Snowlog will remove all requests from and all referers that contain from the display.

Please note that Spam filters will only be applied in filtered lists and never in the unfiltered view of all requests. If you select a single request and not a host and hit the despam key (’s’) only the referer and not the IP will be added to the blacklist.

These filters will not be remembered over a restart. Lists of IPs will get very long and referers will change daily so it just doesn’t make sense. For permanent spam filtering use the normal filters of Snowlog.

More functions

Press ’h’ to get an overview of all keys that are bound to a function. You can open the referer in your web browser by pressing ’o’. Unlike all web based log analyzers this will not send any referer back to the page. You can open the resource that was requested on your server with ’O’. The browser that will me used can be customized by editing ~/.snowlog/browswer. The default that will be used is lynx. See for more details on how to setup the browser.


--logfile or -f file
Load the logfile "file" instead of the default. The system default logfile can be set by creating a symlink /usr/local/share/snowlog/default.log which points to the logfile to load. A user can set her or his own default by creating a similar symlink ~/.snowlog/default.log which overrides the system default. Finally this command line option overrides every default setting.

--help or -h
Display short summary.

--version or -V
Display program version.




If you think you’ve hit a bug, please report it. You can do so in English or German.


Oliver Feiler <>
Search for    or go to Top of page |  Section 1 |  Main Index

Programs SNOWLOG (1) 03 June 2005

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.