DEPRECATION WARNING

This documentation is not using the current rendering mechanism and is probably outdated. The extension maintainer should switch to the new system. Details on how to use the rendering mechanism can be found here.

EXT: AWStats

Author:Kasper Skårhøj
Created:2002-11-01T00:32:00
Changed:2005-08-12T14:00:49
Author:René Fritz
Email:r.fritz@colorcube.de
Info 3:
Info 4:

EXT: AWStats

Extension Key: cc_awstats

Copyright 2002-2005, René Fritz, <r.fritz@colorcube.de>

This document is published under the Open Content License

available from http://www.opencontent.org/opl.shtml

The content of this document is related to TYPO3

- a GNU/GPL CMS/Framework available from www.typo3.com

Table of Contents

EXT: AWStats 1

Introduction 1

Adminstration 2

Installation 2

Configuration 2

UPDATE AWStats 3

Debugging 3

Security 3

Tutorial 3

How to install AWStats Extension in Windows/Apache environments 3

To-Do list 4

Changelog 4

Introduction

This extension integrates the third party software AWStats into TYPO3 as backend module. The extension includes modules for administrators and users. Externally generated log files can be configured to be analyzed by AWStats like the TYPO3 generated ones.

From http://awstats.sourceforge.net :

AWStats is a **free powerful and featureful tool that generates advanced web, streaming, ftp or mail server statistics, graphically* . This log analyzer works as a CGI or from command line and shows you all possible information your log contains, in few graphical web pages . It uses a partial information file to be able to process large log files, often and quickly. It can analyze log files from all major server tools like Apache log files (NCSA combined/XLF/ELF log format or common/CLF log format), WebStar, IIS (W3C log format) and a lot of other web, proxy, wap, streaming servers, mail servers and some ftp servers.”*

This manual is not fully up to date. An updated overhauled extension will be released later. This is a bugfix release.Stay tuned.

((generated))

((generated))
Important

Security holes was recently found in AWStats versions from 5.0 to 6.4 when AWStats is used as a CGI: A remote user can execute arbitrary commands on your server using permissions of your web server user (in most cases user "nobody").

This extension includes an update to 6.5 version to fix this. Nevertheless my opinion is that in normal circumstances this extension is not affected by these security issues. For more information have a look in the section “security”.

img-1

Adminstration

Installation

If you didn't used the logfile functionality yet, you have to configure it.

First put in localconf.php or use the Install-Tool:

$TYPO3_CONF_VARS["FE"]["logfile_dir"] = my_logfile_dir/

This is the path where Typo3 should write webserver-style logfiles to.

This path must be write-enabled for the webserver!

Now enable logfile writing in your template with TypoScript:

config.stat = 1
config.stat_apache = 1
config.stat_apache_logfile =mydomain.log

// you can use this if you want database logging also but it's not needed
config.stat_mysql = 1

Important: you have to create the (empty) logfile by your own. Typo3 won't do it.

Remember to make it writable for the webserver.

Have a look if the awstats.pl script is executable (e.g. chmod 0755) for the webserver.

Just call the module from the backend. I hope everything else is self explanatory.

Configuration

Inside of the module you will be asked to configure your logfiles. Follow the instructions.

img-2

UPDATE AWStats

If you want to update the AWStats script to a newer version replace the files in the awstats/ folder of the extension. files/folders:

Insert after the first line (#!...) of the awstats.pl script three lines that it looks like that:

#!/usr/bin/perl

if (!$ENV{'TYPO3_MAGIC'}) {
  return;
}

Do not overwrite awstats.conf. If an update of this file is needed then have a look at the options I changed. Especially search for things like __AWS_DIR__. There's no need to set up the conf file for a particular domain!

Debugging

Apart from many satisfied users of the AWStats module there are some people with problems to get it run. Because the module is a wrapper for a perl script (AWStats itself) it's a bit hairy to make the module work in some environments or detect if it won't work.

For those people who have problems there's a new debug mode in the module. If the AWStats script fails for some reason the debug output will be shown automatically. But you can force the module to show debug output if it's needed:

Open the logfile link in a new window (with shift-click, or a right click option). You see the url in your new browser window. Something like that:

...index.php?config=typo3lab.colorcube.de&logfile=typo3lab.log&domains=typo3lab.colorcube.de

add '&dbg=1' to the url:

.....&domains=typo3lab.colorcube.de&dbg=1

That should bring some debug output. Maybe that helps you. Otherwise save the page and send it to me with a description if you maybe have a special server or a special setup.

Security

A security hole was recently found in AWStats versions from 5.0 to 6.4 when AWStats is used as a CGI: A remote user can execute arbitrary commands on your server using permissions of your web server user (in most cases user "nobody").

As you see security holes were found in older versions of AWStats. This is related to parameters that can be passed to the awstats.pl script which is in general a normal thing. But one could used that feature to force an unwanted behavior of the script.

How is the situation with this extension?

The current version of AWStats which is used by this extension is not known to have a security hole.

If your webserver was not configured to run CGI script inside your whole webspace (which is very uncommon), but only in a cgi-bin directory for example, the found security hole had no effect on this extension.

The extension is designed to call the awstat.pl Perl script directly and not as a CGI script. This means the included AWStats script can't be called from the outside with a browser.

Tutorial

How to install AWStats Extension in Windows/Apache environments

by Jesper Scheuer Nielsen < jesper@scheuers.dk >

1. Install Perl (if not installed) in fx. /apache2/cgi-bin/ (Ex. ActivePerl from http://www.activestate.com/ )

  1. Change the following in the Apache configuration/httpd.conf:
Customlog "custom" -> "combined"
  1. Download & install the Extension from Extension Repository.
  2. Add the following in the httpd.conf:
ScriptAlias /cgi-bin/ "C:/<websitedir>/"
<Directory "C:/<websitedir>">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
AddHandler cgi-script .pl .cgi
  1. Make the following changes in the awstats.pl file (line 1):
#!c:/apache2/perl/bin/perl.exe

(Or where you installed the Perl)

7. Set the place in the Typo3-configuration, where Typo3 should look for the log-files. ([FE][logfile_dir]).Usually they reside in /apache2/logs , but if you've made changes in the httpd.conf file, or have made a special typo3 log file, they may be somewhere else.

8. Now log in to the AWStats backend module, configure the files, and you're ready to go :-)

To-Do list

overhaul the whole extension and make the module available in web- module (in production)

Changelog

  • updated to version 6.5 of AWStats due to a vulnerability
  • activated tooltip plugin
  1. 0.9
  • updated to version 6.4 of AWStats
  • moved AWStats in extra folder
  • corrected css file
  1. 0.8
  • updated to version 6.3 of AWStats
  • fixed small bugs

img-3 EXT: AWStats - 4