.. You may want to use the usual include line. Uncomment and adjust the path. .. include:: ../Includes.txt ============ EXT: AWStats ============ :Author: Kasper Skårhøj :Created: 2002-11-01T00:32:00 :Changed: 2005-08-12T14:00:49 :Author: René Fritz :Email: r.fritz@colorcube.de :Info 3: :Info 4: .. _EXT-AWStats: EXT: AWStats ============ Extension Key: **cc\_awstats** Copyright 2002-2005, René Fritz, This document is published under the Open Content License available from http://www.opencontent.org/opl.shtml The content of this document is related to TYPO3 \- a GNU/GPL CMS/Framework available from www.typo3.com .. _Table-of-Contents: Table of Contents ----------------- **EXT: AWStats 1** **Introduction 1** **Adminstration 2** Installation 2 Configuration 2 UPDATE AWStats 3 Debugging 3 Security 3 **Tutorial 3** How to install AWStats Extension in Windows/Apache environments 3 **To-Do list 4** **Changelog 4** .. _Introduction: Introduction ------------ This extension integrates the third party software AWStats into TYPO3 as backend module. The extension includes modules for administrators and users. Externally generated log files can be configured to be analyzed by AWStats like the TYPO3 generated ones. From `http://awstats.sourceforge.net `_ : “ *AWStats is a **free powerful and featureful tool that generates advanced web, streaming, ftp or mail server statistics, graphically** . This **log analyzer** works as a **CGI or from command line** and shows you all possible information your log contains, in **few graphical web pages** . It uses a partial information file to be able to process large log files, often and quickly. It can analyze log files from all major server tools like Apache log files (NCSA combined/XLF/ELF log format or common/CLF log format), WebStar, IIS (W3C log format) and a lot of other web, proxy, wap, streaming servers, mail servers and some ftp servers.”* This manual is not fully up to date. An updated overhauled extension will be released later. This is a bugfix release.Stay tuned. .. _generated: ((generated)) ^^^^^^^^^^^^^ .. _generated: ((generated)) """"""""""""" .. _Important: Important ~~~~~~~~~ Security holes was recently found in AWStats versions from 5.0 to 6.4 when AWStats is used as a CGI: A remote user can execute arbitrary commands on your server using permissions of your web server user (in most cases user "nobody"). This extension includes an update to 6.5 version to fix this. Nevertheless my opinion is that in normal circumstances this extension is not affected by these security issues. For more information have a look in the section “security”. |img-1| .. _Adminstration: Adminstration ------------- .. _Installation: Installation ^^^^^^^^^^^^ If you didn't used the logfile functionality yet, you have to configure it. First put in localconf.php or use the Install-Tool: :: $TYPO3_CONF_VARS["FE"]["logfile_dir"] = my_logfile_dir/ This is the path where Typo3 should write webserver-style logfiles to. This path must be write-enabled for the webserver! Now enable logfile writing in your template with TypoScript: :: config.stat = 1 config.stat_apache = 1 config.stat_apache_logfile =mydomain.log // you can use this if you want database logging also but it's not needed config.stat_mysql = 1 Important: you have to create the (empty) logfile by your own. Typo3 won't do it. Remember to make it writable for the webserver. Have a look if the awstats.pl script is executable (e.g. chmod 0755) for the webserver. Just call the module from the backend. I hope everything else is self explanatory. .. _Configuration: Configuration ^^^^^^^^^^^^^ Inside of the module you will be asked to configure your logfiles. Follow the instructions. |img-2| .. _UPDATE-AWStats: UPDATE AWStats ^^^^^^^^^^^^^^ If you want to update the AWStats script to a newer version replace the files in the awstats/ folder of the extension. files/folders: Insert after the first line (#!...) of the awstats.pl script three lines that it looks like that: :: #!/usr/bin/perl if (!$ENV{'TYPO3_MAGIC'}) { return; } Do **not** overwrite awstats.conf. If an update of this file is needed then have a look at the options I changed. Especially search for things like \_\_AWS\_DIR\_\_. There's no need to set up the conf file for a particular domain! .. _Debugging: Debugging ^^^^^^^^^ Apart from many satisfied users of the AWStats module there are some people with problems to get it run. Because the module is a wrapper for a perl script (AWStats itself) it's a bit hairy to make the module work in some environments or detect if it won't work. For those people who have problems there's a new debug mode in the module. If the AWStats script fails for some reason the debug output will be shown automatically. But you can force the module to show debug output if it's needed: Open the logfile link in a new window (with shift-click, or a right click option). You see the url in your new browser window. Something like that: :: ...index.php?config=typo3lab.colorcube.de&logfile=typo3lab.log&domains=typo3lab.colorcube.de add '&dbg=1' to the url: :: .....&domains=typo3lab.colorcube.de&dbg=1 That should bring some debug output. Maybe that helps you. Otherwise save the page and send it to me with a description if you maybe have a special server or a special setup. .. _Security: Security ^^^^^^^^ A security hole was recently found in AWStats versions from 5.0 to 6.4 when AWStats is used as a CGI: A remote user can execute arbitrary commands on your server using permissions of your web server user (in most cases user "nobody"). As you see security holes were found in older versions of AWStats. This is related to parameters that can be passed to the awstats.pl script which is in general a normal thing. But one could used that feature to force an unwanted behavior of the script. How is the situation with this extension? The current version of AWStats which is used by this extension is not known to have a security hole. If your webserver was not configured to run CGI script inside your whole webspace (which is very uncommon), but only in a cgi-bin directory for example, the found security hole had no effect on this extension. The extension is designed to call the awstat.pl Perl script directly and not as a CGI script. This means the included AWStats script can't be called from the outside with a browser. .. _Tutorial: Tutorial -------- .. _How-to-install-AWStats-Extension-in-Windows-Apache-environments: How to install AWStats Extension in Windows/Apache environments ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ by Jesper Scheuer Nielsen < `jesper@scheuers.dk `_ > 1. Install Perl (if not installed) in fx. /apache2/cgi-bin/ (Ex. ActivePerl from `http://www.activestate.com/ `_ ) 2. Change the following in the Apache configuration/httpd.conf: :: Customlog "custom" -> "combined" 3. Download & install the Extension from Extension Repository. 4. Add the following in the httpd.conf: :: ScriptAlias /cgi-bin/ "C://" "> AllowOverride None Options None Order allow,deny Allow from all AddHandler cgi-script .pl .cgi 5. Make the following changes in the awstats.pl file (line 1): :: #!c:/apache2/perl/bin/perl.exe (Or where you installed the Perl) 7. Set the place in the Typo3-configuration, where Typo3 should look for the log-files. ([FE][logfile\_dir]).Usually they reside in /apache2/logs , but if you've made changes in the httpd.conf file, or have made a special typo3 log file, they may be somewhere else. 8. Now log in to the AWStats backend module, configure the files, and you're ready to go :-) .. _To-Do-list: To-Do list ---------- overhaul the whole extension and make the module available in web- module (in production) .. _Changelog: Changelog --------- - updated to version 6.5 of AWStats due to a vulnerability - activated tooltip plugin V. 0.9 - updated to version 6.4 of AWStats - moved AWStats in extra folder - corrected css file V. 0.8 - updated to version 6.3 of AWStats - fixed small bugs |img-3| EXT: AWStats - 4 .. ######CUTTER_MARK_IMAGES###### .. |img-1| image:: img-1.png .. :align: left .. :border: 0 .. :height: 227 .. :id: Grafik4 .. :name: Grafik4 .. :width: 417 .. |img-2| image:: img-2.png .. :align: left .. :border: 0 .. :height: 209 .. :id: Grafik1 .. :name: Grafik1 .. :width: 299 .. |img-3| image:: img-3.png .. :align: left .. :border: 0 .. :height: 32 .. :id: Graphic1 .. :name: Graphic1 .. :width: 102