Awstats & Webalizer

Hi there, I have two question (one which may be more geared towards an apache question)

First of all, neither webalizer nor awstats record referrals or search engines. I enabled it on webalizer and awstats has it enabled but webalizer does not show a list and awstats says everything is of unknown origin.

Secondly, I seem to need to log into webmin to view stats via awstats. There is no URL that i can go to for each domain ( It works for webstat in regards to webalizer, however.

So, what changes do I have to make to see referrals and what do I have to change to be able to view awstats via every domain?

Another quick question is, how do I enable a password protected directory via webmin?


Okay, well figured out the referral thing. All of my virtualhosts had "common" rather than "combined" in the CustomLog directive. I assume that will fix it.

I am looking for the password protected option as well!

There is a dedicated Webmin module, called Protected Web Directories in the Others category, for creating and managing password protected directories, which you can grant your domain owners access to…though I think it might be appropriate to add a checkbox option for both of the stats pages to automatically setup password protection for the webalizer stats path.

I’ll file a wish issue for Jamie to add such a checkbox for Webalizer to automatically setup password protection.

Next up, awstats is a bit more complex to make accessible on a public URL, as it requires a cgi script. The problem there is that SuExec kicks in on each domain making the in the system default web root unrunnable. So we have to workaround it in one of several ways:


[]Copy the script to the users cgi-bin, and chown it to the domain user. Problematic because can open up security problems if it has bugs (and it has had a few pretty serious bugs…though none in the last few months), and we don’t want to have to update dozens or hundreds of scripts every time an update rolls out.[/]

[]Create a domain just for awstats, that doesn’t have SuExec, such as awstats.domain.tld, so it can run the primary system script. I don’t know, off-hand, if it is safe to do it this way from the perspective of revealing other domains data.[/]

[]Disable SuExec for one path within the domain. I’m not sure this one is actually possible/safe. I’ll have to look into it.[/]

[]The best option is probably a very simple wrapper script that runs with the right command line and script ownership. I believe this could work, and answer all of the problems in the above options. I’ll have to look into it.[/]


I know Jamie and I have talked about it in the past, and I believe there is even some code somewhere in Virtualmin to deal with it in some way, but I don’t remember exactly how it all shook out. I think it was something along the lines of: Nobody has asked to be able to do it yet, so let’s cross that bridge when somebody actually wants to do it. Time to cross the bridge I guess. :wink:

On the log format thing, you are correct about the cause and solution. You can change it in the Server Template(s) that you use, so you always get the combine log format (I believe we probably ought to make it the default…seems more users are upset about not having it than would be upset about the extra space used for storage and CPU usage on processing the logs). Anyway, click on the template you want to edit, and select the "Apache website" option from the dropdown section list. In the "Directives and settings for new websites" locate the line that reads:

CustomLog ${HOME}/logs/access_log common

And change it to:

CustomLog ${HOME}/logs/access_log combined

I think that answers all of the queries. Sorry for the slow reply on getting a complete answer posted.