If you are using Analog to analyze your web server log files, then you might have noticed a recent increase in hits for “Unknown Windows” in the operating system report.

Most of these hits are actually coming from Windows Vista, but as Analog hasn’t been updated in a while, it doesn’t recognize Vista yet. You need to patch the source of Analog for this functionality.

Download the latest source from the Analog site (analog-6.0.tar.gz or anlg60.zip).

Unpack the archive on your hard drive and look into the src directory.

You need to modify the file “tree.c“.

Look for this code:

	if (*c == '5') {
	  if (*(c + 1) == '.' && (*(c + 2) == '0'))
	    *name = "Windows:Windows 2000";
	  else if (*(c + 1) == '.' && (*(c + 2) == '1'))
	    *name = "Windows:Windows XP";
	  else if (*(c + 1) == '.' && (*(c + 2) == '2'))
	    *name = "Windows:Windows Server 2003";
	  else
	    *name = "Windows:Unknown Windows";
	}
	else if (*c >= '6' && *c <= '9')
	  *name = "Windows:Unknown Windows";
	else

and replace it with:

	if (*c == '5') {
	  if (*(c + 1) == '.' && (*(c + 2) == '0'))
	    *name = "Windows:Windows 2000";
	  else if (*(c + 1) == '.' && (*(c + 2) == '1'))
	    *name = "Windows:Windows XP";
	  else if (*(c + 1) == '.' && (*(c + 2) == '2'))
	    *name = "Windows:Windows Server 2003";
	  else
	    *name = "Windows:Unknown Windows";
	}
	else if (*c == '6') {
	  if (*(c + 1) == '.' && (*(c + 2) == '0'))
	    *name = "Windows:Windows Vista";
	}
	else if (*c >= '7' && *c <= '9')
	  *name = "Windows:Unknown Windows";
	else

This will tell Analog to recognize user agents such as Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506) as coming from a Windows Visa PC.

Windows Vista's OS string is "Windows NT 6.0".

After you've modified tree.c you need to recompile analog. On most Linux/Unix/Mac systems you just need to run make inside the Analog directory.

Happy compiling and analyzing!