If you are using Analog [1] to analyze your web server log files, then you might have noticed a recent increase in hits for “Unknown Windows” in the operating system report.
Most of these hits are actually coming from Windows Vista, but as Analog hasn’t been updated in a while, it doesn’t recognize Vista yet. You need to patch the source of Analog for this functionality.
Download the latest source from the Analog site [2] (analog-6.0.tar.gz or anlg60.zip).
Unpack the archive on your hard drive and look into the src directory.
You need to modify the file “tree.c“.
Look for this code:
if (*c == '5') {
if (*(c + 1) == '.' && (*(c + 2) == '0'))
*name = "Windows:Windows 2000";
else if (*(c + 1) == '.' && (*(c + 2) == '1'))
*name = "Windows:Windows XP";
else if (*(c + 1) == '.' && (*(c + 2) == '2'))
*name = "Windows:Windows Server 2003";
else
*name = "Windows:Unknown Windows";
}
else if (*c >= '6' && *c <= '9')
*name = "Windows:Unknown Windows";
else
and replace it with:
if (*c == '5') {
if (*(c + 1) == '.' && (*(c + 2) == '0'))
*name = "Windows:Windows 2000";
else if (*(c + 1) == '.' && (*(c + 2) == '1'))
*name = "Windows:Windows XP";
else if (*(c + 1) == '.' && (*(c + 2) == '2'))
*name = "Windows:Windows Server 2003";
else
*name = "Windows:Unknown Windows";
}
else if (*c == '6') {
if (*(c + 1) == '.' && (*(c + 2) == '0'))
*name = "Windows:Windows Vista";
}
else if (*c >= '7' && *c <= '9')
*name = "Windows:Unknown Windows";
else
This will tell Analog to recognize user agents such as Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506) as coming from a Windows Visa PC.
Windows Vista's OS string is "Windows NT 6.0".
After you've modified tree.c you need to recompile analog. On most Linux/Unix/Mac systems you just need to run make inside the Analog directory.
Happy compiling and analyzing!