Saturday, May 03, 2008

Klatt's clunkers 4: Bernard Klatt mistakes the combined log format for the common log format

We have seen that Bernard Klatt is the technology "expert" regularly summoned to defend those accused under section 13. In the Zundel hearing his testimony was dismissed as tendentious and incompetent, and that there are a number of ways in which his testimony in Warman v. Lemire is substandard (see the posts in the Klatt's clunkers series list at the bottom of this paragraph). Here is one of his paragraphs from his affidavit (which can be seen in full here):
    Bernard Klatt
Unfortunately for Klatt, however, this is simply wrong. The Common Log Format has seven elements (see here):
    The Common Log Format (CLF) is a fairly basic form of Web server logging. It tracks seven different elements of the Web transaction. Each request is written to one line, with the different elements of the request separated by spaces (items in quotes or square brackets are considered one item), and items that aren't sent are listed as a hyphen or dash (-):
    1. The remote host: the hostname or IP address of the computer requesting the Web page.
    2. The client user name…
    3. Authenticated user name…
    4. Date…
    5. The Request…
    6. Status…
    7. Bytes: the number of bytes that were sent in the server's response.
    Here's how the log entry might look for this Web page in Common Log Format:
      10.1.1.1 - - [08/Feb/2004:05:37:49 -0800] "GET /cs/loganalysistools/a/aaloganalysis.htm HTTP/1.1" 200 2758
As you can see, no user agent data is logged under the Common Log Format. To log that, one must use the Combined Log Format (see here):
    The Combined Log Format uses the common log format but adds two items to the end:
    • Referrer: the URL of the page that linked to the requested document.
    • User-agent: the name and version of the browser or other client software making the request.
    Here's how the log entry might look for this Web page in Combined Log Format:
      10.1.1.1 - - [08/Feb/2004:05:37:49 -0800] "GET /cs/loganalysistools/a/aaloganalysis.htm HTTP/1.1" 200 2758 "http://webdesign.about.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; YPC 3.0.2)"
Which log format was used in the freedomsite logs that Klatt consulted? Here is one entry:
    Oct15LogGuest(CombinedLogs)
Since this entry includes the referring url (blue underline), and the user agent string (red underline), it is the Combined Log Format.

Yet another of Klatt's clunkers, then.   There may be those who think that this is a simple quibble. That he is unable to get the basic terms correct, however, is consistent with the concern raised in the final decision of Zundel hearing, where he was criticized for being "unable to answer elementary questions in his field". It should be noted in addition, however, that Klatt's most serious errors in the 90sAREover matter relate to logs such as this. That he can't get the basic terms right is not confidence inspiring.

(The quoted material above have been edited and reformated slightly; for less technical descriptions of log formats, see here and here; more technical, here.)


Other posts in the Klatt's clunkers series:

No comments: