iso, my question now is: this "bad" request should already be logged in apache-format when the "only served requests" is disabled.
if you confirm this, i guess the only thing you miss is the "password" information.
am i right?
Only served requests is disabled.
Bad login is only refered to as 401, or as "failure" in various report sections in Analog.
No reason given. Event scripts don't show with apache format.
I fear apache format is becomming inadequate as HFS evolves.
I'm working on the event scripts and "add to log" (regular log).
I think this may be a better direction, and is showing promise, but I may need help eventually.
It will be some hours before I'll know whats possible.
Is there any hope that you might make a small (but badly needed) change to the regular log?