Dissemino logfiles are quite verbose and pump out at least three lines per request plus a forth blank line for human readability. The default output format has request details such as IP address, location and language code, cookie if supplied, refering page if supplied and of course the URL - on the first line. On the second line are extra details such as the event number (total requests since startup), the socket the client is connected on together with a number of running totals associated with the IP address (since startup). The third line is a timing report - how long in nanoseconds it took to receive and process the request and to deliver the response.

Dissemino does not automatically issue cookies to keep track of visitors but it does keep track of IP addresses. And against each it keeps a running total of the following events:-

    1)  Number of requests for robot.txt, this is a good indicator of activity by robots.
    2)  Total resources requested (this will be the sum of the items below)
    3)  Articles requested (from such as an online tree-navigated multi-page document)
    4)  Pages requested, normal pages declared with an <xpage>.
    5)  Scripts requested, including CSS stylesheets.
    6)  Images requested
    7)  Special requests (such as admin pages)
    8)  Requests for fixed sized cached resources such as google authentication identifiers
    9)  Form submissions
    10) Requests for non-existant resources (a good indicator of a hack attempt)

Even with logging suppression, applying to scripts, whenever non-script requests occur these running totals for the IP address show in the logs and reveal much about the user's approach to the website even if they reveal nothing about the users themselves. The users of particular interest, apart from the hackers, are the ones who hit say the homepage and browse a few pages - because these are the one who might buy something! And they stand out reasonably easily with running total. They don't if all the hits appear equal.