User: Appnut
SERVER_SOFTWARE is set to Apache/1.3.12 (Unix) PHP/4.0.3pl1
GATEWAY_INTERFACE is set to CGI/1.1
DOCUMENT_ROOT is set to /usr/local/www/htdocs/classicappliances
REMOTE_ADDR is set to 216.23.15.143
REQUEST_METHOD is set to POST
QUERY_STRING is set to 
HTTP_ACCEPT is set to application/vnd.ms-excel, application/msword, ap
+plication/vnd.ms-powerpoint, image/gif, image/x-xbitmap, image/jpeg, 
+image/pjpeg, */*
REMOTE_PORT is set to 46795
SERVER_ADDR is set to 216.23.15.143
HTTP_ACCEPT_LANGUAGE is set to en-us
HTTP_ACCEPT_ENCODING is set to gzip, deflate
SCRIPT_FILENAME is set to /usr/local/www/htdocs/classicappliances/cgi-
+bin/userlogin.cgi
SERVER_NAME is set to classicappliances.com
HTTP_PRAGMA is set to no-cache
SERVER_PORT is set to 80
PATH_TRANSLATED is set to /usr/local/www/htdocs/classicappliances/cgi-
+bin
SERVER_ADMIN is set to [no address given]
SCRIPT_URI is set to http://classicappliances.com/cgi-bin/cgiwrap/clas
+sicappliances/userlogin.cgi
SCRIPT_URL is set to /cgi-bin/cgiwrap/classicappliances/userlogin.cgi
SERVER_SIGNATURE is set to <ADDRESS>Apache/1.3.12 Server at classicapp
+liances.com Port 80</ADDRESS>

SERVER_PROTOCOL is set to HTTP/1.0
HTTP_REFERER is set to http://classicappliances.com/NEW%20DISCUSS/DISP
+LAY%20PAGES/NEW%20DISCUSS%20LOGIN.htm
HTTP_USER_AGENT is set to Mozilla/4.0 (compatible; MSIE 5.01; Windows 
+95)
PATH is set to /usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/usr/bin
+:/usr/ucb:/usr/ccs/bin:/usr/openwin/bin:/usr/local/scripts:/usr/local
+/www/bin:/shared/var/common:.
TZ is set to US/Pacific
SCRIPT_NAME is set to /cgi-bin/cgiwrap/classicappliances/userlogin.cgi
REQUEST_URI is set to /cgi-bin/cgiwrap/classicappliances/userlogin.cgi
PATH_INFO is set to 
CONTENT_LENGTH is set to 51
CONTENT_TYPE is set to application/x-www-form-urlencoded
HTTP_FORWARDED is set to by http://uspxy16.fa.aexp.com:8080 (Netscape-
+Proxy/3.53)
HTTP_HOST is set to www.classicappliances.com
[download]

Well, first strange thing I noticed in your code is:

this is your print line:

print USERIP "$NAME_CHOICE--REMOTE ADDR-$RMIP---user agent-$RUAG\n";
[download]

and this is one of your sample results:

Unimatic1140--REMOTE ADDR-216.23.15.143---remote host----user agent-Mo
+zilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90
[download]

Well, it doesn't make sense. There is the ---remote host---- in your sample result that shouldn't be there, unless it comes from the $RMIP ...

One thing you should try is to make things simple so you can be sure that the problem is with the variable. Have you tried to print only $RMIP to the file?

Hope that helps.

Er Galvão Abbott
a.k.a. Lobo, DaWolf
Webdeveloper

Ok, how many hops away does traceroute tell you the 216.23.15.143 addr is? and why is
REMOTE_ADDR is set to 216.23.15.143 and
SERVER_ADDR is set to 216.23.15.143 the same?
(sorry I don't know this logging as I really don't do that much webserver stuff)

I would suggest sniffing the packets as they hit your web server and finding out what is going on.

"Nothing is sure but death and taxes" I say combine the two and its death to all taxes!

I would suggest you take a look at your httpd logs for the site you are working on as kwoff suggested. That will tell you the source IP address that is connecting to your webserver. Most commonly when all the hits are from the same IP address you are indeed behind some kind of load balancer or reverse proxy server.