However you build stats from your server logs for instance with AWStats you still need to sanitize your data. There are alot of "visitors" who aren't real, many can be detected by looking at AWStats, but then you have to start screening them out....

As analytics code usually relies on javascript i.e. client side processing the difference between the two could be much closer than you think i.e. a robot visit probably doesn't trigger the javascript so no visit recorded with analytics.

As I said in an earlier post in this thread... you could be in for a shock if you do configure AWStats to ignore unwanted unreal visitors. Alternatively you could just block domains or ip ranges with suspicious activity via htaccess if thats easier for you.