Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Squid logs, need help please!!
« previous next »
Pages: [1]   Go Down

Squid logs, need help please!!

  • 3 Replies
  • 561 Views

Steve Lewis

Squid logs, need help please!!
« on: October 28, 2002, 07:53:31 PM »
Hello,

I need the help of the e-smith users. I am helping an area business with their SME 5.1.2 server. While checking logs, Squid, i discovered that a user has been visiting inappropriate sites. I need some help reading the logs to determine time of day, date, site visited, and which pc was accessing the sites.

I can determine which pc and what sites, but the time and date are a bit fuzzy.

Also, I attempted to install SARG on a test server without success. The server-manager updates with a panel entry called SARG Reports but does not provide reports. Also , http://mydomain/squid-reports answers with 404 page does not exist, or something similar.

Please help with SARG and/or reading the raw logs. I need to document the access in a human readable way, i.e. non-techie, manager person way.

Steve Lewis
Logged

Cyrus Bharda

Re: Squid logs, need help please!!
« Reply #1 on: October 29, 2002, 04:16:15 AM »
Install Squidguard and stop the access, easy :-).

Cyrus
Logged

Tom Carroll

Re: Squid logs, need help please!!
« Reply #2 on: October 29, 2002, 04:40:43 AM »
I think you can convert the long integer (unix time) to a human readable time by using the date command.

There are utilities out there to convert your logs to human readable logs.  You could also create a quick perl script to do it for you.  Use google to do a search for squid log converter.

I found this little script by doing a quick google search.  I cannot vouch for it, but it's worth a look:

#!/usr/bin/perl -p
        s/^\d+\.\d+/localtime $&/e;

Here is a link to a site that explains the squid log very well:

http://cache.jp.apan.net/CacheDoc-jp/work/SquidFAQ/FAQ-6.html

Tom
Logged

steve

Re: Squid logs, need help please!!
« Reply #3 on: October 29, 2002, 09:43:03 PM »
Thanks Tom and Cyrus.

I want to let you know what I did.

I ultimately installed SARG. However I did not use the contrib from Phillip Carletti (sp?). I installed the latest Red Hat 7.x RPM for SARG, and made some config changes to /etc/sarg/sarge.conf. 1- made the out put directory /home/e-smith/files/ibays/(ibay of your choice here)/html ; 2- changed date to US from European ; 3- change sort order from BYTES to CONNECT.

run /usr/sbin/sarg for an immediate log output. then connect to the ibay in question via your browser. i set the ibay for password protection, local lan only with a strong, strong password.

security is up to you here.

Also, I tested a Perl script called Squid-Log-Analyzer from Source Forge. This woud be great except their is a date error and don't know enough Perl to fix it.

Thanks again.

Steve Lewis
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Squid logs, need help please!!