I figured out how to reformat the V6 logs so that I can use calamaris. I used the tool all of the time on my old squid proxy.
You can get calamaris at http://cord.de/tools/squid/calamaris/calamaris-2.59.tar.gz
Just use awk to strip off the first few fields of the log.
Top requesters by size:
cat /var/log/http_access.log | awk '{ print $4" " $5" " $6" " $7" " $8" " $9" "
$10" " $11" " $12" " $13" " $14" " $15" " $16 }' | /root/calamaris -U M -d 25 -r
25 -O -u
I use this statement as a quick-check of web proxy activity. I placed the calamaris executable in /root on our box.
Here are a few more handy reports:
Top blocked pages by user:
grep -v "fw-notify" /var/log/http_block.log | awk '{ print $4" " $5" " $6" " $7" " $8" " $9" " $10" " $11" " $12" " $13" " $14" " $15" " $16 }' | sed "s/\.0/\.100/" | /root/calamaris -U M -d 25 -r 25 -O -u -R 5
User activity in current log (specify the userid as a parm):
grep $1 /var/log/http_access.log | awk '{ print $4" " $5" " $6" " $7" " $8" " $9" " $10" " $11" " $12" " $13" " $14" " $15" " $16 }' | /root/calamaris -U M -d 10 -r 10
Top by # of requests (handy to find sypware):
cat /var/log/http_access.log | awk '{ print $4" " $5" " $6" " $7" " $8" " $9" " $10" " $11" " $12" " $13" " $14" " $15" " $16 }' | /root/calamaris -U M -d 10 -r 10 -u
.... You get the idea
Can someone try this on V7?
ENJOY!
This thread was automatically locked due to age.
