Re: [analog-help] dansguardian logfiles

Mon, 16 Oct 2006 13:18:24 -0700 

On Saturday, October 14, 2006 3:17 PM [EDT],
kjc <[EMAIL PROTECTED]> wrote:


Has anyone every parsed Dansguardian (filter for squid) logfiles with
Analog?

# A Denied request
2006.10.13 22:46:54 - 192.168.1.106 http://www.dragontide.com/dt/
*DENIED* ICRA violencekillingfantasy PICS labeling level exceeded on
the above site. GET 2641
# A Good request
2006.10.14 12:39:47 - 192.168.1.109
http://b.mail.google.com/mail/channel/bind?at=ca0fe66a990f5722-10e44d98b18&RID=rpc&SID=14DB7B3CD81F965A&CI=1&AID=402&TYPE=html&zx=pizg83weyjg9&DOMAIN=mail.google.com&t=1
GET 561
# A good site that met an Exception rule
2006.10.13 23:39:45 - 127.0.0.1
http://dansguardian.org/downloads/alexantao/DGview_search.jpg
*EXCEPTION* Exception site match. GET 113477

there are probably other types.

I've got this to work...
LOGFORMAT (%Y.%m.%d %h:%n:%j %u %S %r %j)

LOGFORMAT (%Y.%m.%d %h:%n:%j %u %S %r *%C* %j)


But I'm thinking I should be able to do better even though it says
"S: Status code not given: 0" and no corrupt lines.
anyone have some good ideas?
You haven't specified what you're trying to get out of the logs - for instance, do you care about whether requests are denied? Do you want a count of how many requests are denied or accepted? The esamples you give aren't actually using the %u field, so yu might consider LOGFORMAT (%Y.%m.%d %h:%n:%j - %S %r %u %j) and use the User Report to get a count of the various types of requests.
And it might also be worth trying %f rather than %r for the URL. They you could use the Referring Site report to see the most popular destination servers, as well as seeing the most popular destination pages.
Aengus 
+------------------------------------------------------------------------
|  TO UNSUBSCRIBE from this list:
|    http://lists.meer.net/mailman/listinfo/analog-help
|
|  Analog Documentation: http://analog.cx/docs/Readme.html
|  List archives:  http://www.analog.cx/docs/mailing.html#listarchives
|  Usenet version: news://news.gmane.org/gmane.comp.web.analog.general
+------------------------------------------------------------------------

Reply via email to