> >> Has anyone every parsed Dansguardian (filter for squid) logfiles with > >> Analog? > >> > >> # A Denied request > >> 2006.10.13 22:46:54 - 192.168.1.106 http://www.dragontide.com/dt/ > >> *DENIED* ICRA violencekillingfantasy PICS labeling level exceeded on > >> the above site. GET 2641 > >> # A Good request > >> 2006.10.14 12:39:47 - 192.168.1.109 > >> http://b.mail.google.com/mail/channel/bind?at=ca0fe66a990f5722- > 10e44d98b18&RID=rpc&SID=14DB7B3CD81F965A&CI=1&AID=402&TYPE=html&zx=pizg8 3w > eyjg9&DOMAIN=mail.google.com&t=1 > >> GET 561 > >> # A good site that met an Exception rule > >> 2006.10.13 23:39:45 - 127.0.0.1 > >> http://dansguardian.org/downloads/alexantao/DGview_search.jpg > >> *EXCEPTION* Exception site match. GET 113477 > >> > >> there are probably other types. > >> > >> I've got this to work... > >> LOGFORMAT (%Y.%m.%d %h:%n:%j %u %S %r %j) > >> > >> LOGFORMAT (%Y.%m.%d %h:%n:%j %u %S %r *%C* %j) > >> > >> > >> But I'm thinking I should be able to do better even though it says > >> "S: Status code not given: 0" and no corrupt lines. > >> anyone have some good ideas? > > You haven't specified what you're trying to get out of the logs - for > instance, do you care about whether requests are denied? Do you want a > count > of how many requests are denied or accepted? The esamples you give aren't > actually using the %u field, so yu might consider LOGFORMAT (%Y.%m.%d > %h:%n:%j - %S %r %u %j) and use the User Report to get a count of the > various types of requests. > > And it might also be worth trying %f rather than %r for the URL. They you > could use the Referring Site report to see the most popular destination > servers, as well as seeing the most popular destination pages.
You might also consider using calamari, which is a log file analyzer specifically tailored to squid log files. Analog, while capable for some non-web logs, does not really support some of the metrics you may want out of proxy logs, such as bi-directional throughput and denied requests. -- Jeremy Wadsack Seven Simple Machines +------------------------------------------------------------------------ | TO UNSUBSCRIBE from this list: | http://lists.meer.net/mailman/listinfo/analog-help | | Analog Documentation: http://analog.cx/docs/Readme.html | List archives: http://www.analog.cx/docs/mailing.html#listarchives | Usenet version: news://news.gmane.org/gmane.comp.web.analog.general +------------------------------------------------------------------------
