[brlug-general] Squidguard Log analyzer

Adam Melancon Tue Jul 13 15:49:03 2004

It looks like these are for just the squid logs which are in /var/logs/squid/
squidguard's logs are in /var/squidGuard/


This is what all of the log files look like for squidguard
[EMAIL PROTECTED] squidGuard]# ll
total 4832
-rw-r--r--    1 squid    squid           0 Jun  4 13:10 ads
-rw-r--r--    1 squid    squid           0 Jul  9 04:02 aggressive
-rw-r--r--    1 squid    squid         134 Jul  9 04:02 aggressive.1.gz
-rw-r--r--    1 squid    squid         127 Jul 12 16:29 audio-video
-rw-r--r--    1 squid    squid         275 Jul 11 04:03 audio-video.1.gz
-rw-r--r--    1 squid    squid         193 Jul  8 04:02 audio-video.2.gz
-rw-r--r--    1 squid    squid        2530 Jul 13 10:58 drugs
-rw-r--r--    1 squid    squid         523 Jul 11 04:03 drugs.1.gz
-rw-r--r--    1 squid    squid         368 Jul  7 04:03 drugs.2.gz
-rw-r--r--    1 squid    squid         389 Jul 12 16:49 gambling
-rw-r--r--    1 squid    squid         561 Jul 11 04:03 gambling.1.gz
-rw-r--r--    1 squid    squid         425 Jul  7 04:03 gambling.2.gz
-rw-r--r--    1 squid    squid        8470 Jul 13 14:44 hacking
-rw-r--r--    1 squid    squid        1309 Jul 11 04:03 hacking.1.gz
-rw-r--r--    1 squid    squid         720 Jul  7 04:03 hacking.2.gz
-rw-r--r--    1 squid    squid           0 Jun  4 13:10 local-block
-rw-r--r--    1 squid    squid           0 Jul  8 15:17 local-denied
-rw-r--r--    1 squid    squid           0 Jun  4 13:10 mail
-rw-r--r--    1 squid    squid       39711 Jul 13 15:43 porn
-rw-r--r--    1 squid    squid       16918 Jul 11 04:03 porn.1.gz
-rw-r--r--    1 squid    squid        3608 Jul  7 04:03 porn.2.gz
-rw-r--r--    1 squid    squid        1984 Jun 13 04:02 porn.3.gz
-rw-r--r--    1 squid    squid        2399 Jun  8 04:02 porn.4.gz
-rw-r--r--    1 squid    squid           0 Jun  4 13:10 proxy
-rw-r--r--    1 squid    squid           0 Jul  6 10:29 redirector
-rw-r--r--    1 squid    squid     4788281 Jul 13 05:06 squidGuard.log
-rw-r--r--    1 squid    squid           0 Jul 13 04:02 violence
-rw-r--r--    1 squid    squid         130 Jul 13 04:02 violence.1.gz
-rw-r--r--    1 squid    squid           0 Jul  7 04:03 warez
-rw-r--r--    1 squid    squid         118 Jul  7 04:03 warez.1.gz


Here is a sample of the hacking file:
[EMAIL PROTECTED] squidGuard]# head hacking
2004-07-12 10:08:03 [30516] Request(default/hacking/-)
http://webpdp.gator.com/4/placement/589/ 192.168.6.5/- - GET
2004-07-12 10:28:19 [30516] Request(default/hacking/-)
http://webpdp.gator.com/4/placement/610/ 192.168.2.102/- - GET
2004-07-12 11:05:12 [30516] Request(default/hacking/-)
http://webpdp.gator.com/4/placement/168/?h=http://servedby.advertising.com/click/site=0000147015/mnum=0000172372/optn=64?trg=
192.168.2.106/- - GET
2004-07-12 11:16:21 [30516] Request(default/hacking/-)
http://webpdp.gator.com/4/placement/168/?h=http://servedby.advertising.com/click/site=0000147015/mnum=0000172372/optn=64?trg=
192.168.2.105/- - GET
2004-07-12 11:42:56 [30516] Request(default/hacking/-)
http://webpdp.gator.com/4/placement/589/ 192.168.6.4/- - GET
2004-07-12 11:43:28 [30516] Request(default/hacking/-)
http://webpdp.gator.com/4/placement/589/ 192.168.6.4/- - GET
2004-07-12 11:43:32 [30516] Request(default/hacking/-)
http://webpdp.gator.com/4/placement/589/ 192.168.6.4/- - GET
2004-07-12 11:43:38 [30516] Request(default/hacking/-)
http://webpdp.gator.com/4/placement/589/ 192.168.6.4/- - GET
2004-07-12 11:43:41 [30516] Request(default/hacking/-)
http://webpdp.gator.com/4/placement/589/ 192.168.6.4/- - GET
2004-07-12 12:11:29 [30516] Request(default/hacking/-)
http://webpdp.gator.com/4/placement/610/ 192.168.2.104/- - GET



On Tue, 13 Jul 2004 15:18:50 -0500, Dustin Schwacke
<[EMAIL PROTECTED]> wrote:
> If I am not mistaken, squid can output its logs in a Common Logfile
> Format that Webalizer can parse and use.
> 
> http://www.squid-cache.org/Scripts/
> 
> Drag0n
> [EMAIL PROTECTED]
> 
> 
> 
> Adam Melancon wrote:
> > Hello everyone,
> >
> > I have built a squidguard box for the vermilion parish library and I
> > would like to have some sort of web based statistics for my squidguard
> > logs like i have using webalizer for apache logs.
> >
> > I was curious if anyone knows of any log analyzer for squidguard besides 
> > SARG.
> > I've tried SARG, but couldn't get it working correctly.
> > Almost everything I have seen has mainly been for just squid not squidguard.
> >
> > It was time to renew our Iprism filter and it was just way too much
> > money to spend on filtering, espically since I knew that we would have
> > to renew again in another three years, so I took the squidguard route.
> >  I have even done some tweaking to get the squidguard webmin module
> > working with it the way I want so I can block/unblock certain sites or
> > enter ip addresses to allow full access if we need.
> >
> > Right now the way I'm viewing the logs is by linking the
> > /var/log/squidGuard/ directory to /var/www/html/.
> >
> > Any thoughts?
> >
> 
> 
> _______________________________________________
> General mailing list
> [email protected]
> http://brlug.net/mailman/listinfo/general_brlug.net
> 


-- 
Adam Melancon
Work: http://www.vermilion.lib.la.us
Personal: http://www.melancon.org

[brlug-general] Squidguard Log analyzer

Reply via email to