Hi Ben, I'm currently also have such requests from my Boss. I currently use Sarg and Webaliser to create the stats I need. But to easy things up and create more personalized stats I put the access.log into a PostgreSQL database and retreiver information based on a query back into a temporary access.log table which is parsable by sarg and/or webalizer (or any other program that read's a squid 2 access.log).
For example I don't want to see what people do in coffe breaks between 12:15 and 13:00, today. SO I just do this: ~whale-retreiver -o /tmp/tmp.log -f "(DATE = TODAY) AND NOT (TIME BETWEEN '12:15' AND '13:00')" Now I do ~sarg -l /tmp/tmp.log to create a sarg access log that display's everything exept between 12:15 and 13:00. I can create all kinds of variations on this. Every group here has it's own name like direction, administration, enginering and computer names are named like this scheme: ENG001.int.domain.nl, eng.002.int.domain.nl, amd001.int.domain.nl I think you get the idea. If I want to know how the enginering department peroforms between 8:00 and 9:55 in the morning I do this: ~whale-retreiver -o /tmp/tmp.log -f "(DATE = TODAY) AND (DOMAIN LIKE 'eng%.int.domain.nl') AND NOT (TIME BETWEEN '8:00' AND '9:55')" No Sarg can pars it again and create the appropriate stats! In you case, to get the first record of a single user on this date (today) you can do this: ~whale-retreiver -o /tmp/tmp.log -f "(DATE = TODAY) AND (DOMAIN LIKE 'eng%.int.domain.nl')" Or from yesterday.. ~whale-retreiver -o /tmp/tmp.log -f "(DATE = YESTERDAY) AND (DOMAIN LIKE 'eng%.int.domain.nl')" The output can be parser by a simple perl script and create the stats. The program is still in beta but thinks work right at least in my place :) Ries
