Re: [squid-users] intercepting access.log

From: Francisco Obispo <[email protected]>
Date: Mon, 28 Oct 2002 09:42:14 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Please... delete all the ~ at the begining of each line...
those were generated by gpg

- -francisco

Francisco Obispo wrote:

| Hi..
|
| This is a perl script that I wrote in order to generate reports of
computers
| that have been blocked due to my ACLs,
|
| I think you might be able to modify it, and use it for your needs
|
|
| this script generates the report everytime you "kill -USR1 <pidofprog>"
|
|
|
|
| regards...
|
| #!/usr/bin/perl
| use IO::Seekable;
| use Fcntl;
|
|
| $SIG{USR1}=\&report;
|
|
| $DEFAULT="/usr/local/squid/var/logs/access.log";
| $FILE=$ARGV[0] ? $ARGV[0]:$DEFAULT;
| $PID="/var/run/virus_check.pid";
| $REPORT="/var/log/squid/bin/reporte.log";
| $PATTERN="(TCP_DENIED|NONE\/411)";
|
|
|
| open(PID,">" . $PID) || die("Unable to write PID FILE: " . $PID);
| print PID $$ . "\n";
| close(PID);
|
|
|
| open(FILE,"<" . $FILE)|| die("Unable to open " . $FILE . " for
reading: " . $! );
|
| seek(FILE,0,SEEK_END);
|
| ~ %IP;
| %COUNT;
| $start=localtime();
| $end;
| for(;;){
| ~ while(<FILE>){
| chomp();
| if($_=~ m/$PATTERN/g){
| my @data=split();
| $IP{$data[2]}=$data[6];
| $COUNT{$data[2]}++;
| # print $_ . "\n";
| }
| ~ }
| ~ sleep 1;
| ~ FILE->clearerr();
| }
| close(FILE);
|
|
| sub report{
| ~ $end=localtime();
| ~ open(REPORT,">>" . $REPORT) || die("unable to open $REPORT");
| ~ print REPORT "Reporte de Bloqueo de Peticiones\n";
| ~ print REPORT "Desde: [" . $start . "] - Hasta: [" . $end . "]\n";
| ~ print REPORT
"--------------------------------------------------------------------------------\n";
| ~ printf REPORT "%-20s %-15s, %-s","HOST","\# INTENTOS","CONTENIDO"
. "\n"; ~ foreach my $i (sort { $a <=> $b } keys %IP){
| my $name= gethostbyaddr($i,AF_INET) if ($i =~
m/(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/) ;
| $name=$name ? $name:$i;
| $IP{$i}=~ s/\n//g;
| printf REPORT "%-20s %-15s %-s",$name,$COUNT{$i},$IP{$i} . "\n";
| ~ }
| ~ print REPORT
"--------------------------------------------------------------------------------\n";
| ~ close(REPORT);
| ~ %COUNT=();
| ~ %IP=();
| ~ $start=$end;
| ~ $end=0;
| }
|
|
|
|
|
|
|
| Ina Patricia Lopez wrote:
|
| |do a "tail -n access.log" every "t" minutes and pass it to your program
| |for parsing then to your sql. "n" and "t" will depend on how fast
| |your log grows.
| |
| |
| |--- zeluis@objetivo-americana.com.br wrote:
| |
| |>Hi all, |> |>it would like a referring aid
/var/log/squid/access.log (suse 8).
| |>Mine |>squid.conf possesss the following parameter: logfile_rotate
0 |> |>I use transparent proxy, without authentication saw squid. I make
| |>proper |>authentication through java. At the moment where squid
records the
| |>event of |>log in access.log, my application only has condition to
know the name
| |>of the |>user who is in the referring IP. |> |>My problem: to
make with that each line of log either sent to a
| |>program, in |>gcc, that will make a consultation in my bank,
postgresql, will get
| |>the name |>of the user of the referring IP and will record in
another table of |>postgresql. |> |>This everything to each writing
in access.log. I imagined something
| |>as tail, |>but I did not have success. |>
| |>I only need the mechanism to intercept the writing for access.log and
| |>to send
| |>as parameter for my gcc program.
| |>
| |>All the remain already I am working.
| |> |>Somebody could indicate a solution that was possible I to decide
this
| |>task. |> |>Thanks a lot.
| |> |>Ze luis |> |
| |
| |
| |__________________________________________________
| |Do you Yahoo!?
| |Y! Web Hosting - Let the expert host your web site
| |http://webhosting.yahoo.com/
| |
| |

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE9vT61h888MDI20J0RAqP/AJ9ra6Jyw16OLGPVQ3+bTN0Q5yxo0gCfWEIF
VBMkA5MfYdBHPHcOr1JEkWg=
=tbFO
-----END PGP SIGNATURE-----
Received on Mon Oct 28 2002 - 06:49:21 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:55 MST