#98582 - 2003-02-19 02:44 PM
Re: open, readline, close
|
Richard H.
Administrator
Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
|
Here is the actual command I use to audit my Squid proxy logs:
code:
zcat $(ls -tr access.log.*.gz) |cat - access.log|egrep -i "$(cat badwords)"|egrep -vi "$(cat goodwords)" >suspect.log
php -q suspect.php
The files "badwords" and "goodwords" contain the patterns that I am interested in.
The PHP script simply converts the log file to CSV for importing into Excel, converts timestamps to local time, and does a database lookup to the SQL proxy authorisation database to get users full names.
I use PHP rather than perl as perl gives me a blinding headache every time I read the O'Reilly book ![[Wink]](images/icons/wink.gif)
|
|
Top
|
|
|
|
open, readline, close
|
pvds
|
2003-02-20 12:03 AM
|
|
Re: open, readline, close
|
Lonkero
|
2003-02-20 12:11 AM
|
|
Re: open, readline, close
|
pvds
|
2003-02-20 12:59 AM
|
|
Re: open, readline, close
|
MightyR1
|
2003-02-19 01:14 PM
|
|
Re: open, readline, close
|
pvds
|
2003-02-19 01:23 PM
|
|
Re: open, readline, close
|
Richard H.
|
2003-02-19 01:32 PM
|
|
Re: open, readline, close
|
MightyR1
|
2003-02-19 01:38 PM
|
|
Re: open, readline, close
|
Howard Bullock
|
2003-02-19 02:00 PM
|
|
Re: open, readline, close
|
Jochen
|
2003-02-19 02:10 PM
|
|
Re: open, readline, close
|
Howard Bullock
|
2003-02-19 02:25 PM
|
Re: open, readline, close
|
Richard H.
|
2003-02-19 02:44 PM
|
|
Re: open, readline, close
|
Crazy Eddie
|
2003-02-19 02:58 PM
|
|
Re: open, readline, close
|
pvds
|
2003-02-19 03:17 PM
|
|
Re: open, readline, close
|
pvds
|
2003-02-19 08:01 PM
|
|
Re: open, readline, close
|
Lonkero
|
2003-02-19 08:04 PM
|
|
Re: open, readline, close
|
Sealeopard
|
2003-02-20 06:23 PM
|
|
Re: open, readline, close
|
Lonkero
|
2003-02-20 07:54 PM
|
|
Moderator: Arend_, Allen, Jochen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Mart
|
0 registered
and 665 anonymous users online.
|
|
|
