Re: [SQU] Access.log

Hi,

I would just like to add my own answer to this
"problem". Yes, Rob is quite right that this problem
has been documented recently...however, it cannot hurt
to answer it again.

I won't go into the details of the access.log. All I
will say is that to convert the UNIX timestamp, enter
the following, into a text editor

#!/usr/bin/perl -p

's/\d+/localtime $&/e;

and then save it as "perlscript" in the same folder as
the access.log. Then at the command prompt, in the
same folder, type the following:

chmod 700 ./perlscript
(this makes the script executable)

then enter:

./perlscript < access.log >access2.log

if you now open the access2.log, you'll find the time
and date has been converted.

Just as an aside, my website www.squidproxyapps.org.uk

has a bash script called squidlog that you might like
to try. What it does is it refines the log, to
something readible by humans!!

I hope this is of some help to you,
Regards,

Thomas Adam
re: thomas_adam16@yahoo.com
--- Awie <awie@eksadata.com> wrote: > Okay Rob,
>
> Many thanks for your help
>
> Thx
>
> Best Regards,
>
> Awie
>
> ----- Original Message -----
> From: "Robert Collins"
> <robert.collins@itdomain.com.au>
> To: "Awie" <awie@eksadata.com>;
> <squid-users@ircache.net>
> Sent: Friday, January 26, 2001 8:06 PM
> Subject: Re: [SQU] Access.log
>
>
> > Awie,
> > this DOES NOT mean that squid passed a file tothe
> internet. What it means
> is that the machine at ip aaa.bbb.ccc.ddd requested
> the
> > URL
>
http://www.library.itu.edu.tr/scripts/..%1c%9c.../winnt/sytem32/cmd.exe?(wit
> h more here but hidden from the log), using the HTTP
> > method GET and receieved a rsponse with status
> 500.
> >
> > It DOES NOT mean that cmd.exe is present anywhere
> on any of your machines.
> >
> > I suggest you read rfc 2616 and get familiar with
> the operation of HTTP.
> It will make understanding what is happening a lot
> easier
> > for you.
> >
> > As far as converting 979273815 to readable time,
> this has been covered in
> the squid users archives very recently.
> >
> > Rob
> >
> >
> >
> > ----- Original Message -----
> > From: "Awie" <awie@eksadata.com>
> > To: <squid-users@ircache.net>
> > Sent: Friday, January 26, 2001 10:48 PM
> > Subject: [SQU] Access.log
> >
> >
> > Folks,
> >
> > I got this message (below) in my access.log. I
> found our Squid passed file
> CMD.EXE to Internet that requested by IP
> aaa.bbb.ccc.ddd.
> >
> > 979273815.589 2961 aaa.bbb.ccc.ddd TCP_MISS/500
> 324 GET
>
http://www.library.itu.edu.tr/scripts/..%1c%9c.../winnt/sytem32/cmd.exe?
> -
> > DIRECT/www.library.itu.edu.tr text/html
> >
> > 1. Is that a normal progress Squid?
> > 2. How can I get date and time by converting the
> lines? I could not run
> command grep 'cmd.exe' access.log | perl -pe
> > 's/\d+/localtime $&/e; from my Linux prompt to get
> our system time
> >
> > Your answer is very appreciated. Thx
> >
> > Best Regards,
> >
> > Awie
> >
> >
>
> --
> To unsubscribe, see
> http://www.squid-cache.org/mailing-lists.html
>

=====
Thomas Adam
Linux Co-ordinator for The Purbeck School

e-mail (school): n6tadam@users.purbeck.dorset.sch.uk
e-mail (yahoo) : thomas_adam16@yahoo.com

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices.
http://auctions.yahoo.com/

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html