Re: [squid-users] Log Format

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 18 Jun 2008 14:06:22 +1200 (NZST)

>
> Hello all.
>
> Simple question.
>
> Is there a way to purge the access log to get only the URL that the user
> requested when he clicked on a link or when he typed the address in the
> address bar ?

That is exactly what the access.log contains, a record of the pages and
files requested by the user.

>
> Squid log a lot of stuff in the Access.log but when I need to give an
> Audit to my HR department, I'm able to purge it by taking only the text/
> mime type (text/html, text/asp) but I still get to much information.
>
> If I access hotmail.com, this will also give me in the log something like
> a.rad.live.com, b.rad.live.com, login.live.com.

That is because the users machine requested objects from all those
sources. There is no easy way to identify what resources a page uses
without parsing and processing each page yourself or writing a very fancy
log parser that tries to detect which requests are the first in a page.

>
> Is there a way to only get hotmail.com and not all accessed web page ? If
> I go in the History of Internet Explorer, for exemple, I only get the
> accessed web site, hotmail.com. i do not get the other redirected web
> page.
>
> I need to be able to give a Audit log to my HR department like the History
> of Internet Explorer.
>
> I did some search on the internet but didn't find anything interesting.

What the users see in their browser is very often completely different to
how the web works. The cleanest solution you will get to this whole
problem is to accept all the strange domains listed in access.log and give
HR a report listing them and popularity/day etc.

Amos
Received on Wed Jun 18 2008 - 02:06:25 MDT

This archive was generated by hypermail 2.2.0 : Wed Jun 18 2008 - 12:00:03 MDT