Hi Chris - and many many thanks...
See also below.
> /path/to/sarg -l /var/log/squid/access.log -l
> /var/log/squid/access.log.1 -l /var/log/squid/access.log.2.gz
>
> will parse the data from access.log, access.log.1 and (after
> gunzipping) access.log.2.gz, and will give you one report for the time
> covered by these log files.
>
Great. That is exactly what I wanted - but haven't found it in any
documentation so far.
>> What i want to do is produce a report that shows me:
>> Which clients visited which sites between (say) 18:00 and 19:00.
>> Maybe this is possible with sarg - but if so I haven't found it.
>
> You have two choices with SARG.
>
> The first is the simplest, but might not meet your needs. Make sure
> in your sarg.conf file the "report_type" directive includes
> "users_sites" and "date_time" and/or "site_user_time_date". The first
> will give you a listing of the sites each username/IP accessed. The
> second, will show bandwidth usage per hour for each username/IP
> (linked from the main report). The third will give you a listing of
> the times an individual accessed a specific website (linked from the
> users_sites report).
>
I have checked that these "report_types" are enabled - and can find most
of what you are talking about except the one I really want. The thing
you describe as the "second" above is exactly what I want - but:
The date-time reports I get don't seem to be exactly what you describe.
If I go to the main page, then click on the most recent report I get a
list of client IP addresses.
If I click on the "Date-Time" icon near the left of each row - I get an
array with hours across and dates down. Each cell contains what appears
to be an "elapsed time". I don't really understand what this time means
- but it doesn't appear to be the Bandwidth used during that hour.
Am I in the wrong place - or am I misunderstanding something? Either way
- what do these "times" mean?
> Your second option is to create a report just covering a specific time
> period. The following hourly cron job does this:
>
> #!/bin/bash
>
> #Get current date
> TODAY=$(date +%d/%m/%Y)
> LASTHOUR=$(date +%H -d "1 hour ago")
> HOUR=$(date +%H)
>
> /bin/touch /path/to/web/squid-reports/images
> # Be careful with this next line, as it recursively removes any files
> modified more
> # than 30 minutes ago in the path given!
> /usr/bin/find /path/to/web/squid-reports -type d -cmin +30 -exec rm
> -rf {} \;
> /usr/bin/sarg -d $TODAY-$TODAY -t $LASTHOUR:00-$HOUR:00
>
Many thanks for this. If I can't find what I'm looking for in the first
suggestion above - then I will give this a try. The earlier option
should work with my historical data - whereas - this cron job will only
provide reports on new data. I did try using sarg with the -t option at
one stage - and it didn't seem to follow the -t directive - but perhaps
there was a problem with my syntax. I might have left the :00 off the times.
Tanks Chris
Richard.
Received on Fri Jun 20 2008 - 04:30:42 MDT
This archive was generated by hypermail 2.2.0 : Sat Jun 21 2008 - 12:00:04 MDT