Re: [squid-users] upload data report

From: Muhammad Yousuf Khan <sirtcp_at_gmail.com>
Date: Fri, 14 Dec 2012 18:02:59 +0500

On Fri, Dec 14, 2012 at 2:22 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 14/12/2012 9:21 p.m., Muhammad Yousuf Khan wrote:
>>
>> i want to check how much data has been uploaded by users like we have
>> the ability to see download reports via Sarg reporting tool. i know we
>> can not decrypt HTTPS traffic, i dont even want to see the file names
>> and size. but we want to see how much data has been uploaded by who
>> and where with only the upload over all size.
>>
>> like we have Sarg reporting for downloading but now we want also to
>> track uploading data.
>>
>> my squid is running in proxy mode.
>>
>> Thanks.
>
>
> You need to log the details. Create a custom log format and use it in an
> access_log line.
>
> http://www.squid-cache.org/Doc/config/logformat
> http://www.squid-cache.org/Doc/config/access_log

thanks for the help.

i was reading in an article that says if i define 2 different log file
one for upload log and second for download log sarg would be able to
make two reports. separately

there for i create another log format with "%>st" however i still get
too much entries.or more or less the same amount of entries in both
log files.

here is my squid.conf

logformat aciupload %ts.%03tu %6tr %>a %Ss/%03Hs %>st %rm %ru %un %Sh/%<A %mt

access_log /var/log/squid/access.log squid
access_log /var/log/squid/accessupload.log aciupload

for just testing i uploaded 1.4 MB of data on gmail.com and i get same
entries in both log files. so what is the difference in adding %>st?
please help. here is the log of both files

entry from "tailf /var/log/squid/access.log | grep 10.51.100.240"

1355489243.474 532 10.51.100.240 TCP_MISS/200 1316 POST
http://safebrowsing.clients.google.com/safebrowsing/downloads? -
DIRECT/173.194.34.174 application/vnd.google.safebrowsing-update
1355489357.963 570 10.51.100.240 TCP_CLIENT_REFRESH_MISS/200 455
GET http://urlfilter.vmn.net/vmnsbf/stamp.txt - DIRECT/69.50.130.33
text/plain
1355489380.508 136971 10.51.100.240 TCP_MISS/200 16391 CONNECT
safebrowsing-cache.google.com:443 - DIRECT/173.194.34.164 -

entry from "tailf /var/log/squid/accessupload.log | grep 10.51.100.240"

 1355489243.474 532 10.51.100.240 TCP_MISS/200 1428 POST
http://safebrowsing.clients.google.com/safebrowsing/downloads? -
DIRECT/173.194.34.174 application/vnd.google.safebrowsing-update
 1355489357.963 570 10.51.100.240 TCP_CLIENT_REFRESH_MISS/200 123
GET http://urlfilter.vmn.net/vmnsbf/stamp.txt - DIRECT/69.50.130.33
text/plain
 1355489380.508 136971 10.51.100.240 TCP_MISS/200 199 CONNECT
safebrowsing-cache.google.com:443 - DIRECT/173.194.34.164 -

just FYI: 10.51.100.240 is my ip address.

since i am a newbie therefore please help/correct me if i am making
any mistake in logformate or any other suggestion/option would be
highly appreciated.

Thanks.

>
> Amos
Received on Fri Dec 14 2012 - 13:03:08 MST

This archive was generated by hypermail 2.2.0 : Sat Dec 15 2012 - 12:00:05 MST