Encrypt date access.log di squid

Posted on January 25, 2008. Filed under: Proxy |

Access.log di squid biasanya diperlukan untuk monitoring sys-admin akan access internet dari client2. Dan sebagian squid versi lama masih belum menginformasikan date pada access.log . Sehingga kita tidak tau kapan user mengaccess site yang ada di access.log .

Jika kita malas compile ulang kita bisa menggunakan script perl untuk encrypt access.log menjadi date dengan catatan perl sudah terinstall di system kita.

Data access.log sebelum di encrypt

[root@squid logs]# tail access.log
1199960883.185 16 202.159.18.194 TCP_MISS/304 294 GET http://us.js2.yimg.com/us.js.yimg.com/lib/msg/js/clientad_071214.js – DIRECT/202.159.22.8 application/x-javascript
1199960883.276 15 202.159.18.194 TCP_CLIENT_REFRESH_MISS/304 294 GET http://l.yimg.com/us.js.yimg.com/lib/bc/bc_2.0.4.js – DIRECT/202.159.22.8 application/x-javascript
1199960883.562 286 202.159.18.194 TCP_MISS/200 423 GET http://us.bc.yahoo.com/b? – DIRECT/203.84.204.69 image/gif
1199960883.866 680 202.159.18.194 TCP_MISS/200 1631 GET http://media.adrevolver.com/adrevolver/banner? – DIRECT/216.205.149.2 text/html
1199960884.992 1126 202.159.18.194 TCP_MISS/200 5903 GET http://view.atdmt.com/VON/iview/rdmnnvos0270000142von/direct/01/1199960889897? – DIRECT/65.203.229.43 text/html
1199960886.266 89 202.159.18.194 TCP_CLIENT_REFRESH_MISS/200 286 GET http://rmd.atdmt.com/tl//DocumentDotWrite.js – DIRECT/202.159.22.8 application/x-javascript
1199960886.587 320 202.159.18.194 TCP_MISS/200 27051 GET http://spe.atdmt.com/ds/VOVONVNGEVOS/07COREfree_etab_234x60_.swf? – DIRECT/202.159.22.7 application/x-shockwave-flash
1199960900.715 56184 202.159.18.194 TCP_MISS/200 1434 CONNECT 84.100.145.36:443 – DIRECT/84.100.145.36 –
1199960903.568 1 202.159.18.194 TCP_MISS/000 0 CONNECT 220.130.140.91:443 – NONE/- –
1199960924.812 20046 202.159.18.194 TCP_MISS/200 154 CONNECT 220.142.10.9:443 – DIRECT/220.142.10.9 –

Setelah diencrypt dengan menggunakan perl -pe ‘s/\d+/localtime($&)/e’

[root@squid logs]# perl -pe ‘s/\d+/localtime($&)/e’ access.log | tail
Thu Jan 10 17:28:03 2008.185 16 202.159.18.194 TCP_MISS/304 294 GET http://us.js2.yimg.com/us.js.yimg.com/lib/msg/js/clientad_071214.js – DIRECT/202.159.22.8 application/x-javascript
Thu Jan 10 17:28:03 2008.276 15 202.159.18.194 TCP_CLIENT_REFRESH_MISS/304 294 GET http://l.yimg.com/us.js.yimg.com/lib/bc/bc_2.0.4.js – DIRECT/202.159.22.8 application/x-javascript
Thu Jan 10 17:28:03 2008.562 286 202.159.18.194 TCP_MISS/200 423 GET http://us.bc.yahoo.com/b? – DIRECT/203.84.204.69 image/gif
Thu Jan 10 17:28:03 2008.866 680 202.159.18.194 TCP_MISS/200 1631 GET http://media.adrevolver.com/adrevolver/banner? – DIRECT/216.205.149.2 text/html
Thu Jan 10 17:28:04 2008.992 1126 202.159.18.194 TCP_MISS/200 5903 GET http://view.atdmt.com/VON/iview/rdmnnvos0270000142von/direct/01/1199960889897? – DIRECT/65.203.229.43 text/html
Thu Jan 10 17:28:06 2008.266 89 202.159.18.194 TCP_CLIENT_REFRESH_MISS/200 286 GET http://rmd.atdmt.com/tl//DocumentDotWrite.js – DIRECT/202.159.22.8 application/x-javascript
Thu Jan 10 17:28:06 2008.587 320 202.159.18.194 TCP_MISS/200 27051 GET http://spe.atdmt.com/ds/VOVONVNGEVOS/07COREfree_etab_234x60_.swf? – DIRECT/202.159.22.7 application/x-shockwave-flash
Thu Jan 10 17:28:20 2008.715 56184 202.159.18.194 TCP_MISS/200 1434 CONNECT 84.100.145.36:443 – DIRECT/84.100.145.36 –
Thu Jan 10 17:28:23 2008.568 1 202.159.18.194 TCP_MISS/000 0 CONNECT 220.130.140.91:443 – NONE/- –
Thu Jan 10 17:28:44 2008.812 20046 202.159.18.194 TCP_MISS/200 154 CONNECT 220.142.10.9:443 – DIRECT/220.142.10.9 –
Semoga membantu

rgs,

Ervin Taufik

Make a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: