How to analyse squid logs and wierd time stamps
Chuck Swiger
cswiger at mac.com
Wed Jun 4 18:52:17 PDT 2003
keith at smmc.qld.edu.au wrote:
[ ... ]
> 1049884671.477 240 10.0.1.121 TCP_HIT/200 744 GET
> ftp://ftpav.ca.com/pub/inoculan/scaneng/Siglist.txt - NONE/- text/plain
> ... Whoa!
> Anyone know of a port to analyse this stuff and change what MIGHT be a
> timestamp to something a mortal like me can read??
Sure. Install /usr/ports/net/adns and /usr/ports/www/analog. Check out and
update the analog config file in /usr/local/etc.
cd to where your log files are, and DNS resolve the IPs via:
adnslogres -c 20000 < access_log > access_log.dns
...then run analog against this (DNS-resolved) logfile, and it will generate
lots of info. You can also do other things with the DNS-resolved logfile using
other tools, but most of 'em will prefer to start with the output of adnslogres,
so that step is worth doing.
-Chuck
More information about the freebsd-questions
mailing list