Access monitor squid


access monitor squid
Perhaps we often monitor the Squid access to internet sites by looking at the file / var / log / squid / access.log. we usually do with:

# Tail-f / var / log / squid / access.log



as is usually the result of irregular chaotic. With a bit of shell programming, the result may be a little better. Command below may be tried

# Tail-f / var / log / squid / access.log | awk '{print $ 3 "" $ 8 "" $ 7}'

If you want more simple, create a file disuatu eg. catch, then set his permission to execute trus run eg:

# Vi catch
- Fill in the last line -
- Save and quit -
# Chmod 777 arrested
#. / Catch

please try

the second way:
Monitor the Squid proxy access through the console by using the tail command output by default quite confusing because the info is displayed too much. To view the log of squid that the information displayed can be used only in the desired way with awk mempipakan tail. awk and tail together can be used to display the contents of a text file, but the tail displays the contents of a file in realtime although recently updated by another user while awk does not realtime, but it functions more.
example see squid logs using tail command:

root @ dp: ~ # tail-f / var / log / squid / access.log
1184295981.413 7720 192.168.10.8 GET http://overloadstudios.co.uk/ewa/counters/overloadstudios01.txt&num=792 TCP_MISS/404 475 - DIRECT/213.171.218.194 text / html
1184296008.069 470 12 904 192.168.10.8 GET TCP_MISS/404 http://overloadstudios.co.uk/ewa/counters/cipher5tring.txt&num=686 - DIRECT/213.171.218.194 text / html
.....
..... etc.

For simplicity we have described above squid log into sections with spaces as separators between the sections. As an example we take the squid log line above:

1184296008.069 470 12 904 192.168.10.8 GET TCP_MISS/404 http://overloadstudios.co.uk/ewa/counters/cipher5tring.txt&num=686 - DIRECT/213.171.218.194 text / html

The results of separation
1 = 1184296008.069
2 = 12904
3 = 192.168.10.8
4 = TCP_MISS/404
5 = 470
6 = GET
7 = http://overloadstudios.co.uk/ewa/counters/cipher5tring.txt&num=686
8 = -
9 = DIRECT/213.171.218.194
10 = text / html

Suppose we want to show parts 1, 2 and separated by a space from the log using awk are:

awk '{print $ 1 "" $ 2}' / var / log / squid / access.log

output:
root @ dp: ~ # awk '{print $ 1 "" $ 2}' / var / log / squid / access.log
1184296008.069 12 904
...
...
etc.

It appears only the command output to 1 and 2.
Suppose we want to show section 3 (the IP address of the client squid), 4 (status) and 7 (website / web accessible) with a separator between sections using the spaces and "->" can use the command:

root @ dp: ~ # awk '{print $ 3 "->" $ 4 "" $ 7}' / var / log / squid / access.log
192.168.10.8 -> TCP_MISS/404 http://overloadstudios.co.uk/ewa/counters/cipher5tring.txt&num=686
...
...
etc.

with the above command output to be more simple and clear. If we want to show all the parts can use the command:

awk '{print $ 0}' / var / log / squid / access.log

The output from this command is similar to the above command tail but not realtime. To display the log sections as we want and realtime then can use the tail command piped to awk command as follows:

tail-f / var / log / squid / access.log | awk '{print $ 3 "->" $ 4 "" $ 7}'

The output of the above command will manghasilkan part to the 3, 4 and 7 of the squid logs in realtime. For example:

root @ dp: ~ # tail-f / var / log / squid / access.log | awk '{print $ 3 "->" $ 4 "" $ 7}'
192.168.10.8 -> TCP_MISS/404 http://overloadstudios.co.uk/ewa/counters/cipher5tring.txt&num=686
192.168.10.9 -> TCP_REFRESH_MISS/200 http://img.youtube.com/vi/rQdWNpJhgaM/3.jpg
192.168.10.9 -> TCP_MISS/200 http://img.youtube.com/vi/BhXWe77zKds/3.jpg
...
...
etc.

Using awk above is just a small part of the functions of the other awk. To use another awk can be viewed at:
- Http://www.linode.com/wiki/index.php/AWK_Howto
- Http://www.softpanorama.org/Tools/awk.shtml
Related : Access monitor squid.