Re: [squid-users] intercepting access.log

From: Francisco Obispo <fobispo@dont-contact.us>
Date: Mon, 28 Oct 2002 09:36:41 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi..

This is a perl script that I wrote in order to generate reports of computers
that have been blocked due to my ACLs,

I think you might be able to modify it, and use it for your needs

this script generates the report everytime you "kill -USR1 <pidofprog>"

regards...

#!/usr/bin/perl
use IO::Seekable;
use Fcntl;

$SIG{USR1}=\&report;

$DEFAULT="/usr/local/squid/var/logs/access.log";
$FILE=$ARGV[0] ? $ARGV[0]:$DEFAULT;
$PID="/var/run/virus_check.pid";
$REPORT="/var/log/squid/bin/reporte.log";
$PATTERN="(TCP_DENIED|NONE\/411)";

open(PID,">" . $PID) || die("Unable to write PID FILE: " . $PID);
print PID $$ . "\n";
close(PID);

open(FILE,"<" . $FILE)|| die("Unable to open " . $FILE . " for reading:
" . $! );

seek(FILE,0,SEEK_END);

~ %IP;
%COUNT;
$start=localtime();
$end;
for(;;){
~ while(<FILE>){
    chomp();
    if($_=~ m/$PATTERN/g){
        my @data=split();
        $IP{$data[2]}=$data[6];
        $COUNT{$data[2]}++;
# print $_ . "\n";
    }
~ }
~ sleep 1;
~ FILE->clearerr();
}
close(FILE);

sub report{
~ $end=localtime();
~ open(REPORT,">>" . $REPORT) || die("unable to open $REPORT");
~ print REPORT "Reporte de Bloqueo de Peticiones\n";
~ print REPORT "Desde: [" . $start . "] - Hasta: [" . $end . "]\n";
~ print REPORT
"--------------------------------------------------------------------------------\n";
~ printf REPORT "%-20s %-15s, %-s","HOST","\# INTENTOS","CONTENIDO" .
"\n";
~ foreach my $i (sort { $a <=> $b } keys %IP){
    my $name= gethostbyaddr($i,AF_INET) if ($i =~
m/(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/) ;
    $name=$name ? $name:$i;
    $IP{$i}=~ s/\n//g;
    printf REPORT "%-20s %-15s %-s",$name,$COUNT{$i},$IP{$i} . "\n";
~ }
~ print REPORT
"--------------------------------------------------------------------------------\n";
~ close(REPORT);
~ %COUNT=();
~ %IP=();
~ $start=$end;
~ $end=0;
}

Ina Patricia Lopez wrote:

|do a "tail -n access.log" every "t" minutes and pass it to your program
|for parsing then to your sql. "n" and "t" will depend on how fast
|your log grows.
|
|
|--- zeluis@objetivo-americana.com.br wrote:
|
|>Hi all,
|>
|>it would like a referring aid /var/log/squid/access.log (suse 8).
|>Mine
|>squid.conf possesss the following parameter: logfile_rotate 0
|>
|>I use transparent proxy, without authentication saw squid. I make
|>proper
|>authentication through java. At the moment where squid records the
|>event of
|>log in access.log, my application only has condition to know the name
|>of the
|>user who is in the referring IP.
|>
|>My problem: to make with that each line of log either sent to a
|>program, in
|>gcc, that will make a consultation in my bank, postgresql, will get
|>the name
|>of the user of the referring IP and will record in another table of
|>postgresql.
|>
|>This everything to each writing in access.log. I imagined something
|>as tail,
|>but I did not have success.
|>
|>I only need the mechanism to intercept the writing for access.log and
|>to send
|>as parameter for my gcc program.
|>
|>All the remain already I am working.
|>
|>Somebody could indicate a solution that was possible I to decide this
|>task.
|>
|>Thanks a lot.
|>
|>Ze luis
|>
|
|
|
|__________________________________________________
|Do you Yahoo!?
|Y! Web Hosting - Let the expert host your web site
|http://webhosting.yahoo.com/
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE9vT1ph888MDI20J0RAugeAKCAe0ZgIdFWHk7yQAohQgoN2ImUVwCeJmrj
Bw8AW5VHdGi7oDUUCDI8hTE=
=hohH
-----END PGP SIGNATURE-----
Received on Mon Oct 28 2002 - 06:42:43 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:55 MST