[analog-help] dansguardian logfiles
Aengus
analog at eircom.net
Mon Oct 16 12:53:48 PDT 2006
On Saturday, October 14, 2006 3:17 PM [EDT],
kjc <ckevinj at gmail.com> wrote:
>> Has anyone every parsed Dansguardian (filter for squid) logfiles with
>> Analog?
>>
>> # A Denied request
>> 2006.10.13 22:46:54 - 192.168.1.106 http://www.dragontide.com/dt/
>> *DENIED* ICRA violencekillingfantasy PICS labeling level exceeded on
>> the above site. GET 2641
>> # A Good request
>> 2006.10.14 12:39:47 - 192.168.1.109
>> http://b.mail.google.com/mail/channel/bind?at=ca0fe66a990f5722-10e44d98b18&RID=rpc&SID=14DB7B3CD81F965A&CI=1&AID=402&TYPE=html&zx=pizg83weyjg9&DOMAIN=mail.google.com&t=1
>> GET 561
>> # A good site that met an Exception rule
>> 2006.10.13 23:39:45 - 127.0.0.1
>> http://dansguardian.org/downloads/alexantao/DGview_search.jpg
>> *EXCEPTION* Exception site match. GET 113477
>>
>> there are probably other types.
>>
>> I've got this to work...
>> LOGFORMAT (%Y.%m.%d %h:%n:%j %u %S %r %j)
>>
>> LOGFORMAT (%Y.%m.%d %h:%n:%j %u %S %r *%C* %j)
>>
>>
>> But I'm thinking I should be able to do better even though it says
>> "S: Status code not given: 0" and no corrupt lines.
>> anyone have some good ideas?
You haven't specified what you're trying to get out of the logs - for
instance, do you care about whether requests are denied? Do you want a count
of how many requests are denied or accepted? The esamples you give aren't
actually using the %u field, so yu might consider LOGFORMAT (%Y.%m.%d
%h:%n:%j - %S %r %u %j) and use the User Report to get a count of the
various types of requests.
And it might also be worth trying %f rather than %r for the URL. They you
could use the Referring Site report to see the most popular destination
servers, as well as seeing the most popular destination pages.
Aengus
More information about the analog-help
mailing list