Squid format
Wytze van der Raay
wytze at logreport.org
Mon Sep 19 17:13:14 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
> On Sunday, 18 September 2005 09:45, Joost van Baal wrote:
>
>>What does your original log look like? What does the log as processed
>>by tai64nlocal look like? It seems to me that's where things go wrong.
>>(BTW: are you sure you _need_ to use tai64nlocal?)
>
> Well, I thought it should (btw, lire tries to).
As far as I am aware, tai64n is only needed to decode the time stamps
in logfiles produced by D.J. Bernstein's software, e.g. tinydns or qmail.
It is definitely not needed for squid access logs.
> Here is a log extract:
> 1121148475.581 1458 xxx.xxx.xxx.xxx TCP_CLIENT_REFRESH_MISS/200 293 GET
> http://download12.avast.com/iavs4x/servers.def.stamp - DIRECT/67.19.134.114
> text/plain
> 1121148475.930 334 xxx.xxx.xxx.xxx TCP_CLIENT_REFRESH_MISS/200 293 GET
> http://download12.avast.com/iavs4x/prod-av_pro.vpu.stamp -
> DIRECT/67.19.134.114 text/plain
> 1121148476.279 349 xxx.xxx.xxx.xxx TCP_MISS/200 744 GET
> http://download12.avast.com/iavs4x/prod-av_pro.vpu - DIRECT/67.19.134.114
> text/plain
>
> The date is not an integer... no idea why lire tries to use tai64n...
> I just checked the man for Lire::Proxy::SquidAccessDlfConverter , the format
> is correct. The import service too (squid_access).
Your log file looks fine to me. If I run the above through:
lr_log2report -o txt squid_access <your_log_file
I get the attached decently looking report.
Regards,
Wytze van der Raay
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFDLtWKqs+zhiEbbu8RAirrAJ9rcqD2YyMdRWYsS6ZtOBiXLBD10QCePi/+
L++YhOj0mfDNFD1yyEGQA3c=
=GxBd
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: report
Url: http://lists.logreport.org/pipermail/questions/attachments/20050919/23af9c8d/attachment.pl
More information about the Questions
mailing list