search

darold / squidanalyzer

Squid Analyzer parses Squid proxy access log and reports general statistics about hits, bytes, users, networks, top URLs, and top second level domains. Statistic reports are oriented toward user and bandwidth control.
http://squidanalyzer.darold.net/
125 stars 36 forks source link

Parse logfiles with Include #167

Closed niccarp closed 7 years ago

niccarp commented 7 years ago

Hi Darold.

Could you look this, i use the Included file to list only domains members in reports like this:

USER            .*@domain.domain.net
USER            .*@DOMAIN.DOMAIN.net

So in access log i have this info:

1496865612.049  51979 IPADDRESS TCP_TUNNEL/200 67755 CONNECT www.google.cl:443 domainuser@DOMAIN.DOMAIN.NET HIER_DIRECT/64.233.190.94 -
1496865612.283  50035 IPADDRESS TCP_TUNNEL/200 794 CONNECT play.google.com:443 domainuser@DOMAIN.DOMAIN.NET HIER_DIRECT/216.58.222.142 -
1496865617.869  91996 IPADDRESS TCP_TUNNEL/200 1685 CONNECT clients6.google.com:443 domainuser@DOMAIN.DOMAIN.NET HIER_DIRECT/64.233.190.138

But in repots this user (domainuser) doesnt shows, i have another user correct listed but this not.

I run the tool to parse the log and rebuild like this:

/usr/local/bin/squid-analyzer -c /etc/squidanalyzer/squidanalyzer.conf -r access.log-20170611

but with no success in list the other user.

This is related to ? https://github.com/darold/squidanalyzer/issues/84 , its safe to use that "patch" with this new version?

Thanks!

darold commented 7 years ago

Hi,

First you can just use:

USER            .*@domain.domain.net

the regexp search is case insensitive.

If you are using v6.6 of SquidAnalyzer you might not have issue with this setting or maybe you want to apply the user filter on old reports? If you are using an old version, please upgrade.

Regards,

niccarp commented 7 years ago

Thanks darold, now its ok.

I was making the steps wrong to rebuild old html data parse.

I close it.