darold
commented
5 years ago You can give several log files or a single log file without taking care of timestamp ordering. It can also be used with multi-process (with -j option). This doesn't allow to parse log files entries older than the last run of SquidAnalyzer (such lines are just skipped), as a workaround you can use --skip-history (see help for more information) to force SquidAnalyzer to parse old entries. If you need to use it take care that there is no duplicate entries from previous run in the old file.
A new release is coming.
I am trying to use SquidAnalyser to analyze multiple access.log files from multiple Squid instances running on multiple Squid servers. The way I am doing this is by creating a single access.log file that is the sum of all access.log files collected from the different squid instances, then run Squid Analyzer, on a daily basis.
The problem is that the different access.log files are not rotated the same way and will include access logs from previous days. How does Squid Analyzer handle logs that were already parsed in a previous run ?
As a workaround, are there any command options that I can use to ensure that Squid Analyzer only reports on logs after a particular date, while keeping old data (generated on previous days) intact ?