search

darold / squidanalyzer

Squid Analyzer parses Squid proxy access log and reports general statistics about hits, bytes, users, networks, top URLs, and top second level domains. Statistic reports are oriented toward user and bandwidth control.
http://squidanalyzer.darold.net/
125 stars 36 forks source link

Report does not generate for ufdbguard log #188

Closed ghost closed 5 years ago

ghost commented 5 years ago

Hi, I have configured in "/usr/local/etc/squidreport/squidanalyzer.conf " LogFile ufdbguardd.log file path in FreeBSD system. When I execute CLI "/usr/local/bin/squid-analyzer -d" I got output as No new log registered... DEBUG: the log statistics gathering took: 0 wallclock secs ( 0.01 usr + 0.01 sys = 0.02 CPU) Skipping HTML build. DEBUG: generating HTML output took: 0 wallclock secs ( 0.00 usr + 0.00 sys = 0.00 CPU) DEBUG: total execution time: 0 wallclock secs ( 0.01 usr + 0.01 sys = 0.02 CPU)

My ufdbguardd.log file 2018-09-11 17:26:18 [3356] BLOCK - 192.168.1.12 default searchengines www.google.com:443 CONNECT 2018-09-11 17:26:19 [3356] BLOCK - 192.168.1.12 default searchengines www.google.com:443 CONNECT 2018-09-11 17:26:19 [3356] BLOCK - 192.168.1.12 default searchengines www.google.com:443 CONNECT 2018-09-11 17:26:25 [3356] BLOCK - 192.168.1.12 default socialnet http://twitter.com/ GET 2018-09-11 17:26:29 [3356] BLOCK - 192.168.1.12 default socialnet http://facebook.com/ GET 2018-09-11 17:26:36 [3356] BLOCK - 192.168.1.12 default searchengines http://in.yahoo.com/ GET 2018-09-11 17:26:40 [3356] BLOCK - 192.168.1.12 default searchengines http://bing.com/ GET 2018-09-11 18:02:04 [3356] BLOCK - 192.168.1.12 default searchengines www.google.com:443 CONNECT 2018-09-11 18:02:04 [3356] BLOCK - 192.168.1.12 default searchengines www.google.com:443 CONNECT 2018-09-11 18:02:04 [3356] BLOCK - 192.168.1.12 default searchengines www.google.com:443 CONNECT 2018-09-11 18:02:32 [3356] BLOCK - 192.168.1.12 default alcohol http://absinthebuyersguide.com/ GET 2018-09-11 18:02:53 [3356] BLOCK - 192.168.1.12 default news http://3w-tv.com/ GET

darold commented 5 years ago

Hi,

Works for me with your log sample. First check that you have set LogFile with absolute path, second see if you have a file named ufdbGuard.current in the output directory (default: /var/www/squidanalyzer/).

If you have this file and you are sure to not have new UfdbGuard entries in the report, remove it. It stores the last position in the log. Do not remove others *.current files if you also parsing squid logs or you will have duplicate records.

Let me know.

ghost commented 5 years ago

Hi, Actually the problem is in space separation in log message. We need to modify logformat in SquidAnalyzer.pm for ugdbguard log ($ug_format_regex1).

darold commented 5 years ago

I don't see what should be modified, please post the modification you are doing.

darold commented 5 years ago

Fixed in commit eb3eca3