获取 squid 日志中的网站地址

tag-icon tag-icon centos squid
获取 squid 日志中的网站地址

有没有办法使用 squid 日志按 IP 地址排序获取过去一周未被防火墙阻止的所有网站地址?

以下是日志文件的示例

1250388539.781    388 10.0.44.22 TCP_MISS/200 1931 GET http://safebrowsing-cache.google.com/safebrowsing/rd/goog-phish-shavar_s_45871-45875.45871-45875.: - DIRECT/74.125.6.219 application/vnd.google.safebrowsing-chunk
1250388540.180    382 10.0.44.22 TCP_MISS/200 923 GET http://safebrowsing-cache.google.com/safebrowsing/rd/goog-phish-shavar_a_63716-63720.63716-63717.63718-63720: - DIRECT/74.125.6.219 application/vnd.google.safebrowsing-chunk
1250388549.554    657 10.0.12.101 TCP_MISS/200 430 GET http://tracker.openbittorrent.com/announce? - DIRECT/192.121.86.2 text/plain
1250388583.580    675 10.0.12.101 TCP_MISS/200 1579 GET http://tracker.prq.to/announce? - DIRECT/192.121.86.8 text/plain
1250388588.951    702 10.0.12.13 TCP_MISS/405 1368 LOCK http://www.portforward.com/images/spacer.gif - DIRECT/63.168.21.164 text/html
1250388595.574    674 10.0.12.101 TCP_MISS/200 1579 GET http://denis.stalker.h3q.com/announce? - DIRECT/192.121.86.7 text/plain
1250388703.596    667 10.0.12.101 TCP_MISS/200 1579 GET http://open.tracker.thepiratebay.org/announce? - DIRECT/192.121.86.2 text/plain
1250388746.959    699 10.0.12.13 TCP_MISS/405 1368 LOCK http://www.portforward.com/images/spacer.gif - DIRECT/63.168.21.164 text/html
1250388761.595    676 10.0.12.101 TCP_MISS/200 1578 GET http://tpb.tracker.prq.to/announce? - DIRECT/192.121.86.5 text/plain
1250388772.590    678 10.0.12.101 TCP_MISS/200 1580 GET http://open.tracker.thepiratebay.org/announce? - DIRECT/192.121.86.3 text/plain
1250388803.588    663 10.0.12.101 TCP_MISS/200 620 GET http://tracker.openbittorrent.com/announce? - DIRECT/192.121.86.3 text/plain
1250388835.578    665 10.0.12.101 TCP_MISS/200 430 GET http://tracker.thepiratebay.org/announce? - DIRECT/192.121.86.4 text/plain
1250388835.910    678 10.0.12.101 TCP_MISS/200 1578 GET http://tracker4.finalgear.com/announce? - DIRECT/192.121.86.5 text/plain
1250388848.523    408 10.0.8.155 TCP_MISS/200 663 POST http://safebrowsing.clients.google.com/safebrowsing/downloads? - DIRECT/66.102.9.138 application/vnd.google.safebrowsing-update

系统规格:Centos5

我需要确定一周内谁访问了哪个网站。

这可能吗?

答案1

是的,你可以将它与基本的 unix 命令(如 awk、grep 和 sort)结合起来。或者你可以用 perl 编写一些东西。或者你可以将它加载到数据库中并进行各种挖掘和报告。

cat log | grep "TCP_MISS/200" | awk '{ print $3, $7 }' | sort | uniq

请注意,在许多国家/地区,将真实人物与代理或网络访问日志进行匹配是违法的,可能需要法院命令。您的个人资料表明您身处南非,在这种情况下,宪法赋予您不“侵犯其通信隐私”的权利。(1996 年南非宪法第 14 条)

答案2

您可以使用此命令实时浏览连接性、方法和字节数: 


sudo tail -f /var/log/squid/access.log |awk '{printf(" %-20s | %-15s |  %-28s | %-6s | %-5s |%-s\n",strftime("%c",$1),$3,$4,$5,$6,substr($7,0,50))}'

另外,对于某些报告我使用萨尔格,有时是一个名为平方视图

相关内容