主页 / server / 问题 / 72516
Accepted
Elitmiar
Asked: 2009-10-09 05:00:07 +0800 CST

在 squid 日志中获取网站地址

  • 772

有没有办法使用 squid 日志按 IP 地址排序上周未被防火墙阻止的所有网站地址?

这是日志文件的示例

1250388539.781    388 10.0.44.22 TCP_MISS/200 1931 GET http://safebrowsing-cache.google.com/safebrowsing/rd/goog-phish-shavar_s_45871-45875.45871-45875.: - DIRECT/74.125.6.219 application/vnd.google.safebrowsing-chunk
1250388540.180    382 10.0.44.22 TCP_MISS/200 923 GET http://safebrowsing-cache.google.com/safebrowsing/rd/goog-phish-shavar_a_63716-63720.63716-63717.63718-63720: - DIRECT/74.125.6.219 application/vnd.google.safebrowsing-chunk
1250388549.554    657 10.0.12.101 TCP_MISS/200 430 GET http://tracker.openbittorrent.com/announce? - DIRECT/192.121.86.2 text/plain
1250388583.580    675 10.0.12.101 TCP_MISS/200 1579 GET http://tracker.prq.to/announce? - DIRECT/192.121.86.8 text/plain
1250388588.951    702 10.0.12.13 TCP_MISS/405 1368 LOCK http://www.portforward.com/images/spacer.gif - DIRECT/63.168.21.164 text/html
1250388595.574    674 10.0.12.101 TCP_MISS/200 1579 GET http://denis.stalker.h3q.com/announce? - DIRECT/192.121.86.7 text/plain
1250388703.596    667 10.0.12.101 TCP_MISS/200 1579 GET http://open.tracker.thepiratebay.org/announce? - DIRECT/192.121.86.2 text/plain
1250388746.959    699 10.0.12.13 TCP_MISS/405 1368 LOCK http://www.portforward.com/images/spacer.gif - DIRECT/63.168.21.164 text/html
1250388761.595    676 10.0.12.101 TCP_MISS/200 1578 GET http://tpb.tracker.prq.to/announce? - DIRECT/192.121.86.5 text/plain
1250388772.590    678 10.0.12.101 TCP_MISS/200 1580 GET http://open.tracker.thepiratebay.org/announce? - DIRECT/192.121.86.3 text/plain
1250388803.588    663 10.0.12.101 TCP_MISS/200 620 GET http://tracker.openbittorrent.com/announce? - DIRECT/192.121.86.3 text/plain
1250388835.578    665 10.0.12.101 TCP_MISS/200 430 GET http://tracker.thepiratebay.org/announce? - DIRECT/192.121.86.4 text/plain
1250388835.910    678 10.0.12.101 TCP_MISS/200 1578 GET http://tracker4.finalgear.com/announce? - DIRECT/192.121.86.5 text/plain
1250388848.523    408 10.0.8.155 TCP_MISS/200 663 POST http://safebrowsing.clients.google.com/safebrowsing/downloads? - DIRECT/66.102.9.138 application/vnd.google.safebrowsing-update

系统规格:Centos5

我需要确定谁在一周内访问了哪个站点。

这可能吗?

centos

2 个回答

  1. Best Answer

    是的,您可以将其与基本的 unix 命令(如 awk、grep 和 sort)放在一起。或者你可以在 perl 中一起破解一些东西。或者您可以将其加载到数据库中并进行各种挖掘和报告。

    cat log | grep "TCP_MISS/200" | awk '{ print $3, $7 }' | sort | uniq

    请注意,将自然人与代理或 Web 访问日志匹配在许多国家/地区是非法的,可能需要法院命令。您的个人资料表明您在南非,在这种情况下,宪法有权不“侵犯他们的通信隐私”。(1996 年南非宪法,第 14 条)

    • 2

  2. 您可以使用此命令实时浏览连接、方法和字节: 

    
sudo tail -f /var/log/squid/access.log |awk '{printf(" %-20s | %-15s |  %-28s | %-6s | %-5s |%-s\n",strftime("%c",$1),$3,$4,$5,$6,substr($7,0,50))}'

    此外,对于某种报告,我使用sarg,有时使用名为sqview的 python 脚本

    • 0

相关问题