I tried the below script although it did give back a file it only had one
entry in it. What I am interested in is all IP addresses that visited a
particular domains site and subdomains of that site.
egrep http://www.somesite.com access.log | egrep '192.168.1.[234]' | awk
egrep: access.log: No such file or directory
Jim Brouse
Internet Administrator
Information Technology Department
Pascua Yaqui Tribe of Arizona
Phone: 520-879-5813
E-mail: jbrouse@pascuayaqui-nsn.gov
"Adam"
<adam-s@pacbel To: <squid-users@squid-cache.org>
l.net> cc:
Subject: Re: [squid-users] Squid Activity/Usage and Reporting Tools
07/31/2003
11:11 AM
Please respond
to "Adam"
Jim_wrote:
> What is the best way to determine how busy squid is, for example if there
> is an Internet slow down. Some way to determine if the squid box is
busy,
> if the squid box can not get out to the Internet, or just a particulary
> slow web page?
"How busy squid is" would seem to me to be different that if there is an
internet slow down. For monitoring squid, use the cachemgr.cgi script.
Info here: http://www.squid-cache.org/Doc/FAQ/FAQ-9.html. The general info
page has some useful info - if any particular value is not self-evident
then
just search for it using groups.google.com (to just search this mailing
list, go to Advanced and put in mailing.unix.squid-users).
However my problem is often: is it squid or the internet? Fortunately we
have a few test boxes that can go via the proxy or directly out. So from
those boxes and the proxy itself we do traceroutes and pings to various
test
sites (e.g. our own offsite servers) so we have an idea of what
normal/expected traffic and return times are.
I use ping to see packet loss and any ups/downs in traffice. We have 2
T1's
and one often has intermittent problems so this helps to show them:
$ ping -s www.somesite.com 56 100 (this says send 56byte packets a
hundred times - it's ping -t on Win2K).
PING www.somesite.com: 56 data bytes
64 bytes from www.somesite.com (209.157.104.243): icmp_seq=0. time=11. ms
64 bytes from www.somesite.com (209.157.104.243): icmp_seq=1. time=109. ms
64 bytes from www.somesite.com (209.157.104.243): icmp_seq=2. time=128. ms
etc.
traceroute www.somesite.com is also very handy.
> Also if I have a squid access.log and I want to determine all users IP
> addresses that are accessing www.somesite.com what is the best way to
pull
> out that information.
Short of using one of the reports/tools listed here
http://www.squid-cache.org/Scripts/, why not use something like this:
egrep http://www.somesite.com access.log | egrep '192.168.1.[234]' | awk
'{print $3}' | sort -u > /tmp/gotcha
(Assumes you are using native log format, are not logging fqdn, hence IP is
3rd field. Substitute 192.168.1.[234] for whatever IP range you are
seeking).
hth
Adam
Received on Thu Jul 31 2003 - 15:17:01 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:23 MST