Hi, i am trying to extract logs from /var/log/squid/access.log by date, but i dont know how to do it? date formate given in access.log is in different formate, like :

1282714773.395 20 192.168.10.44 TCP_IMS_HIT/304 314 GET http://www.google.com - NONE/- - 1282714774.029 13 192.168.10.44 TCP_IMS_HIT/304 314 GET http://www.google.com - NONE/- -

I tried following command to extract latest logs :

egrep /var/log/squid/access.log | awk '{print$3 " " $8 " " $7}' | tail

But i want to extract logs according to date without any external software(sarg) can anyone have solution for this? please help me..

asked 26 Aug '10, 05:47

Kiran's gravatar image

Kiran
11
accept rate: 0%




Hi

What version of Squid are you using? I use Squid3 and dates in access.log are like this 85.25.176.167 - - [26/Aug/2010:07:13:52 +0100] Looks like the format in your log is in epoch format. You could write a script that gets the values in epoch for today (or any day) and then grep that range from the access.log.

Kind regards,

Eric

link

answered 26 Aug '10, 06:49

EricTRA's gravatar image

EricTRA
564
accept rate: 7%

Hi, thanks Eric, i am using squid-2.6. It is critical work to pass portion of date to convert in to normal date formate using epoch, then extract logs for the perticular date, is there any other simple way?

Thanks, Kiran.

(26 Aug '10, 09:38) Kiran

Hi Kiran, The simplest way I can think of is to upgrade to Squid 3.1, which is the latest stable release. 2.6 is an old version already. Consult the changes between both versions since there are some important differences.

Kind regards,

Eric

(27 Aug '10, 10:34) EricTRA

date +%s will give you the epoch and you can * from the right to find periods of time for your search.

  1. $ date +%b%s RETURNS: Aug1282844071

  2. $ date +%s RETURNS 1282844082

  3. epoch/date converter:

http://www.epochconverter.com/

link

answered 26 Aug '10, 17:40

djf's gravatar image

djf
112
accept rate: 0%

edited 26 Aug '10, 18:28

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×90

Asked: 26 Aug '10, 05:47

Seen: 1,391 times

Last updated: 09 Sep '10, 19:24

powered by OSQA