Re: [SQU] Access.log

Folks,

I am very sorry if you felt be bothered by me. At present, I am very panic.
Because one of our IP is suspected by IX that attack other network. And I
did not have much resource to discuss.

Now, I am feeling better. Whatever your comment & suggestion, it is help me
! I am sure that in the future, I won't make same condition.

Thx

Best Regards,

Awie

----- Original Message -----
From: "Thomas Adam" <thomas_adam16@yahoo.com>
To: "Awie" <awie@eksadata.com>; "Robert Collins"
<robert.collins@itdomain.com.au>; <squid-users@ircache.net>
Sent: Friday, January 26, 2001 8:47 PM
Subject: Re: [SQU] Access.log

> Hi,
>
> I would just like to add my own answer to this
> "problem". Yes, Rob is quite right that this problem
> has been documented recently...however, it cannot hurt
> to answer it again.
>
> I won't go into the details of the access.log. All I
> will say is that to convert the UNIX timestamp, enter
> the following, into a text editor
>
> #!/usr/bin/perl -p
>
> 's/\d+/localtime $&/e;
>
> and then save it as "perlscript" in the same folder as
> the access.log. Then at the command prompt, in the
> same folder, type the following:
>
> chmod 700 ./perlscript
> (this makes the script executable)
>
> then enter:
>
> ./perlscript < access.log >access2.log
>
> if you now open the access2.log, you'll find the time
> and date has been converted.
>
> Just as an aside, my website www.squidproxyapps.org.uk
>
> has a bash script called squidlog that you might like
> to try. What it does is it refines the log, to
> something readible by humans!!
>
> I hope this is of some help to you,
> Regards,
>
> Thomas Adam
> re: thomas_adam16@yahoo.com
> --- Awie <awie@eksadata.com> wrote: > Okay Rob,
> >
> > Many thanks for your help
> >
> > Thx
> >
> > Best Regards,
> >
> > Awie
> >
> > ----- Original Message -----
> > From: "Robert Collins"
> > <robert.collins@itdomain.com.au>
> > To: "Awie" <awie@eksadata.com>;
> > <squid-users@ircache.net>
> > Sent: Friday, January 26, 2001 8:06 PM
> > Subject: Re: [SQU] Access.log
> >
> >
> > > Awie,
> > > this DOES NOT mean that squid passed a file tothe
> > internet. What it means
> > is that the machine at ip aaa.bbb.ccc.ddd requested
> > the
> > > URL
> >
>
http://www.library.itu.edu.tr/scripts/..%1c%9c.../winnt/sytem32/cmd.exe?(wit
> > h more here but hidden from the log), using the HTTP
> > > method GET and receieved a rsponse with status
> > 500.
> > >
> > > It DOES NOT mean that cmd.exe is present anywhere
> > on any of your machines.
> > >
> > > I suggest you read rfc 2616 and get familiar with
> > the operation of HTTP.
> > It will make understanding what is happening a lot
> > easier
> > > for you.
> > >
> > > As far as converting 979273815 to readable time,
> > this has been covered in
> > the squid users archives very recently.
> > >
> > > Rob
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: "Awie" <awie@eksadata.com>
> > > To: <squid-users@ircache.net>
> > > Sent: Friday, January 26, 2001 10:48 PM
> > > Subject: [SQU] Access.log
> > >
> > >
> > > Folks,
> > >
> > > I got this message (below) in my access.log. I
> > found our Squid passed file
> > CMD.EXE to Internet that requested by IP
> > aaa.bbb.ccc.ddd.
> > >
> > > 979273815.589 2961 aaa.bbb.ccc.ddd TCP_MISS/500
> > 324 GET
> >
> http://www.library.itu.edu.tr/scripts/..%1c%9c.../winnt/sytem32/cmd.exe?
> > -
> > > DIRECT/www.library.itu.edu.tr text/html
> > >
> > > 1. Is that a normal progress Squid?
> > > 2. How can I get date and time by converting the
> > lines? I could not run
> > command grep 'cmd.exe' access.log | perl -pe
> > > 's/\d+/localtime $&/e; from my Linux prompt to get
> > our system time
> > >
> > > Your answer is very appreciated. Thx
> > >
> > > Best Regards,
> > >
> > > Awie
> > >
> > >
> >
> > --
> > To unsubscribe, see
> > http://www.squid-cache.org/mailing-lists.html
> >
>
>
> =====
> Thomas Adam
> Linux Co-ordinator for The Purbeck School
>
> e-mail (school): n6tadam@users.purbeck.dorset.sch.uk
> e-mail (yahoo) : thomas_adam16@yahoo.com
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Auctions - Buy the things you want at great prices.
> http://auctions.yahoo.com/
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html