[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: squid - an off topic issue



On Sun, 31 Oct 1999, Mike wrote:

> Now, after reading this little story here is the point.
> If i have the exact time (up to the sec) and the site URL, how can i
> find the IP address that used the proxy ?
> i tried to understand the proxy log files (access.log , store.log ect')
> but couldn't get anywhere.

There are scripts to do it, but generally, this is the log format: (for
TCP MISSes or HITs, since UDP ones are usually ICP queries from cache
peers).


time elapsed remotehost code/status bytes method URL rfc931 peerstatus/peerhost
application/type

The following are 2 examples, one of a TCP_HIT, and one of a TCP_MISS. You
can see how it works and what you need.

The time is in UTC format, 9 digits representing seconds since EPOC, or
Jan 1st, 1970, midnight. There are Perl and C funtions to convert the 9
digit string to the usual time format. 

Then you have the remote host. Then you have the method, it should be
TCP_HIT or TCP_MISS.

Then you have rfc931 (ident lookup), and here is what Squid says about it:

-----
rfc931

     The username associated with the client connection, determined from
an Ident (RFC 931) server running on the client
     host. By default Ident lookups are not made, but may be enabled with
the ident_lookup option. 
------------------------


I hope you have enough details here.

Here are two examples:


941407163.997  21668 xxx.yyy.zzz.www TCP_MISS/200 5296 GET 
http://ad.es.doubleclick.net/viewad/8400-rodin-24.gif -  
DIRECT/ad.es.doubleclick.net image/gif

941407164.109    113 xxx.yyy.zzz.www TCP_HIT/200 2828 GET 
http://www.biu.ac.il/icons/second_inner_top.gif - NONE/- image/gif

--Ariel

> 
> Is there a utility that can do it for me ?
> Something simple, just to put the time and the URL and to receive the IP
> address ?
> 
> Thanks,
> 
> Mike
> 
> 
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il
> 

--
Ariel Biener
e-mail: ariel@post.tau.ac.il           Work phone: 03-640608
fingerprint = 07 D1 E5 3E EF 6D E5 82 0B E9 21 D4 3C 7D 8B BC


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il