Line 45: |
Line 45: |
| | | |
| ===MySQL logs=== | | ===MySQL logs=== |
− | MySQL loging of clients requests is handled by a independant daemon called squid-db-logd. It monitors squid access log and squidGuard deny log in realtime, parse it and put everything in the database called squid_log. In this database, the table access_log list all the access while the deny_log only list denied pages. This feature may need a lot of space. On a busy server, you can easily reach 3Go/month only for the database (and more for the dump when you backup your server). To lmit the needed space, a cron job rotate and compress the access_log and deny_log tables each month. Old tables are also removed. The default config keeps one year of log. You can change this setting with (value is in day and default is 365) | + | MySQL loging of clients requests is handled by a independant daemon called squid-db-logd. It monitors squid access log and squidGuard deny log in realtime, parse it and put everything in the database called squid_log. In this database, the table access_log list all the access while the deny_log only list denied pages. This feature may need a lot of space. On a busy server, you can easily reach 3GB / month only for the database (and more for the dump when you backup your server). To lmit the needed space, a cron job rotate and compress the access_log and deny_log tables each month. Old tables are also removed. The default config keeps one year of log. You can change this setting with (value is in day and default is 365) |
| db configuration setprop squid-db-logd Retention 180 | | db configuration setprop squid-db-logd Retention 180 |
| | | |
Line 51: |
Line 51: |
| db configuration setprop squid-db-logd status disabled | | db configuration setprop squid-db-logd status disabled |
| sv d /service/squid-db-logd | | sv d /service/squid-db-logd |
| + | |
| + | Here are some example of queries you can run: |
| + | |
| + | *Get the top 30 most visited domains |
| + | echo "SELECT DOMAIN,COUNT(DOMAIN) AS occurances FROM access_log GROUP BY DOMAIN ORDER BY occurances DESC LIMIT 30;" | mysql squid_log |
| + | |
| + | *Get the top 10 most used blocked categories |
| + | echo "SELECT category,COUNT(category) AS occurances FROM deny_log GROUP BY category ORDER BY occurances DESC LIMIT 10;" | mysql squid_log |
| + | |
| + | *get all the pages requested by the client 192.168.7.50 on Oct 12 2012 between 10pm and 11 pm, and export the result in /tmp/result.csv |
| + | |
| + | echo SELECT date_day,date_time,url,username INTO OUTFILE '/tmp/result.csv' FIELDS TERMINATED BY ',' |
| + | OPTIONALLY ENCLOSED BY '"' ESCAPED BY '\\' LINES TERMINATED BY '\n' |
| + | FROM access_log WHERE client_ip='192.168.7.50' AND date_day='2012-10-08' AND date_time>'22:00:00' AND date_time<'23:00:00';" mysql squid_log |