Logfile questions
-
Sooo… I need a bit of help.
I'm trying to track down a specific website to a specific user at a specific time.
I'm running squid and have a ~2gb logfile with 12m lines in it. access.log
I'm searching for the website or a derivative of the website. It's a https site if that makes any difference.
I'm finding nothing.
Does the access.log file not contain all in/outbound traffic?
This is a small snip of what I'm seeing in my logfiles:
1345148266.267 66 192.168.0.81 TCP_MISS/200 13270 GET http://www.rugsale.com/images/medium/oriental_weavers_sphinx/Ariana_623H_MED.jpg - DEFAULT_PARENT/havp image/jpeg
1345148266.380 120 192.168.0.81 TCP_MISS/200 60212 GET http://www.rugsale.com/images/medium/oriental_weavers_sphinx/spx_Ariana_113R_MED.jpg - DEFAULT_PARENT/havp image/jpeg
1345148266.386 184 192.168.0.81 TCP_MISS/200 61262 GET http://www.rugsale.com/images/medium/oriental_weavers_sphinx/spx_Ariana_213G_MED.jpg - DEFAULT_PARENT/havp image/jpeg
1345148266.816 87 192.168.0.81 TCP_MISS/302 608 GET http://d.adroll.com/pixel/2NP54AMF3NCKLC7IZOCGKZ/YLQMZ6MREFG5FBEDT763FI? - DEFAULT_PARENT/havp -
1345148266.990 173 192.168.0.81 TCP_MISS/200 2008 GET http://a.adroll.com/pixel/2NP54AMF3NCKLC7IZOCGKZ/YLQMZ6MREFG5FBEDT763FI/2VAE4F6F6ZFJNFRD3SSFCO.js - DEFAULT_PARENT/havp text/javascriptWhat are the first group of numbers? I guess I was looking for date format.. that doesn't look like a readable date.
I've also been looking in the web side of the squid user access reports on my users.. and I see data.. but the website that I know they surfed, isn't listed.
Frustrated, looking for a bit of help please.
Thanks!