Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Logfile questions

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 879 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      spheric
      last edited by

      Sooo… I need a bit of help.

      I'm trying to track down a specific website to a specific user at a specific time.

      I'm running squid and have a ~2gb logfile with 12m lines in it.  access.log

      I'm searching for the website or a derivative of the website.  It's a https site if that makes any difference.

      I'm finding nothing.

      Does the access.log file not contain all in/outbound traffic?

      This is a small snip of what I'm seeing in my logfiles:

      1345148266.267     66 192.168.0.81 TCP_MISS/200 13270 GET http://www.rugsale.com/images/medium/oriental_weavers_sphinx/Ariana_623H_MED.jpg - DEFAULT_PARENT/havp image/jpeg
      1345148266.380    120 192.168.0.81 TCP_MISS/200 60212 GET http://www.rugsale.com/images/medium/oriental_weavers_sphinx/spx_Ariana_113R_MED.jpg - DEFAULT_PARENT/havp image/jpeg
      1345148266.386    184 192.168.0.81 TCP_MISS/200 61262 GET http://www.rugsale.com/images/medium/oriental_weavers_sphinx/spx_Ariana_213G_MED.jpg - DEFAULT_PARENT/havp image/jpeg
      1345148266.816     87 192.168.0.81 TCP_MISS/302 608 GET http://d.adroll.com/pixel/2NP54AMF3NCKLC7IZOCGKZ/YLQMZ6MREFG5FBEDT763FI? - DEFAULT_PARENT/havp -
      1345148266.990    173 192.168.0.81 TCP_MISS/200 2008 GET http://a.adroll.com/pixel/2NP54AMF3NCKLC7IZOCGKZ/YLQMZ6MREFG5FBEDT763FI/2VAE4F6F6ZFJNFRD3SSFCO.js - DEFAULT_PARENT/havp text/javascript

      What are the first group of numbers?   I guess I was looking for date format.. that doesn't look like a readable date.

      I've also been looking in the web side of the squid user access reports on my users.. and I see data.. but the website that I know they surfed, isn't listed.

      Frustrated, looking for a bit of help please.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.