COMANDO # tail -f /var/log/squid/access.log | awk '{print $3 " --> " $7 }'

bitiura123
(usa Outra)

Enviado em 06/06/2018 - 12:08h

Bom dia pessoal, estou com duvida nesse comando # tail -f /var/log/squid/access.log | awk '{print $3 " --> " $7 }'
quando executo ele roda normal mais o resultado é esse

127.0.0.1 TCP_MISS/200-http:// ---- site

a duvida é o seguinte seria para mostra o ip que esta acessando na frente mais ele apenas mostra esse ip para todos da rede ...

msoliver
(usa Debian)

Enviado em 06/06/2018 - 14:57h

Boa tarde.
Poste ao menos uma linha do /var/log/squid/access.log.

marcelo oliver

bitiura123
(usa Outra)

Enviado em 06/06/2018 - 16:01h

resposta do comando ele retorna ( a baixo ) quando o terminal começa acessar sites ...

127.0.0.1 TCP_MISS/200-http:// www.google.com
127.0.0.1 TCP_MISS/200-http:// www.vivaolinux.com


ele mostra o que esta sendo acessado, pelos terminal na rede mais o ip no caso que mostra é 127.0.0.1 não é o ip que esta no terminal o ip do terminal
seria 192.168.2.8 como queria que fosse exibido o resultado

192.168.2.8 TCP_MISS/200-http:// www.google.com

ai sim estaria mostrando o que cada IP estaria acessando no momento
obrigado pela resposta msoliver .

ou vc gostaria de ver o arquivo access.log ?

msoliver
(usa Debian)

Enviado em 06/06/2018 - 19:26h

Bitiura, boa noite.
Primeiramente você deve "customizar" o log do squid, veja:
http://www.dicas-l.com.br/arquivo/customizando_os_arquivos_de_log_do_squid.php#.Wxhas60sLH4
Feito isso, é só "pegar" os campos com o awk...
Recomendo o tail -n"N", onde "N" é a quantidade de linhas, pois, o tail -f, fica "travado" no comando.

Marcelo oliver

bitiura123
(usa Outra)

Enviado em 07/06/2018 - 11:23h

obrigado pela ajuda Marcelo oliver.

Nesse caso deveria criar um novo template para o gerar o arquivo de log com as informações que queria e assim utilizar o comando nele para dar as informações em tempo real certo ?
se for isso mesmo como faço para criar outro template e teria como criar dois template deixar o original e outro pro fora que seria esse ? estou utilizando uma versão do zentyal para teste em uma maquina virtual por isso queria ver se posso criar dois para não mexer nas configuração original e dar problemas na interface .... ( não sei se pode dar problema ) a baixo segue o arquivo squid.conf dele para dar uma olhadinha caso ajude

<%doc>

    Main configuration file for Squid daemon



  Parameters:



    snmpEnabled - Boolean indicating if SNMP is enabled or not

</%doc>

<%args>

    $port

    $transparent

    $authNeeded

    $allowAll

    @localnets

    @objectsPolicies

    @objectsDelayPools

    @groupsPolicies

    @notCachedDomains

    @nameservers

    $append_domain

    $cache_host

    $cache_port



    $memory

    $max_object_size



    $cacheDirSize

    $dn

    $ldapport

    $snmpEnabled => 0



    $urlRewriteProgram => undef

</%args>

<%perl>

our $maxAclNameLength = 31;

our %longAclNames = ();





sub _timeAclsInPolicy

{

   my ($policy, @ids) = @_;

   my $id = join '_', @ids;



   my $acls = '';



   if ($policy->{timeDays}) {

      $acls = _aclName('timeDays_' . $id);

      $acls .= ' ';

   }



   if ($policy->{timeHours}) {

       $acls .= _aclName('timeHours_' . $id);

   }



   return $acls;

}





# needed because space scape doesnt work in acl names

sub _escapeWS

{

    my ($string) = @_;

    $string =~ s{ }{__}g;

    return $string;

}





# needed to avoid log acl problems

sub _aclName

{

    my ($name) = @_;

    if (length($name) <= $maxAclNameLength) {

        return _escapeWS($name);

    }



    if (not exists $longAclNames{$name}) {

        my $nextId = 1 + keys %longAclNames;

        $nextId = 'longAcl' . $nextId;

        $longAclNames{$name} = $nextId;

    }



    return _escapeWS($longAclNames{$name});

}





</%perl>

# <EBOX> TAG_HTTPORT #

% my $transKey = '';

% if ($transparent eq 'yes') {

%   $transKey = 'transparent';

% }

http_port <% $port %> <% $transKey %>

# END_TAG #



visible_hostname localhost

% if (@nameservers) {

% my $dns_nameservers;

% foreach my $srv (@nameservers) {

% $dns_nameservers .= "$srv ";

% }

dns_nameservers <% $dns_nameservers %>

% }

% if ($append_domain) {

append_domain .<% $append_domain %>

% }

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?

no_cache deny QUERY



# refresh patterns



# windows updates

refresh_pattern http://.*\.windowsupdate\.microsoft\.com/ 0 80% 20160

reload-into-ims

refresh_pattern http://.*\.update\.microsoft\.com/ 0 80% 20160 reload-into-ims

refresh_pattern http://download\.microsoft\.com/ 0 80% 20160 reload-into-ims

refresh_pattern http://windowsupdate\.microsoft\.com/ 0 80% 20160

reload-into-ims

refresh_pattern http://.*\.download\.windowsupdate\.com/ 0 80% 20160

reload-into-ims

refresh_pattern http://office\.microsoft\.com/ 0 80% 20160 reload-into-ims

refresh_pattern http://w?xpsp[0-9]\.microsoft\.com/ 0 80% 20160 reload-into-ims

refresh_pattern http://w2ksp[0-9]\.microsoft\.com/ 0 80% 20160 reload-into-ims

# linux updates

refresh_pattern http://.*\.archive\.ubuntu\.com/ 0 80% 20160 reload-into-ims

refresh_pattern http://(ftp|http)[0-9]*\.[a-z]+\.debian\.org/ 0 80%

20160 reload-into-ims



refresh_pattern ^ftp:           1440    20%     10080

refresh_pattern ^gopher:        1440    0%      1440

refresh_pattern .               0       20%     4320

# end refresh patterns



coredump_dir /var/spool/squid

cache_effective_user proxy

cache_effective_group proxy

cache_mem <% $memory %> MB

maximum_object_size <% $max_object_size %> MB

access_log /var/log/squid/access.log squid

pid_filename /var/run/squid.pid



cache_dir ufs /var/spool/squid <% $cacheDirSize %> 16 256



% if ($cache_host and $cache_port) {

cache_peer <% $cache_host %> parent <% $cache_port %> 0 no-query no-digest

% }





# <EBOX> TAG_ACL #

auth_param basic realm Zentyal HTTP proxy

auth_param basic program /usr/lib/squid/ldap_auth -v 3 -b  ou=Users,<%

$dn %>  -u uid  -h ldap://127.0.0.1:<% $ldapport %>

acl authorized  proxy_auth required





% if ($urlRewriteProgram) {

url_rewrite_program <% $urlRewriteProgram %>

% }



<& .groupsACLs,

    groupsPolicies => \@groupsPolicies,

    objectsPolicies => \@objectsPolicies,

 &>



<& .objectsACLs, objectsPolicies => \@objectsPolicies &>



<& .objectsACLs, objectsPolicies => \@objectsDelayPools &>



# no cache domains acl

% foreach my $domain (@notCachedDomains) {

acl noCached dstdomain <% $domain %>

% }



# END_TAG #

acl localhost src 127.0.0.0/8

acl localhostdst dst 127.0.0.0/8

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 563      # https, snews

acl SSL_ports port 873          # rsync

acl Safe_ports port 80          # http

acl Safe_ports port 21          # ftp

acl Safe_ports port 443 563     # https, snews

acl Safe_ports port 70          # gopher

acl Safe_ports port 210         # wais

acl Safe_ports port 1025-65535  # unregistered ports

acl Safe_ports port 280         # http-mgmt

acl Safe_ports port 488         # gss-http

acl Safe_ports port 591         # filemaker

acl Safe_ports port 777         # multiling http

acl Safe_ports port 631         # cups

acl Safe_ports port 873         # rsync

acl Safe_ports port 901         # SWAT

acl purge method PURGE

acl CONNECT method CONNECT



follow_x_forwarded_for allow localhost

log_uses_indirect_client off



http_access allow localhost



http_access deny manager

http_access deny purge

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_reply_access allow all



% if ($cache_host and $cache_port) {

never_direct allow all

% }





# <EBOX> TAG_DELAYPOOLS #



% if (@localnets) {

<& .localnetsACLs,

                  localnets => \@localnets,

&>

% }

<& .delayPools,

                  objectsDelayPools => \@objectsDelayPools,

&>



# END_TAG



# <EBOX> TAG_HTTP_ACCESS #





% if (@notCachedDomains) {

cache deny noCached

% }





<& .objectsAccess,

                  objectsPolicies => \@objectsPolicies,

&>



<& .globalGroupsAccess,

                groupsPolicies => \@groupsPolicies,

&>







# default policy section





% if ( $authNeeded ) {

%#     if (not @groupsPolicies ) {

%#      we force auth here to not force to authorize objects

%#      which dont need auth

http_access allow authorized all

%#     }

% }

% if ($allowAll) {

http_access allow all

% } else {

http_access deny all

% }





# END_TAG #



# <EBOX> TAG SNMP #

% if ( $snmpEnabled ) {

<& .snmp &>

% }



# END_TAG #



always_direct allow localhostdst



<%def .globalGroupsAccess>

<%args>

@groupsPolicies

</%args>

% return if (@groupsPolicies == 0);

%# if we use global group policies we must force always the authorization first

http_access allow authorized all

% foreach my $groupPol (@groupsPolicies) {

%   my $group = $groupPol->{'group'};

%   my $groupAcl = _aclName($group);

%   my $timeAcls = _timeAclsInPolicy($groupPol, $group);

%   my $allowPolicy = $groupPol->{'allow'};

%   if ($allowPolicy) {

http_access allow  <% $timeAcls %> <% $groupAcl %>

%    }



%   if ((not $allowPolicy) or $timeAcls ) {

#   in case of allow + time acl we have to deny otherwise

#   outsde of the time period we will slip to defualt policy

http_access deny <% $groupAcl %> all

%   }

% }

</%def>



<%def .objectGroupsAccess>

<%args>

@groupsPolicies

$object

</%args>

% foreach my $groupPol (@groupsPolicies) {

%   my $group = $groupPol->{'group'};

%   my $groupAcl = _aclName($group);

%   my $objectAcl = _aclName($object);

%   my $timeAcls = _timeAclsInPolicy($groupPol, $object, $group);

%   my $allow = $groupPol->{'allow'};

%   if ($allow) {

http_access allow <% $timeAcls %> <% $groupAcl %> <% $objectAcl %>

%    }

%  if ((not $allow) or $timeAcls ) {

#   in case of allow + time acl we have to deny otherwise

#   outsde of the time period we will slip to defualt policy

http_access deny  <% $groupAcl %> <% $objectAcl %>

%   }

% }

</%def>





<%def .objectsAccess>

<%args>

@objectsPolicies

</%args>

% foreach my $objPol (@objectsPolicies) {



%   my $object = $objPol->{'object'};

%   my $objectAcl = _aclName($object);

  <& .objectGroupsAccess,

           groupsPolicies =>  $objPol->{groupsPolicies},

           object => $object,

   &>

%   if ($objPol->{'auth'}) {

  http_access allow  <% $objectAcl %>  authorized

%   }



% if ($objPol->{'allowAll'}) {

%   my $timeAcls = _timeAclsInPolicy($objPol, $object);

http_access allow <% $objectAcl %> <% $timeAcls %>

%     if ($timeAcls) {

%     # to assure we dont slip to default configuration when we have a time acl

http_access deny <% $objectAcl %>

%     }

% } else {

http_access deny <% $objectAcl %>

%   }

% }

</%def>





<%def .groupsACLs>

<%args>

@groupsPolicies

@objectsPolicies

</%args>

<%init>

# group ACLs from group polices

my %groups = map {

        ($_ ->{group} => , $_->{users})

} @groupsPolicies;

# add group acls from object policies

foreach my $obPol (@objectsPolicies) {

  foreach my $grPol (@{ $obPol->{groupsPolicies} } ) {

      $groups{ $grPol->{group} } =  $grPol->{users};

 }

}

# escape user names

foreach my $users_r (values %groups) {

       my @users = map {

           my $user = $_;

           $user =~ s{ }{\\ }g;

           $user

       } @{ $users_r  };

    $users_r =  \@users;

}

</%init>

% while (my ($group, $users) = each %groups)  {

%   my $groupAcl = _aclName($group);

acl <% $groupAcl %> proxy_auth <% join ' ', @{ $users } %>

% }

% foreach my $groupPol (@groupsPolicies) {

     <& .timeACLs, policy => $groupPol, ids => [$groupPol->{group}] &>

% }

</%def>





<%def .localnetsACLs>

<%args>

@localnets

</%args>

acl eboxlocalnets dst <% join ' ', @localnets %>

</%def>





<%def .objectsACLs>

<%args>

@objectsPolicies

</%args>

% foreach my $objPol (@objectsPolicies) {

%   my $object = $objPol->{object};

%   my $objectAcl = _aclName($object);

acl <% $objectAcl %> src <% join ' ', @{ $objPol->{addresses} } %>

<& .timeACLs, policy => $objPol, ids => [ $object ] &>

%   foreach my $groupPol (@{ $objPol->{groupsPolicies} }) {

     <& .timeACLs, policy => $groupPol, ids => [$object, $groupPol->{group}] &>

%  }

% }

</%def>





<%def .timeACLs>

<%args>

$policy

@ids

</%args>

<%init>

my $id = join '_', @ids;

</%init>

% if ($policy->{timeDays}) {

acl <% _aclName('timeDays_' . $id) %> time <% $policy->{timeDays} %>

% }

% if ($policy->{timeHours}) {

acl <% _aclName('timeHours_' . $id) %> time <% $policy->{timeHours} %>

% }

</%def>





<%def .delayPools>

<%args>

@objectsDelayPools

</%args>

% if ( @objectsDelayPools ) {

%     my $pools = @objectsDelayPools;

delay_pools <% $pools + 1%>

delay_class 1 2

delay_parameters 1 -1/-1 -1/-1

delay_access 1 allow eboxlocalnets

% }

<%perl>

 my $id = 1;

 foreach my $objPool (@objectsDelayPools) {

     $id++;

     my $rate =  $objPool->{rate};

     if ($rate > 0) {

         $rate *= 1024;

     }

     my $size = $objPool->{size};

     if ($size > 0) {

         $size *= 1024;

     }

</%perl>

delay_class <% $id %> <% $objPool->{class} %>

%     if ( $objPool->{class} eq '1' ) {

delay_parameters <% $id %> <% $rate %>/<% $size %>

%     } elsif ( $objPool->{class} eq '2' ) {

<%perl>

     my $clt_rate =  $objPool->{clt_rate};

     if ($clt_rate > 0) {

         $clt_rate *= 1024;

     }

     my $clt_size = $objPool->{clt_size};

     if ($clt_size > 0) {

         $clt_size *= 1024;

     }

</%perl>

delay_parameters <% $id %> <% $rate %>/<% $size %> <% $clt_rate %>/<%

$clt_size %>

%     }

delay_initial_bucket_level 90

delay_access <% $id %> allow <% $objPool->{object} %>

delay_access <% $id %> deny all

% }

</%def>



<%def .snmp>

<%doc>

Define the SNMP configuration as SNMP agent

</%doc>

acl snmppublic snmp_community public

snmp_port 3401

snmp_access allow snmppublic localhost

snmp_access deny all

</%def>

 

desculpe caso fale algo erro sou pouco leigo

msoliver
(usa Debian)

Enviado em 07/06/2018 - 12:50h

Boa tarde Bitiura.
Há muitos anos não mexo com o SQUID, portanto, é difícil dar mais detalhes....
Pelo que andei lendo, você deve criar outro TEMPLATE, e pode deixar o original...
Atente-se que a configuração do FORMATO, é disponível a partir da Versão 2.6.
Não encontrei no seu squid.conf essa opção, verifique a versão do seu squid com o comando:
#squid -v
Para mais detalhes, pesquise por ""logformat+squid".

marcelo oliver

bitiura123
(usa Outra)

Enviado em 07/06/2018 - 15:08h

Marcelo Oliver
creio que a versão que estou então é possível

Squid Cache: Version 2.7.STABLE7

configure options:  '--prefix=/usr' '--exec_prefix=/usr'

'--bindir=/usr/sbin' '--sbindir=/usr/sbin'

'--libexecdir=/usr/lib/squid' '--sysconfdir=/etc/squid'

'--localstatedir=/var/spool/squid' '--datadir=/usr/share/squid'

'--enable-async-io' '--with-pthreads'

'--enable-storeio=ufs,aufs,coss,diskd,null' '--enable-linux-netfilter'

'--enable-arp-acl' '--enable-epoll'

'--enable-removal-policies=lru,heap' '--enable-snmp'

'--enable-delay-pools' '--enable-htcp' '--enable-cache-digests'

'--enable-underscores' '--enable-referer-log' '--enable-useragent-log'

'--enable-auth=basic,digest,ntlm,negotiate'

'--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-carp'

'--enable-follow-x-forwarded-for' '--with-large-files'

'--with-maxfd=65536' 'i386-debian-linux'

'build_alias=i386-debian-linux' 'host_alias=i386-debian-linux'

'target_alias=i386-debian-linux' 'CFLAGS=-Wall -g -O2'

'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS='



 

irei estudar sobre ""logformat+squid" e sobre a criação de outro TEMPLATE.
Muito obrigado pela ajuda, caso tenha novidades reporto aqui para acompanhar ou se caso saber de mais algo ficarei grato se passar .