Re: SQUID LOG
On Fri, Oct 04, 2002 at 08:53:26AM +0200, ?ngel Carrasco wrote:
> Yeah, but this option runs good, but sarg only sends a list de users.
> But I need a list the webs visited by user.
unless you're using proxy authentication, squid does not log by user, it
logs by client IP address.
if you enable squid proxy authentication, or if the client IP address
can be traced to a specific user (e.g. you have static IP addresses for
each client on your LAN, or dhcp assigns the same IP to the same MAC
address each time) then you can track each request back to a notional
user - i say notional because sometimes people use someone else's
users with a bit of a clue can even wait until they know another user
has switched off their workstation and then assign the same IP address
to their own workstation - browsing the web with all logging being
recorded against the IP address belonging to the other user.
similarly, password security is sloppy in many offices (because most
users absolutely refuse to believe that securing their password is at
all important), with people sharing logins/passwords or writing their
password on sticky notes and attaching it to their monitor.
even if you manage to solve all the problems noted above(*), and
write/modify a script to email reports to your boss, your boss will
receive reports that are many megabytes in size. almost certainly he
will not bother to read them. even if he does bother, it sounds like he
will not bother learning how to interpret what he is reading, so there
is no point.
(*) the easiest way is to just lie and pretend that these issues are not
a problem. this is what most log analyser programs do. the fact is
that both web and proxy logs are useful only for telling you how much
load the server is under. anything else is just guesswork, which is OK
if you understand that it's guesswork, but dangerous if you believe that
it's "the truth".
craig sanders <firstname.lastname@example.org>
Fabricati Diem, PVNC.
-- motto of the Ankh-Morpork City Watch