How to read date time in Squid accsess.log?

Logo Squid adalah milik squid-cache.org Bagaimana ya caranya mengubah format access log kedalam format yang lebih manusiawi? Sering kali kita pengen mengakses langsung  access.log Squid dari console. Tapi, dengan mengakses langsung ke file access.log dari console salah satu kendala utamanya adalah time format Unix yang digunakan oleh Squid.

Kira-kira begini lah contohnya:

[root@squid etc]# tail /var/log/squid/access.log
1243577090.172    151 10.11.12.13 TCP_IMS_HIT/304 367 GET http://openx.detik.com/images/607x75_5.swf - NONE/- application/x-shockwave-flash
1243577090.172    359 10.11.12.13 TCP_MISS/200 603 GET http://openx.detik.com/delivery/lg.php? - DIRECT/203.190.241.40 image/gif
1243577090.394    373 10.11.12.13 TCP_MISS/403 314 HEAD http://kompas.realviewusa.com/djvu/Kompas/Kompas/26-Jan-1374/webimages/page0000001_large.jpg - DIRECT/210.87.32.80 text/html
1243577090.802    317 10.11.12.13 TCP_MISS/403 314 HEAD http://kompas.realviewusa.com/djvu/Kompas/Kompas/25-Jan-1374/webimages/page0000001_large.jpg - DIRECT/210.87.32.80 text/html
1243577091.021   2491 10.11.12.13 TCP_MISS/200 6622 GET http://platform.ak.facebook.com/www.new/app_full_proxy.php? - DIRECT/219.83.126.9 image/jpeg
1243577091.021   3429 10.11.12.13 TCP_MISS/200 5012 GET http://photos-a.ak.fbcdn.net/hphotos-ak-snc1/hs030.snc1/4295_86506658804_615283804_1787304_5512203_s.jpg - DIRECT/92.122.127.73 image/jpeg
1243577091.021   3335 10.11.12.13 TCP_MISS/200 5294 GET http://photos-e.ak.fbcdn.net/hphotos-ak-snc1/hs030.snc1/4295_86506693804_615283804_1787308_1939240_s.jpg - DIRECT/92.122.127.73 image/jpeg
1243577091.021   1658 10.11.12.13 TCP_MISS/200 3165 GET http://profile.ak.facebook.com/v228/1596/105/q1441083467_3141.jpg - DIRECT/219.83.126.10 image/jpeg
1243577091.021   1208 10.11.12.13 TCP_MISS/200 2302 GET http://profile.ak.facebook.com/v226/372/6/q1432774955_8436.jpg - DIRECT/219.83.126.8 image/jpeg
1243577091.201    319 10.11.12.13 TCP_MISS/403 314 HEAD http://kompas.realviewusa.com/djvu/Kompas/Kompas/24-Jan-1374/webimages/page0000001_large.jpg - DIRECT/210.87.32.80 text/html
[root@squid etc]#

Memang, langsung membuka access.log (via console) bagi sebagian orang lebih menyenangkan. Tapi gimana membaca tanggal dan waktunya? Nah, Googling sejenak langsung ketemu lah solusinya! *trus ngapain susah2 posting disini sih 😛*

Ketik saja perintah berikut:

[root@squid etc]# perl -pe 's/[\d\.]+/localtime($&)/e' /var/log/squid/access.log

Hasilnya bisa langsung dilihat, kolom waktu sudah menggunakan format yang human readable:

Sun May 24 04:28:17 2009    682 10.11.12.13 TCP_MISS/200 666 POST http://www.flickr.com/services/xmlrpc/ - DIRECT/68.142.214.24 text/xml
Sun May 24 04:29:18 2009 241593 10.11.12.13 TCP_MISS/200 653 GET http://mail.google.com/mail/channel/bind? - DIRECT/74.125.153.17 text/plain
Sun May 24 04:30:17 2009    652 10.11.12.13 TCP_MISS/200 666 POST http://www.flickr.com/services/xmlrpc/ - DIRECT/68.142.214.24 text/xml
Sun May 24 04:30:40 2009    790 10.11.12.13 TCP_MISS/200 7290 POST http://mail.google.com/mail/? - DIRECT/74.125.153.83 text/javascript
Sun May 24 04:31:56 2009    610 10.11.12.13 TCP_MISS/200 649 POST http://safebrowsing.clients.google.com/safebrowsing/downloads? - DIRECT/74.125.153.102 application/vnd.google.safebrowsing-update
Sun May 24 04:32:17 2009    676 10.11.12.13 TCP_MISS/200 666 POST http://www.flickr.com/services/xmlrpc/ - DIRECT/68.142.214.24 text/xml
Sun May 24 04:32:57 2009    586 10.11.12.13 TCP_MISS/200 758 GET http://static.cache.l.google.com/safebrowsing/rd/goog-phish-shavar_a_57031-57035.57031-57035.: - DIRECT/208.117.252.153 application/vnd.google.safebrowsing-chunk
Sun May 24 04:32:57 2009    408 10.11.12.13 TCP_MISS/200 442 GET http://static.cache.l.google.com/safebrowsing/rd/goog-phish-shavar_a_57036-57040.57036.57037-57040: - DIRECT/208.117.252.153 application/vnd.google.safebrowsing-chunk

Perintah ini nggak akan mengubah file asli access.log. Isi dan format waktu didalam file access.log tetap seperti aslinya. Jadi misal di lain waktu pengen membuka log-nya lagi, tetep harus menggunakan perintah yang sama. Repot? nggak lah! bikin aja -nya. Maksudnya begini, misalkan kita pengin pake perintah “vsquid” (tanpa tanda petik pastinya) untuk membaca access.log squid, langkahnya:

Buka file .

[root@squid etc]# vim /etc/bashrc

Tambahkan sintaks berikut di baris paling bawah

#TAMBAHAN BUAT BUKA LOG SQUID
alias vsquid="perl -pe 's/[\d\.]+/localtime($&)/e' /var/log/squid/access.log"

Simpan dan keluar dari vim, reload bash

[root@squid etc]# bash

Selesai deh, tinggal test membuka access.log menggunakan alias yang baru aja dibuat

[root@squid etc]# vsquid | grep "May 24"
Sun May 24 04:28:17 2009    682 10.11.12.13 TCP_MISS/200 666 POST http://www.flickr.com/services/xmlrpc/ - DIRECT/68.142.214.24 text/xml
Sun May 24 04:29:18 2009 241593 10.11.12.13 TCP_MISS/200 653 GET http://mail.google.com/mail/channel/bind? - DIRECT/74.125.153.17 text/plain
Sun May 24 04:30:17 2009    652 10.11.12.13 TCP_MISS/200 666 POST http://www.flickr.com/services/xmlrpc/ - DIRECT/68.142.214.24 text/xml
Sun May 24 04:30:40 2009    790 10.11.12.13 TCP_MISS/200 7290 POST http://mail.google.com/mail/? - DIRECT/74.125.153.83 text/javascript
Sun May 24 04:31:56 2009    610 10.11.12.13 TCP_MISS/200 649 POST http://safebrowsing.clients.google.com/safebrowsing/downloads? - DIRECT/74.125.153.102 application/vnd.google.safebrowsing-update
Sun May 24 04:32:17 2009    676 10.11.12.13 TCP_MISS/200 666 POST http://www.flickr.com/services/xmlrpc/ - DIRECT/68.142.214.24 text/xml
Sun May 24 04:32:57 2009    586 10.11.12.13 TCP_MISS/200 758 GET http://static.cache.l.google.com/safebrowsing/rd/goog-phish-shavar_a_57031-57035.57031-57035.: - DIRECT/208.117.252.153 application/vnd.google.safebrowsing-chunk
Sun May 24 04:32:57 2009    408 10.11.12.13 TCP_MISS/200 442 GET http://static.cache.l.google.com/safebrowsing/rd/goog-phish-shavar_a_57036-57040.57036.57037-57040: - DIRECT/208.117.252.153 application/vnd.google.safebrowsing-chunk
Sun May 24 04:32:59 2009 220349 10.11.12.13 TCP_MISS/200 705 GET http://mail.google.com/mail/channel/bind? - DIRECT/74.125.153.19 text/plain
Sun May 24 04:34:17 2009    659 10.11.12.13 TCP_MISS/200 666 POST http://www.flickr.com/services/xmlrpc/ - DIRECT/68.142.214.24 text/xml
Sun May 24 04:35:19 2009    324 10.11.12.13 TCP_MISS/200 655 POST http://safebrowsing.clients.google.com/safebrowsing/downloads? - DIRECT/74.125.153.101 application/vnd.google.safebrowsing-update
Sun May 24 04:35:19 2009    601 10.11.12.13 TCP_MISS/200 758 GET http://static.cache.l.google.com/safebrowsing/rd/goog-phish-shavar_a_57031-57035.57031-57035.: - DIRECT/208.117.252.165 application/vnd.google.safebrowsing-chunk
Sun May 24 04:35:20 2009    354 10.11.12.13 TCP_MISS/200 510 GET http://static.cache.l.google.com/safebrowsing/rd/goog-phish-shavar_a_57036-57040.57036-57037.57038-57040: - DIRECT/208.117.252.165 application/vnd.google.safebrowsing-chunk

Semoga bermanfaat, bikin hidup leee..bih hidup 🙂

5 thoughts on “How to read date time in Squid accsess.log?”

  1. great issues altogether, you just received a new reader.
    What would you recommend about your publish that you simply made
    a few days in the past? Any sure?

  2. Everything is very open with a really clear clarification of the challenges.
    It was truly informative. Your site is very helpful.
    Thanks for sharing!

  3. An outstanding share! I have just forwarded this onto a colleague who was
    conducting a little homework on this. And he actually bought me lunch because
    I found it for him… lol. So allow me to reword this….
    Thanks for the meal!! But yeah, thanks for spending time to discuss this subject
    here on your web site.

Leave a Reply

Your email address will not be published. Required fields are marked *