Good morning everyone,
First things first, thank you for any help you can provide. I'm very new
to squid, in fact only been working with it for about 2 1/2 - 3 weeks. So
please bear with me. I did not install squid, so I'm coming in on the
back end. The individual that did install it is unreachable for
consultation.
I am trying to figure out why my weekly reports with squint are not
populating since March. The only weekly reports are from 16-20 MAR and
back. We are currently running squid 3.0 STABLE 13 and squidGuard 1.3 on
a SuSE 10 box. I have pasted the squint.cron.sh below. I have looked
over the script, however, can't find exactly where it is pulling the
incorrect dates for the weekly reports. I am obviously missing something
here. So, any insight would be greatly appreciated.
Here are some apparent changes to what is the default:
Log files are stored in /srv/www/htdocs/squint/all
LOGDIR is /media/squidlogs
Squint logs are stored in /srv/www/htdocs/squint/squint.log
If there is any other information you need, just let me know.
Again, thank you in advance!
Sincerely,
B. Lee Higginbotham
Computer Systems Analyst - Contractor
Office Phone: 859-566-4705
#!/bin/bash
# squint.cron.sh -- Quick and DIRTY squid log analysis
#
# Assemble squid logs, and send through squint.pl. This script gets run
on a
# regular basis. It will install itself in crontab if you give it a
chance.
#
# Copyright (c) 2001-2002 Andrew McGill and Leading Edge Business
Solutions
# (South Africa). This software may be redistributed and/or modified only
# under the terms of the GNU General Public Licence, version 2, as
published by
# the Free Software Foundation, and contained in the file COPYING.
#
# All other rights are reserved, and no warranty is implied. Despite any
# appearance to the contrary, this software is not fit for ANY purpose you
may
# conceive, and should not be used on your system under any circumstances.
REVISION='$Id: squint.cron.sh,v 1.26 2005/09/30 10:06:40 andrewm Exp $'
SHORTREVISION="${REVISION/*,v }"
SHORTREVISION="${SHORTREVISION/ *}"
# You can override automatic 'detection' by editing this, or by setting
# an environmnet variable:
# BASEDIR="/usr/local/httpd/htdocs/squint"
LOGDIR="/media/squidlogs"
SQUINT="${SQUINT:=nice /usr/local/bin/squint.pl}"
# If you run setuphtaccess
HTTPDCONF=/etc/httpd/httpd.conf
# Irix doesn't have -maxdepth 1 on find, so we'll work around it
FINDOPTS="-maxdepth 1"
find /dev/null $FINDOPTS >& /dev/null | FINDOPTS=
# Find a nice place to put the output - semi-automatic nonsense that is
bound
# to fail sooner or later. If you don't like this, you can change BASEDIR
and
# LOGDIR above
[ "$BASEDIR" ] ||
for DIR in \
/var/www \
/usr/local/httpd/htdocs \
/var/www/htdocs \
/var/www/html \
/srv/www/htdocs \
/var/www/htdocs \
; do
if [ -d $DIR ] ; then BASEDIR=$DIR/squint ; fi
done
[ "$LOGDIR" ] ||
for DIR in \
/var/squid/logs \
/var/log/squid \
/usr/local/squid/var/logs \
; do
if [ -d $DIR ] ; then LOGDIR=$DIR; fi
done
[ "$BASEDIR" ] || { echo 1>&2 "Please set BASEDIR in $0"; exit 1; }
[ "$LOGDIR" ] || { echo 1>&2 "Please set LOGDIR in $0"; exit 1; }
umask 002
# If we are not on a tty, then log to file
tty -s || {
exec >& $BASEDIR/squint.log
date
trap "date" EXIT
}
# Print a header
function htmlheader()
{
HEADING="$1"
echo "<HTML>
<HEAD>
<TITLE>$HEADING</TITLE>
</HEAD>
<BODY>
<H1>$HEADING</H1>";
}
function htmlfooter()
{
echo "<HR><FONT size=-4>Generated by <a
href=http://www.ledge.co.za/software/squint/>squint</a> at `date`
by $HOSTNAME<br>$REVISION<br> </FONT></BODY></HTML>";
}
function checkcrontab()
{
# install CRONTAB if crontab is writable
CRONTAB="/etc/crontab"
[ -w $CRONTAB ] || return
grep -q "squint" $CRONTAB ||
echo "# squint squid reports
# Weekly, on Mondays
00 01 * * Monday root /usr/local/bin/squint.cron.sh weekly
# Monthly, on the first day of the month
00 02 1 * * root /usr/local/bin/squint.cron.sh monthly
# Daily at 3am
00 03 * * * root /usr/local/bin/squint.cron.sh daily" >> $CRONTAB &&
killall -1 cron crond 2>/dev/null
}
# Create index.html file
function doupdateindex()
{
mkdir -p $REPORTDIR
# write the index.html file
{
htmlheader "Squint reports";
if [ -f $REPORTDIR/daily/range.txt ] ; then
echo "<H2>Daily report</H2>"
echo "<A href=daily/index.html>Daily (`cat
$REPORTDIR/daily/range.txt`)</A><BR>";
fi
echo "<H2>Weekly reports</H2>";
for NUM in 0 1 2 3 4 5 6 ; do # some bash versions dislike 'for
((a=0;a<7;a++))..'
if [ -f $REPORTDIR/weekly$NUM/range.txt ] ; then
echo "<A href=weekly$NUM/index.html>`cat
$REPORTDIR/weekly$NUM/range.txt`</A><BR>"
fi
done
echo "<H2>Monthly reports</H2>";
for NUM in 0 1 2 3 4 5 6 ; do
if [ -f $REPORTDIR/monthly$NUM/range.txt ] ; then
echo "<A href=monthly$NUM/index.html>`cat
$REPORTDIR/monthly$NUM/range.txt`</A><BR>"
fi
done
htmlfooter
} > $REPORTDIR/index.html
checkcrontab
} # end of doupdateindex function
# Find the access logs, and concatenate them to stdout in the right order
# (ie. in the order in which the events happened)
function cataccesslogs()
{
find $LOGDIR $FINDOPTS -name "access.log*" -mtime -$DAYS |
xargs ls -tr /dev/null |
while read LOGFILE ; do
[ -r "$LOGFILE" ] &&
case "$LOGFILE" in
*.gz) zcat "$LOGFILE" ;;
*.bz2) bzcat "$LOGFILE" ;;
*) cat "$LOGFILE" ;;
esac
done
}
function doreport()
{
# doreport DESTINATION FROMTIME-WHEN
DAYS="$1"
FROMTIME="$2"
TOTIME="$3"
DESTDIR="$REPORTDIR/$4"
STARTTIME=`date +%s -d "$FROMTIME"`
ENDTIME=`date +%s -d "$TOTIME"`
echo "Generating report to $DESTDIR from" \
"`date +%Y%m%d -d "$FROMTIME"`" "to" \
"`date +%Y%m%d -d "$TOTIME"`"
[ -d $DESTDIR ] && rm -r $DESTDIR
mkdir -p $DESTDIR
# Unzip files before use ...
# find $LOGDIR $FINDOPTS -name "access.log-*.gz" -mtime -$DAYS
-exec gunzip {} \;
cataccesslogs | $SQUINT $EXCLUDEOPTIONS $DESTDIR $STARTTIME
$ENDTIME $USERLIST
doupdateindex
}
# Rotate the logs in the directory
function rotatereports()
{
mkdir -p $REPORTDIR
TYPE="$1" # daily / weekly
rm -r $REPORTDIR/${TYPE}6
mv 2>/dev/null -f $REPORTDIR/${TYPE}5 $REPORTDIR/${TYPE}6
mv 2>/dev/null -f $REPORTDIR/${TYPE}4 $REPORTDIR/${TYPE}5
mv 2>/dev/null -f $REPORTDIR/${TYPE}3 $REPORTDIR/${TYPE}4
mv 2>/dev/null -f $REPORTDIR/${TYPE}2 $REPORTDIR/${TYPE}3
mv 2>/dev/null -f $REPORTDIR/${TYPE}1 $REPORTDIR/${TYPE}2
mv 2>/dev/null -f $REPORTDIR/${TYPE}0 $REPORTDIR/${TYPE}1
}
function setuphtaccess()
{
if [ -w $HTTPDCONF ] ; then
grep -q "Added by squint" $HTTPDCONF || echo "
# --squint begin--
# Added by squint - allow .htaccess files in $BASEDIR
<Directory $BASEDIR>
AllowOverride AuthConfig Limit
</Directory>
# --squint end--
" >> $HTTPDCONF
else
echo 1>&2 "$HTTPDCONF not modified ... it's not there"
fi
DIRNAME=`cd $REPORTDIR; pwd -P`
AUTHUSERFILE="$DIRNAME/.htpasswd"
touch "$AUTHUSERFILE"
echo "AuthUserFile $AUTHUSERFILE
AuthGroupFile /dev/null
AuthName \"Squint files for `basename $DIRNAME`\"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>
" > "$REPORTDIR/.htaccess"
echo 1>&2 ".htaccess in $DIRNAME"
}
# Update the list of groups
function updategrouplist()
{
{
htmlheader "Squint reports - report list"
echo "<a href=all/index.html>Reports for all users</a><br>"
if [ -d "$LISTDIR" ] ; then
for LISTFILE in `ls "$LISTDIR" ` ; do
[ "$LISTFILE" = "all" ] && continue
HREF="$LISTFILE/index.html"
DESC=$LISTFILE
[ -f $LISTFILE/desc.txt ] && DESC="`cat
$LISTFILE/desc.txt`"
echo "<a href=$HREF>$DESC</a><br>"
done
fi
htmlfooter
} > $BASEDIR/index.html
}
function doreporting()
{
MONTH="`date '+%Y%m01'`"
case "$1" in
htaccess)
setuphtaccess;
;;
doupdateindex)
doupdateindex
;;
regen)
for report in daily weekly0 weekly1 weekly2 weekly3
weekly4 weekly5 weekly6 monthly0 monthly1 monthly2 monthly3 monthly4
monthly5 monthly6 ; do
doreporting $report
done
;;
grep)
if [ "$3" ] ; then
DAYS=365 # 1 year
cataccesslogs | egrep "$2" | $SQUINT $3
else
echo "Usage: $0 grep '\<192\.168\.12\.13\>'"
fi
# Do it once only ...
exit 0
;;
daily)
# week-so-far report
doreport 7 "last monday" "now" daily
;;
weekly0) doreport 15 "last monday 1 weeks ago" "last monday 0
weeks ago" weekly0 ;;
weekly1) doreport 21 "last monday 2 weeks ago" "last monday 1
weeks ago" weekly1 ;;
weekly2) doreport 28 "last monday 3 weeks ago" "last monday 2
weeks ago" weekly2 ;;
weekly3) doreport 35 "last monday 4 weeks ago" "last monday 3
weeks ago" weekly3 ;;
weekly4) doreport 42 "last monday 5 weeks ago" "last monday 4
weeks ago" weekly4 ;;
weekly5) doreport 49 "last monday 6 weeks ago" "last monday 5
weeks ago" weekly5 ;;
weekly6) doreport 56 "last monday 7 weeks ago" "last monday 6
weeks ago" weekly6 ;;
weekly) # called on the first day of the week
rotatereports weekly
doreport 8 "1 week ago 00:00" "00:00" weekly0
;;
monthly0) doreport 62 "$MONTH 1 month ago" "$MONTH 0 month ago"
monthly0 ;;
monthly1) doreport 93 "$MONTH 2 month ago" "$MONTH 1 month ago"
monthly1 ;;
monthly2) doreport 114 "$MONTH 3 month ago" "$MONTH 2 month ago"
monthly2 ;;
monthly3) doreport 144 "$MONTH 4 month ago" "$MONTH 3 month ago"
monthly3 ;;
monthly4) doreport 175 "$MONTH 5 month ago" "$MONTH 4 month ago"
monthly4 ;;
monthly5) doreport 205 "$MONTH 6 month ago" "$MONTH 5 month ago"
monthly5 ;;
monthly6) doreport 236 "$MONTH 7 month ago" "$MONTH 6 month ago"
monthly6 ;;
monthly) # called on the first day of the month
rotatereports monthly
doreport 32 "$MONTH 1 month ago" "$MONTH 0 month ago"
monthly0
;;
init)
doupdateindex
;;
all)
doreporting daily
doreporting weekly
doreporting monthly
;;
htpasswd)
echo -ne "User name for $REPORTDIR/.htpasswd: "
read USER
[ $USER ] && htpasswd $REPORTDIR/.htpasswd $USER
;;
*)
echo "squint.cron.sh rev $SHORTREVISION (usually) run from
cron"
echo ""
echo "Usage: $0 command"
echo ""
echo "Commands:"
echo " daily Update the daily report"
echo " weekly Create the weekly report and archive
previous"
echo " monthly Create the monthly report and archive
previous"
echo " htaccess Access control: make
$REPORTDIR/.htaccess and"
echo " modify/mangle $HTTPDCONF"
echo " htpasswd Update $REPORTDIR/.htpasswd"
echo " regen Recreate all reports (may take
hours)"
echo " weekly[0-6] Recreate specific weekly report"
echo " monthly[0-6] Recreate specific monthly report"
echo ""
echo "Find-an offender command"
echo " grep '\<192\.168\.12\.13\>' report-directory"
echo ""
echo "Input is read from LOGDIR=$LOGDIR"
echo "Output is written to BASEDIR=$BASEDIR"
exit 1 # Avoid repeated usage reports
;;
esac
}
# If there is a file called excludelist in the reports directory,
# then it is used for exclusions
EXCLUDEFILE=$BASEDIR/excludelist
if [ -f $EXCLUDEFILE ] ; then
EXCLUDEOPTIONS="--exclude $EXCLUDEFILE"
else
EXCLUDEOPTIONS=""
fi
# If there is a dir called list/ in the reports directory, then it is used
...
LISTDIR=$BASEDIR/lists
if [ -d "$LISTDIR" ] ; then
for LISTFILE in `ls "$LISTDIR" ` ; do
[ -f "$LISTDIR/$LISTFILE" ] || continue
[ $LISTFILE = excludelist ] && continue
USERLIST="$LISTDIR/$LISTFILE"
REPORTDIR="$BASEDIR/$LISTFILE"
doreporting "$@"
done
fi
if [ ! -e "$LISTDIR/all" ] ; then
# List for all $BASEDIR/all/
USERLIST=""
REPORTDIR="$BASEDIR/all"
doreporting "$@"
fi
updategrouplist
exit 0
