"Fossies" - the Fresh Open Source Software Archive
Member "squidview-0.86/HOWTO" (1 Feb 2017, 8799 Bytes) of package /linux/privat/squidview-0.86.tar.gz:
As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard
) with prefixed line numbers.
Alternatively you can here view
the uninterpreted source code file.
1 squidview 0.8x (c) 2001 - 2013 Graeme Sheppard - GPL software
6 Squidview is a program meant to display the squid proxy server log file in a
7 nice fashion, providing the log file is in squid's native reporting fashion.
8 It has features such as search, report generation, monitor mode and supports
9 three log files.
11 Thus, the program can be used to monitor Internet usage on a networked site.
12 But please note squid has to be running first and this program is not a
13 proactive resource controller. What it can do is tell you who and which sites
14 are consuming the most bandwidth.
16 --Using squidview
18 Squidview shows each proxy request on one line starting with the user's name
19 (ie the name of the user on the client machine as reported by identd or
20 similar), flags and then the target (ie destination) of the request.
22 Should an identd process not be running on the client, squidview can display
23 the client IP address instead of "-", or if you are using an aliases file it
24 can get a name from that. See Reports about this.
26 The target bit is truncated if necessary so as to fit the information on one
27 line. There are two methods of truncation (discussed in Reports.)
29 Change the selected line with the cursor control keys or the number keypad.
30 Down the bottom, on the status bar, is the time the selected request was made
31 as well how far through the log it is (as a percentage: 0% top, 100% end).
32 Press 'h' to get some help or 'r' for this howto file.
34 Also on the status bar will be "Mon Pri". "Mon" means the program will update
35 the screen if new proxy requests are made. Toggle this off by pressing 'm' if
36 you want to remain on a selected line. "Pri" is the primary log file, to switch
37 to another log file press the appropriate key (press 'h' for keys.)
41 Between the user and URL columns is the flags field. For example it may be
44 'w': a word match on the URL (see Searches below)
45 '2': bytes transferred was between 0.25MB and 1MB
46 'R': the request was a cache refresh hit
47 'f': part of the current focus
49 For a bit of help about these flags select the relevant line and press 'v'.
53 A search forward is made by the right arrow key, backwards is handled by the
54 left arrow key. But first you need something to search for. Press 'f' to find
55 a piece of text. Both user names and http/ftp addresses can cause a match.
56 Request lines which match are noted by a 'w' in the flags column.
58 Multiple search strings are possible, and are necessary when you use skips.
59 Skips tell squidview not to match some requests, such as when the word "sex"
60 is searched for but not when the target is on doubleclick.net (that
61 advertisement server likes to use the word "sex" in URLs.) The following will
62 accomplish that:
67 The requests with "doubleclick.net" in them will be skipped because that piece
68 of text is first and it is preceded with an "!". In doubleclick.net cases the
69 flags column will have a '-' where the word match would have been.
71 Note that text you enter with 'f' is placed at the top of the search list so
72 it has priority. Using 'F' (capital F) will add search text to the bottom.
74 Your search words can be saved from the search options menu, and you can do
75 some other things there: pick up large requests and focus on a particular user.
76 These two can be turned off when not needed.
78 --Navigating the log file
80 As well as jumping to the beginning or end of the log file, you can go to a
81 certain percentage through with 'g', or to the beginning of a certain day with
82 'j' or 'J'. Of course 'home' and 'end' work too, if you are using a remote
83 shell and they don't, press '7' or '1' respectfully (look at your number
86 --User lookup
88 On a selected line you can press 'v' to get a verbose description of it - this
89 is actually a dump of the line to the screen. Squidview will try to match the
90 user to those known in a file called "users", displaying that line in the file.
91 For example the "users" file could have in it:-
93 root system administrator
95 The first word on each line must be the login name (with no spaces in it) and
96 the real name.
98 --Common options
100 By default if no login name is available the client's IP number is displayed
101 instead. Change this with "ip instead of null user" to get, instead, reports
102 of bandwidth attributed to "-". The aliases file is another option here. You
103 might specify that 192.168.0.15 be displayed as "server4". You need to enable
104 this one because it's off by default.
106 Keeping the filename of target also affects the main window. When on, the
107 target URL is shifted left - but not over the domain - so that the type of
108 file can be seen on one line. Otherwise the line is simply truncated to be
111 --Log a report
113 Make a text or CSV report of search hits. A few options here.
115 You will need to specify a report file name to view the details. Otherwise you
116 will just get a summary. Reports are placed in ~/.squidview.
118 To start or finish the report at a particular point in the log file highlight
119 the line in the main window, press 'l' and then either 'a' or 'b'. Press 'a'
120 or 'b' again to toggle it.
122 User bandwidth totals can be calculated. The options are search hits or
123 "not veto" (which is mostly everything excluding skips mentioned above.) These
124 are sorted so you can find the heavy internet users.
126 Bandwidth totals will find the most popular sites for you. This can be done for
127 one user specifically or for all users as a whole.
129 When a word hit is detected it can be written in the report (eg "word hit
130 action: normal text"). Text reports are good for viewing with "less"; CSV ones
131 are intended for spreadsheets.
133 In the case of normal text reports you may or may not want to see the request
134 size. This information takes up a column. Splitting long lines will show the
135 details on more than one line if need be. Then again, you may only want all
136 "hits" to be shown on just one line.
138 The other options are straight forward. Be a bit picky about the CSV field
139 separator - they put just about any characters in URLs. Try a tab (yes, just
140 press 'tab', 'enter') or "*".
142 To get a summary report about a particular user, say "graeme", do this:
143 - in search options focus on "graeme"
144 - go to log a report
145 - select "domain bandwidth totals"
146 - select "only focus user graeme"
147 - and press enter on the previous screen where it says go
149 You will need to unset the above options for reports to come out normally
150 again, and for searches (cursor <-, ->) too.
152 --Filtered reports
154 After making a general report it is possible to filter it for just one user.
155 That way you don't have to rescan the log file with a focus. The downside of
156 this is the target totals the user surfed to can't be calculated.
158 --Tally Mode
160 This mode tells you some statistics about each user's usage of the Web. Given
161 any given starting point, it doesn't have to be at the begining of the log,
162 squidview will gather the data, display it, and then keep it up to date.
164 So from the main screen press T (capital) and let it work. Then you should
165 get the tally screen that has the list of users down the left hand side and
166 their statistics to the right. Most numbers are self explanatory. "Points"
167 indicate who has used the Web a lot recently. Every web byte is counted and
168 added to that user's number of points. Then after a certain period of time
169 the points list is aged, eg multiplied by 0.75. This means big users will rise
170 to the top quickly and then slowly progress further down the list if they stop
173 Tally mode can be set to go in monitor mode. Turn that off if you need to stay
174 selected on one user. There are other views and options mentioned in help (h).
175 One of these toggles what to do about requests that have been denied. You may
176 not want to see attempts by computers (often by themselves) "phoning home"
177 regularly. If the status line shows "-d" you won't get these cluttering up your
180 --One User History
182 This mode is like the main view of the request log, just that it contains
183 entries only by the specified user. It is useful to discover that user's
184 recent activity, warranted for example by a spike in his/her tally points.
186 Pressing O (capital) will bring you into this mode using as the user the one
187 currently selected. u will switch to another user.
189 The numbers on the status line deserve explanation. If they say:
191 (98.32% to 100.00%) 90.90%
193 it means that request entries have been found and stored in memory for that
194 user from 98.32% of the way through the log to the end of it (100%.) By
195 scrolling up you can progress further and further backward through the log
198 The 90.90% indicates the selected line is that far down the request entries
199 in memory. For your information the request lines aren't actually in memory -
200 just their positions in the log file are.