"Fossies" - the Fresh Open Source Software Archive

Member "squidview-0.86/HOWTO" (1 Feb 2017, 8799 Bytes) of package /linux/privat/squidview-0.86.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 squidview 0.8x (c) 2001 - 2013 Graeme Sheppard - GPL software
    2 www.rillion.net/squidview
    3 
    4 --Overview
    5 
    6 Squidview is a program meant to display the squid proxy server log file in a
    7 nice fashion, providing the log file is in squid's native reporting fashion.
    8 It has features such as search, report generation, monitor mode and supports
    9 three log files.
   10 
   11 Thus, the program can be used to monitor Internet usage on a networked site.
   12 But please note squid has to be running first and this program is not a
   13 proactive resource controller. What it can do is tell you who and which sites
   14 are consuming the most bandwidth.
   15 
   16 --Using squidview
   17 
   18 Squidview shows each proxy request on one line starting with the user's name
   19 (ie the name of the user on the client machine as reported by identd or
   20 similar), flags and then the target (ie destination) of the request.
   21 
   22 Should an identd process not be running on the client, squidview can display
   23 the client IP address instead of "-", or if you are using an aliases file it
   24 can get a name from that. See Reports about this.
   25 
   26 The target bit is truncated if necessary so as to fit the information on one
   27 line. There are two methods of truncation (discussed in Reports.)
   28 
   29 Change the selected line with the cursor control keys or the number keypad.
   30 Down the bottom, on the status bar, is the time the selected request was made
   31 as well how far through the log it is (as a percentage: 0% top, 100% end).
   32 Press 'h' to get some help or 'r' for this howto file.
   33 
   34 Also on the status bar will be "Mon Pri". "Mon" means the program will update
   35 the screen if new proxy requests are made. Toggle this off by pressing 'm' if
   36 you want to remain on a selected line. "Pri" is the primary log file, to switch
   37 to another log file press the appropriate key (press 'h' for keys.)
   38 
   39 --Flags
   40 
   41 Between the user and URL columns is the flags field. For example it may be
   42 "w2Rf":
   43 
   44 'w': a word match on the URL (see Searches below)
   45 '2': bytes transferred was between 0.25MB and 1MB
   46 'R': the request was a cache refresh hit
   47 'f': part of the current focus
   48 
   49 For a bit of help about these flags select the relevant line and press 'v'.
   50 
   51 --Searching
   52 
   53 A search forward is made by the right arrow key, backwards is handled by the
   54 left arrow key. But first you need something to search for. Press 'f' to find
   55 a piece of text. Both user names and http/ftp addresses can cause a match.
   56 Request lines which match are noted by a 'w' in the flags column.
   57 
   58 Multiple search strings are possible, and are necessary when you use skips.
   59 Skips tell squidview not to match some requests, such as when the word "sex"
   60 is searched for but not when the target is on doubleclick.net (that
   61 advertisement server likes to use the word "sex" in URLs.) The following will
   62 accomplish that:
   63 
   64 !doubleclick.net
   65 sex
   66 
   67 The requests with "doubleclick.net" in them will be skipped because that piece
   68 of text is first and it is preceded with an "!". In doubleclick.net cases the
   69 flags column will have a '-' where the word match would have been.
   70 
   71 Note that text you enter with 'f' is placed at the top of the search list so
   72 it has priority. Using 'F' (capital F) will add search text to the bottom.
   73 
   74 Your search words can be saved from the search options menu, and you can do
   75 some other things there: pick up large requests and focus on a particular user.
   76 These two can be turned off when not needed.
   77 
   78 --Navigating the log file
   79 
   80 As well as jumping to the beginning or end of the log file, you can go to a
   81 certain percentage through with 'g', or to the beginning of a certain day with
   82 'j' or 'J'. Of course 'home' and 'end' work too, if you are using a remote
   83 shell and they don't, press '7' or '1' respectfully (look at your number
   84 keypad.)
   85 
   86 --User lookup
   87 
   88 On a selected line you can press 'v' to get a verbose description of it - this
   89 is actually a dump of the line to the screen. Squidview will try to match the
   90 user to those known in a file called "users", displaying that line in the file.
   91 For example the "users" file could have in it:-
   92 
   93 root system administrator
   94 
   95 The first word on each line must be the login name (with no spaces in it) and
   96 the real name.
   97 
   98 --Common options
   99 
  100 By default if no login name is available the client's IP number is displayed
  101 instead. Change this with "ip instead of null user" to get, instead, reports
  102 of bandwidth attributed to "-". The aliases file is another option here. You
  103 might specify that 192.168.0.15 be displayed as "server4". You need to enable
  104 this one because it's off by default.
  105 
  106 Keeping the filename of target also affects the main window. When on, the
  107 target URL is shifted left - but not over the domain - so that the type of
  108 file can be seen on one line. Otherwise the line is simply truncated to be
  109 displayed.
  110 
  111 --Log a report
  112 
  113 Make a text or CSV report of search hits. A few options here.
  114 
  115 You will need to specify a report file name to view the details. Otherwise you
  116 will just get a summary. Reports are placed in ~/.squidview.
  117 
  118 To start or finish the report at a particular point in the log file highlight
  119 the line in the main window, press 'l' and then either 'a' or 'b'. Press 'a'
  120 or 'b' again to toggle it.
  121 
  122 User bandwidth totals can be calculated. The options are search hits or
  123 "not veto" (which is mostly everything excluding skips mentioned above.) These
  124 are sorted so you can find the heavy internet users.
  125 
  126 Bandwidth totals will find the most popular sites for you. This can be done for
  127 one user specifically or for all users as a whole.
  128 
  129 When a word hit is detected it can be written in the report (eg "word hit
  130 action: normal text"). Text reports are good for viewing with "less"; CSV ones
  131 are intended for spreadsheets.
  132 
  133 In the case of normal text reports you may or may not want to see the request
  134 size. This information takes up a column. Splitting long lines will show the
  135 details on more than one line if need be. Then again, you may only want all
  136 "hits" to be shown on just one line.
  137 
  138 The other options are straight forward. Be a bit picky about the CSV field
  139 separator - they put just about any characters in URLs. Try a tab (yes, just
  140 press 'tab', 'enter') or "*".
  141 
  142 To get a summary report about a particular user, say "graeme", do this:
  143 - in search options focus on "graeme"
  144 - go to log a report
  145 - select "domain bandwidth totals"
  146 - select "only focus user graeme"
  147 - and press enter on the previous screen where it says go
  148 
  149 You will need to unset the above options for reports to come out normally
  150 again, and for searches (cursor <-, ->) too.
  151 
  152 --Filtered reports
  153 
  154 After making a general report it is possible to filter it for just one user.
  155 That way you don't have to rescan the log file with a focus. The downside of
  156 this is the target totals the user surfed to can't be calculated.
  157 
  158 --Tally Mode
  159 
  160 This mode tells you some statistics about each user's usage of the Web. Given
  161 any given starting point, it doesn't have to be at the begining of the log,
  162 squidview will gather the data, display it, and then keep it up to date.
  163 
  164 So from the main screen press T (capital) and let it work. Then you should
  165 get the tally screen that has the list of users down the left hand side and
  166 their statistics to the right. Most numbers are self explanatory. "Points"
  167 indicate who has used the Web a lot recently. Every web byte is counted and
  168 added to that user's number of points. Then after a certain period of time
  169 the points list is aged, eg multiplied by 0.75. This means big users will rise
  170 to the top quickly and then slowly progress further down the list if they stop
  171 surfing.
  172 
  173 Tally mode can be set to go in monitor mode. Turn that off if you need to stay
  174 selected on one user. There are other views and options mentioned in help (h).
  175 One of these toggles what to do about requests that have been denied. You may
  176 not want to see attempts by computers (often by themselves) "phoning home"
  177 regularly. If the status line shows "-d" you won't get these cluttering up your
  178 view.
  179 
  180 --One User History
  181 
  182 This mode is like the main view of the request log, just that it contains
  183 entries only by the specified user. It is useful to discover that user's
  184 recent activity, warranted for example by a spike in his/her tally points.
  185 
  186 Pressing O (capital) will bring you into this mode using as the user the one
  187 currently selected. u will switch to another user.
  188 
  189 The numbers on the status line deserve explanation. If they say:
  190 
  191 (98.32% to 100.00%) 90.90%
  192 
  193 it means that request entries have been found and stored in memory for that
  194 user from 98.32% of the way through the log to the end of it (100%.) By
  195 scrolling up you can progress further and further backward through the log
  196 file.
  197 
  198 The 90.90% indicates the selected line is that far down the request entries
  199 in memory. For your information the request lines aren't actually in memory -
  200 just their positions in the log file are.