Re: Squid Logs - HELP

[Michael Rice <michael () riceclan org>]

I can't tell you much about the default install of squid on rh8,
but I may be able to help you find your logs.

locate squid.conf 
# this will tell you one or more filenames -- pick the one
# that is most likely to actually control your squid logs
# and use that below, mine is /etc/squid/squid.conf

grep cache_access_log /etc/squid/squid.conf
#  TAG: cache_access_log
# cache_access_log /var/log/squid/access.log

# because it is commented out it is likely the default value. 
# looking at that directory on my filesystem I can see my 
# access.log is actually present.

egrep squid /etc/logrotate.d/*
# this gives me several lines of output, but the important
# thing is the name of the file that my squid logs are configured
# in:  /etc/logrotate.d/squid
cat /etc/logrotate.d/squid
/var/log/squid/access.log {
    weekly
    rotate 5
    copytruncate
    compress
    notifempty
    missingok
}
[...]

# reading this, my access log is rotated, compressed, and truncated
# every week, and I keep at most 5 rotated logs (6 weeks of logs is
# all that I have).

To verify, find the log with the highest revision number (which should
be your oldest log).

zcat access.log.5.gz  | head -1

Look at the timestamp on that log entry.  If the entries you want are
before that date, they've already rolled off.

Hope that helps.  Good luck.

On Fri, 2004-07-23 at 12:59, George Lantz wrote:
> I hope someone can help me. I am using the default installation of squid
> on an old Red Hat 8.0 box. I have to find really old log files from
> about 2-3 years ago. It is VERY important that I find these.
> Unfortunately for me, they are on log rotation and I think they may have
> been overwritten. Is there any to find really old log entries? I hope
> there is some way to find these. I know I am SOL. But if any list can
> think of something it is this one. Any help or suggestions would be
> greatly, greatly appreciated.
>
> Also, I did uncompress these logs and viewed them in a text editor.
> Maybe there is a way to find the files that way?
>
>
> Thanks, guys (and gals)
> -George-
>
>
>
>
> ---------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
> any course! All of our class sizes are guaranteed to be 10 students or less 
> to facilitate one-on-one interaction with one of our expert instructors. 
> Attend a course taught by an expert instructor with years of in-the-field 
> pen testing experience in our state of the art hacking lab. Master the skills 
> of an Ethical Hacker to better assess the security of your organization. 
> Visit us at: 
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------------
-- 
Michael Rice <michael () riceclan org>


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------