convert LAN IP address to Host Name when I give cmd tail -f /var/log/squid/access.log

rs15 · 08-18-2007, 07:05 AM

I am using Fedora 4. I have configured squid as a proxy server for my official LAN. When I monitor the log I want the local IP's hostname when it sends http request to proxy server.How can I convert LAN IP address to Host Name when I give command
tail -f /var/log/squid/access.log?

rtg · 08-19-2007, 02:40 AM

Code:

#!/usr/bin/perl

use strict;
use IO::File;
use Fcntl qw(:seek);
use Socket;

my $fh = IO::File->new('/var/log/squid/access.log');

my $line;
while(1) {
    $fh->seek(0,1); 
    $line = $fh->getline();
    if ($line) {
        chomp $line;
        my (@fields) = split(' ', $line); 
        my $addr = $fields[2];
        my $name = gethostbyaddr(inet_aton($addr), AF_INET);
        if ($name) {
            $fields[2] = $name;
        }
        print join(' ', @fields), "\n";
    }
}

simple tail -f in perl with resolver requests

Have fun

rtg · 08-19-2007, 02:46 AM

Code:

use strict;
use IO::File;
use Fcntl qw(:seek);
use Socket;

my $fh = IO::File->new('/var/log/squid/access.log');

my $line;
while(1) {
    $fh->seek(0,1); 
    $line = $fh->getline();
    if ($line) {
        chomp $line;
        my (@fields) = split(' ', $line); 
        my $addr = $fields[2];
        my $name = gethostbyaddr(inet_aton($addr), AF_INET);
        if ($name) {
            $fields[2] = $name;
        }
        print join(' ', @fields), "\n";
    } 
    else {  
        sleep 1;
    }
}

I've added sleep call because the previous version eats 100% CPU

rs15 · 08-19-2007, 05:41 AM

Quote:

Originally Posted by rtg

Code:

use strict;
use IO::File;
use Fcntl qw(:seek);
use Socket;

my $fh = IO::File->new('/var/log/squid/access.log');

my $line;
while(1) {
    $fh->seek(0,1); 
    $line = $fh->getline();
    if ($line) {
        chomp $line;
        my (@fields) = split(' ', $line); 
        my $addr = $fields[2];
        my $name = gethostbyaddr(inet_aton($addr), AF_INET);
        if ($name) {
            $fields[2] = $name;
        }
        print join(' ', @fields), "\n";
    } 
    else {  
        sleep 1;
    }
}

I've added sleep call because the previous version eats 100% CPU

Thank you very much for your quick reply. But there are too many things in /usr/lib/perl. How and where should I insert this code? For your kind information I am very new linux environment.

Regards
rs15

rtg · 08-19-2007, 09:20 AM

Ah, no, you should not put the script to the perl lib path.

Just save it as a file in your home directory (say squid-tail.pl) , then add

Code:

#!/usr/bin/perl

to the beginning of the script.

Change the rights to be 0755 -

Code:

chmod 0755 squid-tail.pl

and just run it under the user that has access to /var/log/squid:

./squid-tail.pl

or

perl squid-tail.pl -the script will start printing out all the lines from the log trying to resolve the ip addresses.

Feel free to ask if something is not quite clear.

rs15 · 08-20-2007, 02:46 AM

yeh...., I have done the job, at last. Thanks a lot. It shows the hostname instead of IP. But when I put the command perl squid-tail.pl, it executes the whole access.log file. Is it possible to show only desired part or latest part of access.log.

Regards
RS15

aq_mishu · 01-22-2012, 01:45 AM

guys,
Thanks for code. That is fantastic. But here are the two things...

How much resource it will actually take?? I have a Local DNS and resolving is damn fast infact. using this, using Vyatta Squid and SARG, i can track my hosts (300 of them) easily. But again, as it is a continuously running script with a forever while loop, how can i put it integrated so that it will do the lookup on a controlled manner, like a cron job, as first it will be executed then the "sarg-reports daily" in hour basis. This way, I dont want to keep it running for ever and to run it just when i'm making the log analysis.

I call this an another way to save resource.

I'm running centos 5.7 on a esxi 4.1

Mishu~