Monthly Archives: July 2017

Patch for SquidAnalyzer 6.6 to use standard date format

SquidAnalyzer is a great tool to visualize statistics for the Squid web proxy. Unfortunately up until version 6.6 there is no way to configure the date format used to parse Squid logfiles.

By default Squid uses a Unix timestamp for its access log which is hard to read. If you change that date format to a more readable string, SquidAnalyzer does not work.

Here is a patch that makes SquidAnalyzer 6.6 recognize the following date format:
%{%Y-%m-%d %H:%M:%S}tl %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt

This is basically the same format as the native squid_localtime format, except the date is displayed human readable (year-month-day hour:minute:second).

The patch for version 6.6 must be applied to the file SquidAnalyzer.pm before installation:
SquidAnalyzer.pm.patch

--- /usr/local/src/squidanalyzer-6.6/SquidAnalyzer.pm   2017-07-23 10:56:28.379684965 +0200
+++ SquidAnalyzer.pm    2017-07-23 11:43:43.336149777 +0200
@@ -404,6 +404,8 @@
my $ip_regexp = qr/^([a-fA-F0-9\.\:]+)$/;
my $cidr_regex = qr/^[a-fA-F0-9\.\:]+\/\d+$/;

+# Patch: %{%Y-%m-%d %H:%M:%S}tl %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt
+my $de_format_regex1 = qr/^(\d{4}-\d{2}-\d{2}\s+\d{2}:\d{2}:\d{2})\s+(\d+)\s+([^\s]+)\s+([^\s]+)\s+(\d+)\s+([^\s]+)\s+(.*)/;
# Native log format squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt
my $native_format_regex1 = qr/^(\d+\.\d{3})\s+(\d+)\s+([^\s]+)\s+([^\s]+)\s+(\d+)\s+([^\s]+)\s+(.*)/;
my $native_format_regex2 = qr/^([^\s]+?)\s+([^\s]+)\s+([^\s]+\/[^\s]+)\s+([^\s]+)\s*/;
@@ -535,8 +537,19 @@

my $time = 0;
my $tz = ((0-$self->{TimeZone})*3600);
-       # Squid native format
-       if ( $line =~ $native_format_regex1 ) {
+        # Patch
+        if ( $line =~ $de_format_regex1 ) {
+                $time = $1;
+                $time =~ /(\d{4})-(\d{2})-(\d{2})\s+(\d{2}):(\d{2}):(\d{2})/;
+                if (!$self->{TimeZone}) {
+                        $time = timelocal_nocheck($6, $5, $4, $3, $2 - 1, $1 - 1900);
+                } else {
+                        $time = timegm_nocheck($6, $5, $4, $3, $2 - 1, $1 - 1900) + $tz;
+                }
+                $self->{is_squidguard_log} = 0;
+                $self->{is_ufdbguard_log} = 0;
+        # Squid native format
+        } elsif ( $line =~ $native_format_regex1 ) {
$time = $1;
$self->{is_squidguard_log} = 0;
$self->{is_ufdbguard_log} = 0;
@@ -596,6 +609,11 @@
$self->{is_ufdbguard_log} = 1;
$self->{is_squidguard_log} = 0;
last;
+                # Patch
+                } elsif ( $line =~ $de_format_regex1 ) {
+                        $self->{is_squidguard_log} = 0;
+                        $self->{is_ufdbguard_log} = 0;
+                        last;
# Squid native format
} elsif ( $line =~ $native_format_regex1 ) {
$self->{is_squidguard_log} = 0;
@@ -1237,7 +1255,23 @@
#logformat combined   %>a %[ui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
# Parse log with format: time elapsed client code/status bytes method URL rfc931 peerstatus/peerhost mime_type
my $format = 'native';
-               if ( !$self->{is_squidguard_log} && !$self->{is_ufdbguard_log} && ($line =~ $native_format_regex1) ) {
+                # Patch
+                if ( !$self->{is_squidguard_log} && !$self->{is_ufdbguard_log} && ($line =~ $de_format_regex1) ) {
+                        $time = $1;
+                        #$time += $tz;
+                        $elapsed = abs($2);
+                        $client_ip = $3;
+                        $code = $4;
+                        $bytes = $5;
+                        $method = $6;
+                        $line = $7;
+                        $time =~ /(\d{4})-(\d{2})-(\d{2})\s+(\d{2}):(\d{2}):(\d{2})/;
+                        if (!$self->{TimeZone}) {
+                                $time = timelocal_nocheck($6, $5, $4, $3, $2 - 1, $1 - 1900);
+                        } else {
+                                $time = timegm_nocheck($6, $5, $4, $3, $2 - 1, $1 - 1900) + $tz;
+                        }
+                } elsif ( !$self->{is_squidguard_log} && !$self->{is_ufdbguard_log} && ($line =~ $native_format_regex1) ) {
$time = $1;
$time += $tz;
$elapsed = abs($2);

Share

Top 20 reasons for choosing weak passwords

  1. You just don't care because the account does not contain sensitive data and you are not using your real name anyway.
  2. Typing in strong passwords with a combination of special characters and regular characters takes ages on smart phones and tablets.
  3. Computers can't be trusted anyway, so why bother with a complicated password?
  4. Nobody is interested in you anyway.
  5. Password is for a shared account. Explaining to someone the password "%&__!(E2-<"+?=-:*d3//#@" over the phone is just too nerve wrecking.
  6. You want to have access to the account in case of an emergency, and you are afraid to forget the password if it is too complicated.
  7. "12345" can not be so bad if everyone else is using it as a password.
  8. After using strong passwords for years, your wifi was hacked by a 13 year old neighbor kid who got bored playing World of Warcraft on a Saturday evening.
  9. When creating an account you first choose a password easy to remember, only to change it later to a much more secure password. Never happens.
  10. The real password is your username.
  11. You are a math genius: If "12345" is so highly likely to be guessed, why do these numbers never get picked by the national lottery?
  12. Two words: Quantum computers
  13. Passwords are for pussies: Secret information is hidden in porn movies using steganography.
  14. You are a celebrity who wants to get into the headlines.
  15. You want to become a celebrity and therefore use every way to get into the headlines.
  16. Wife wants to set a trap for her husband to see if he is spying on her. Chooses a weak password and checks login times regularly.
  17. What was the question? Passwords? ... yeah ... do you know where my skateboard is?
  18. You know that "12345" is not secure, but at least it's more secure than "1234".
Share