topic SARG on Windows in Web Security https://community.cisco.com/t5/web-security/sarg-on-windows/m-p/1342046#M952 <P>I have noticed some quirkiness with SARG on windows and the ironport squid log file format (with regards to username). I've created a vbscript to resolve the issue and thought I'd post if for others. The script also generates the logs based on days, parsed from the source ironport logs.<BR /><BR />Btw, I have to use windows so don't ask <span class="lia-unicode-emoji" title=":grinning_face_with_big_eyes:">😃</span><BR />Also, not sure how well it will work on large log files... <BR /><BR />' Description: Parses Ironport WSA squid access log files <BR />' and produces daily log output suitible for <BR />' SARG on MS Windows<BR />' Warning: Script removes original log files<BR />' Example: parselogs.vbs d:\ftproot d:\proxylogs<BR />Option Explicit<BR /><BR />testInput<BR /><BR />Dim objRegExpr, objFSO, objFile, objInputFile, objOutputFile, objFolder<BR />Dim strSourceDir, strDestinationDir, colFiles, strInputFile, strOutputFile<BR /><BR />Const ForReading = 1, ForWriting = 2, ForAppending = 8<BR /><BR />Set objFSO = CreateObject("Scripting.FileSystemObject")<BR />Set objRegExpr = New RegExp<BR /><BR />objRegExpr.Global = True<BR />objRegExpr.IgnoreCase = False<BR />strSourceDir = WScript.Arguments.Item(0)<BR />strDestinationDir = WScript.Arguments.Item(1)<BR /><BR />If objFSO.FolderExists(strSourceDir) AND objFSO.FolderExists(strDestinationDir) Then<BR /> Set objFolder = objFSO.GetFolder(strSourceDir)<BR /> Set colFiles = objFolder.Files<BR /> For Each objFile in colFiles<BR /> strInputFile = strSourceDir &amp; "\" &amp; objFile.Name<BR /> objRegExpr.Pattern = ".*@(\d{8})T.*"<BR /> strOutputFile = strDestinationDir &amp; "\" &amp; objRegExpr.Replace(objFile.Name, "$1") &amp; ".log"<BR /> Set objInputFile = objFSO.OpenTextFile(strInputFile, ForReading)<BR /> Set objOutputFile = objFSO.OpenTextFile(strOutputFile, ForAppending, True)<BR /> objRegExpr.Pattern = " ""(.*)@.*"" "<BR /> Do While Not objInputFile.AtEndOfStream<BR /> objOutputFile.WriteLine(objRegExpr.Replace(objInputFile.ReadLine, " $1 "))<BR /> Loop<BR /> objInputFile.Close<BR /> objOutputFile.Close<BR /> objFSO.DeleteFile(strInputFile)<BR /> Next<BR />Else<BR /> Wscript.Echo "Error: Invalid Source or Destination Directory"<BR /> Wscript.Quit<BR />End If<BR /><BR />Sub testInput()<BR /> If WScript.Arguments.Count &lt; 2 then<BR /> Wscript.Echo "Usage: " &amp; Wscript.ScriptName &amp; " &lt;sourcedir&gt; &lt;destinationdir&gt;"<BR /> Wscript.Quit<BR /> End If<BR />End Sub</P> Sun, 01 Nov 2009 13:42:21 GMT droth_ironport 2009-11-01T13:42:21Z SARG on Windows https://community.cisco.com/t5/web-security/sarg-on-windows/m-p/1342046#M952 <P>I have noticed some quirkiness with SARG on windows and the ironport squid log file format (with regards to username). I've created a vbscript to resolve the issue and thought I'd post if for others. The script also generates the logs based on days, parsed from the source ironport logs.<BR /><BR />Btw, I have to use windows so don't ask <span class="lia-unicode-emoji" title=":grinning_face_with_big_eyes:">😃</span><BR />Also, not sure how well it will work on large log files... <BR /><BR />' Description: Parses Ironport WSA squid access log files <BR />' and produces daily log output suitible for <BR />' SARG on MS Windows<BR />' Warning: Script removes original log files<BR />' Example: parselogs.vbs d:\ftproot d:\proxylogs<BR />Option Explicit<BR /><BR />testInput<BR /><BR />Dim objRegExpr, objFSO, objFile, objInputFile, objOutputFile, objFolder<BR />Dim strSourceDir, strDestinationDir, colFiles, strInputFile, strOutputFile<BR /><BR />Const ForReading = 1, ForWriting = 2, ForAppending = 8<BR /><BR />Set objFSO = CreateObject("Scripting.FileSystemObject")<BR />Set objRegExpr = New RegExp<BR /><BR />objRegExpr.Global = True<BR />objRegExpr.IgnoreCase = False<BR />strSourceDir = WScript.Arguments.Item(0)<BR />strDestinationDir = WScript.Arguments.Item(1)<BR /><BR />If objFSO.FolderExists(strSourceDir) AND objFSO.FolderExists(strDestinationDir) Then<BR /> Set objFolder = objFSO.GetFolder(strSourceDir)<BR /> Set colFiles = objFolder.Files<BR /> For Each objFile in colFiles<BR /> strInputFile = strSourceDir &amp; "\" &amp; objFile.Name<BR /> objRegExpr.Pattern = ".*@(\d{8})T.*"<BR /> strOutputFile = strDestinationDir &amp; "\" &amp; objRegExpr.Replace(objFile.Name, "$1") &amp; ".log"<BR /> Set objInputFile = objFSO.OpenTextFile(strInputFile, ForReading)<BR /> Set objOutputFile = objFSO.OpenTextFile(strOutputFile, ForAppending, True)<BR /> objRegExpr.Pattern = " ""(.*)@.*"" "<BR /> Do While Not objInputFile.AtEndOfStream<BR /> objOutputFile.WriteLine(objRegExpr.Replace(objInputFile.ReadLine, " $1 "))<BR /> Loop<BR /> objInputFile.Close<BR /> objOutputFile.Close<BR /> objFSO.DeleteFile(strInputFile)<BR /> Next<BR />Else<BR /> Wscript.Echo "Error: Invalid Source or Destination Directory"<BR /> Wscript.Quit<BR />End If<BR /><BR />Sub testInput()<BR /> If WScript.Arguments.Count &lt; 2 then<BR /> Wscript.Echo "Usage: " &amp; Wscript.ScriptName &amp; " &lt;sourcedir&gt; &lt;destinationdir&gt;"<BR /> Wscript.Quit<BR /> End If<BR />End Sub</P> Sun, 01 Nov 2009 13:42:21 GMT https://community.cisco.com/t5/web-security/sarg-on-windows/m-p/1342046#M952 droth_ironport 2009-11-01T13:42:21Z