Re: Squid to cs-mars

stephane.tsacas · ‎11-24-2006

Hi,

We need to send the access_log from our squid servers to the MARS.

The squid log file is in Apache normal log file. For example, a line will look like this :

1.2.3.4 - - [24/Nov/2006:17:08:59 +0100] "GET http://www.club-internet.fr/? HTTP/1.1" 200 21513 TCP_MISS:DIRECT

The MARS is configured to receive COMMON_ACCESS_LOG type data.

The MARS receives the data, but cannot parse it.

The (free) program used to send the data to the MARS is Snare for Squid : http://www.intersectalliance.com/projects/SnareSquid/index.html

Any help is welcome.

St?phane

curt-wwwww · ‎11-24-2006

Mars provides ability to custom define and parse logs.

Go to Admin->Custom Setup (tabs)

stephane.tsacas · ‎11-24-2006

http://www.cisco.com/application/pdf/en/us/guest/products/ps6840/c2001/ccmigration_09186a008053a021.pdf

page 273 :

Note MARS supports only HTTP proxy logs and MMS streaming media proxy logs.

so there is probably no need to define a new parser for this format.

mhellman · ‎11-26-2006

I don't think the Snare agent is the supported way to get "web server" logs to CSMARS. Take a look at the supplementary files available here, in particular the web agent:

http://www.cisco.com/cgi-bin/tablebuild.pl?topic=279644034

If you're going to use the Snare agent, you'll need to create custom parser templates.

stephane.tsacas · ‎11-27-2006

Let me try that. I'm not bound to the snare thing, nor to pushing or pulling : either will do.

stephane.tsacas · ‎11-28-2006

The web agent method works fine, even if the script is badly written : thanks !

Is the method "UploadWebLogServlet" documented somewhere ? Can it load large chunks of data ?

Thanks