Dear James,
certainly a GOOD job!!
Thanks :)
while i used it in redhat linux 9 for analysis first i got this error
awk: cmd. line:2: printf("%8.2f Kb\t%-16s %s\t%s - %s\n" \ awk: cmd. line:2: ^ invalid char '?' in expression
Hmmm - there shouldn't be a '?' character in there :-/
then i modified a bit as ...
[cut & paste]
clear;tail -f /var/log/squid/access.log | awk '{ printf("%8.2f Kb\t%-16s %s\t%s - %s\n" ,$5/1024,$8,$7,$10,substr($4,5,(match(4,/\//)-5))) }'
[cut & paste]
That match(4,..) should be match($4,..) - notice the '$' before the '4'?
That whole substr($4,5,(match($4,/\//)-5)) turns the TCP_MISS/200, TCP_DENIED/403 etc, into just plain MISS, DENIED etc. substr($str, start, length) - we know the first 4 chars will always be TCP_, so start at the 5th char.
The length is variable (MISS/DENIED/IMS_HIT etc) but always ends before the '/'. Enter match($str, regex) which returns the index where 'regex' begins. Voila. We now have a way of terminating the substr :) The '-5' is to balance the fact we started our sub-string at the 5th character. So length becomes: length = "index of '/'" - 5 :)
12345678901234 = 14 chars.
So TCP_DENIED/403
| |
5 11 : 11-5=6, "DENIED" = 6 chars. Ta-da!So in the case above the whole substr() would evaluate to:
substr("TCP_DENIED",5,6) -> start at the 5th char, finish after 6 chars.If your squid logs have TCP_<FOO>/NNN in a different field position to my server, change all the $4 variables to reflect your field. awk separates fields by white space by default.
now what i got is
(size kb) (user) (url) (data type) | | | | V V V V 8.23 Kb bimal http://www.siliconvalleyccie.com/linux-adv/squid.htm text/html -
Hmmm - no cache status (MISS/HIT etc). See above.
certainly a good script to check the things ONLINE!!
I thought so too - glad you think so too.
James Gray ______________________________ I.T. Manager - Asia Region Open Channel Solutions Sydney NSW 2000, Australia
