From owner-freebsd-questions@FreeBSD.ORG  Wed Jun  4 18:52:17 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 51F6837B404
	for <freebsd-questions@freebsd.org>;
	Wed,  4 Jun 2003 18:52:17 -0700 (PDT)
Received: from out001.verizon.net (out001pub.verizon.net [206.46.170.140])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6F26543F3F
	for <freebsd-questions@freebsd.org>;
	Wed,  4 Jun 2003 18:52:16 -0700 (PDT)	(envelope-from cswiger@mac.com)
Received: from mac.com ([141.149.47.46]) by out001.verizon.net
          (InterMail vM.5.01.05.33 201-253-122-126-133-20030313) with ESMTP
          id <20030605015215.VVPL12592.out001.verizon.net@mac.com>;
          Wed, 4 Jun 2003 20:52:15 -0500
Message-ID: <3EDEA24D.8040505@mac.com>
Date: Wed, 04 Jun 2003 21:52:13 -0400
From: Chuck Swiger <cswiger@mac.com>
Organization: The Courts of Chaos
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.4) Gecko/20030529
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: keith@smmc.qld.edu.au
References: <2280.10.0.0.2.1054777172.squirrel@localhost.smmc.qld.edu.au>
In-Reply-To: <2280.10.0.0.2.1054777172.squirrel@localhost.smmc.qld.edu.au>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Authentication-Info: Submitted using SMTP AUTH at out001.verizon.net from
	[141.149.47.46] at Wed, 4 Jun 2003 20:52:15 -0500
cc: freebsd-questions@freebsd.org
Subject: Re: How to analyse squid logs and wierd time stamps
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jun 2003 01:52:17 -0000

keith@smmc.qld.edu.au wrote:
[ ... ]
> 1049884671.477    240 10.0.1.121 TCP_HIT/200 744 GET
> ftp://ftpav.ca.com/pub/inoculan/scaneng/Siglist.txt - NONE/- text/plain
> ... Whoa!
> Anyone know of a port to analyse this stuff and change what MIGHT be a
> timestamp to something a mortal like me can read??

Sure.  Install /usr/ports/net/adns and /usr/ports/www/analog.  Check out and 
update the analog config file in /usr/local/etc.

cd to where your log files are, and DNS resolve the IPs via:

adnslogres -c 20000 < access_log > access_log.dns

...then run analog against this (DNS-resolved) logfile, and it will generate 
lots of info.  You can also do other things with the DNS-resolved logfile using 
other tools, but most of 'em will prefer to start with the output of adnslogres, 
so that step is worth doing.

-Chuck