F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
96
9.4
Log Analysis Tools
The access logs used by the product are compatible with Squid format. This makes it possible to use
various log analysis tools, such as Webalizer.
You can perform the daily access analysis with Webalizer by running the following command:
#
touch /opt/f-secure/fsigk/log/{http,smtp,pop,ftp}/logtool/webalizer.conf
In addition, set crontab wih the following commands:
0 1 * * * cd /opt/f-secure/fsigk/log/http/logtool/;
/usr/bin/webalizer ../access.log -F squid -o .
Log results are saved to the
/opt/f-secure/fsigk /log/http/logtool/
directory. You can
view the analysis results at “
http://xxx:xx/log/http/logtool/
” after logging into the web console.
A source patch
(
misc/webalizer-xxx.detect-stat.patch-xxx
)
that additionally
displays virus information can be used if needed.
To apply the patch:
# tar -zxvf webalizer-2.xx-xx-src.tgz
# patch -p1 < webalizer-2.xx-xx.detect-stat.patch-x.xx
# ./configure
# make
# make install
You can also use commercial log analyzing tools such as Sawmill. Sawmill and other similar tools
make it possible to perform a more detailed log analysis, which includes virus information. For
information on Sawmill, see the following link:
http://www.sawmill.net/