Log Analysis Tools - F-SECURE INTERNET GATEKEEPER FOR LINUX 4.01 Administrator's Manual

Table of Contents

9.4 Log Analysis Tools

The access logs used by the product are compatible with Squid format. This makes it possible to use

various log analysis tools, such as Webalizer.

You can perform the daily access analysis with Webalizer by running the following command:

# touch /opt/f-secure/fsigk/log/{http,smtp,pop,ftp}/logtool/webalizer.conf

In addition, set crontab wih the following commands:

0 1 * * * cd /opt/f-secure/fsigk/log/http/logtool/;

/usr/bin/webalizer ../access.log -F squid -o .

Log results are saved to the /opt/f-secure/fsigk /log/http/logtool/ directory. You can

view the analysis results at "http://xxx:xx/log/http/logtool/" after logging into the web console.

# patch -p1 < webalizer-2.xx-xx.detect-stat.patch-x.xx

# ./configure

# make

You can also use commercial log analyzing tools such as Sawmill. Sawmill and other similar tools

make it possible to perform a more detailed log analysis, which includes virus information. For

information on Sawmill, see the following link:

http://www.sawmill.net/

A source patch ( misc/webalizer-xxx.detect-stat.patch-xxx ) that additionally

displays virus information can be used if needed.

To apply the patch:

# tar -zxvf webalizer-2.xx-xx-src.tgz

# make install

F-Secure Internet Gatekeeper for Linux/Administrator's Guide

Table of Contents

Do you have a question about the INTERNET GATEKEEPER FOR LINUX 4.01 and is the answer not in the manual?

Internet gatekeeper for linux version 4