I have recently had cause to pay a little more attention to the logs generated by my home firewall. While I use SARG for the day-to-day analysis, I needed a quick and easy command to fire at my squid logs to see what a particular device had been up to. This entry is by no means an exhaustive list, but it will serve as a handy reminder to me as to what I did to pull the data I needed to look at.
After SSHing into the pfSense firewall, the following command will show me the activity on the device;
tail -f /var/squid/logs/access.log | grep <ip-address>
of course, if I want to dump ALL the data from the device, I can just as easily run;
cat /var/squid/logs/access.log | grep <ip-address> > somefilename.txt
That’s it, happy to hear from you if you have any stronger command-line Fu that I should look at throwing at the logfiles.