Looking at logs…

Looking at LogsI have recently had cause to pay a little more attention to the logs generated by my home firewall. While I use SARG for the day-to-day analysis, I needed a quick and easy command to fire at my squid logs to see what a particular device had been up to. This entry is by no means an exhaustive list, but it will serve as a handy reminder to me as to what I did to pull the data I needed to look at.

After SSHing into the pfSense firewall, the following command will show me the activity on the device;
tail -f /var/squid/logs/access.log | grep <ip-address>
of course, if I want to dump ALL the data from the device, I can just as easily run;
cat /var/squid/logs/access.log | grep <ip-address> > somefilename.txt

That’s it, happy to hear from you if you have any stronger command-line Fu that I should look at throwing at the logfiles.

2 thoughts on “Looking at logs…”

    1. Fantastic, thanks Kiw.. I’ve used Splunk briefly, but nothing like at the level of Terry’s Splunk Fu. Correlation would certainly be fun, but may be over kill for the device traces I’m running at the moment.

Comments are closed.