Want to share my script, wich convert rsyslog
mkaccess.log file to
squid format.
mkaccess.log: no debug, only simple one-record-per-line format.
There is
no size(fake size, 1024 per string),
no dst-host ip(fake ip 8.8.8.8), only datetime, local ip and url persist
Output can be used on linux-tools like lightsquid etc.
#!/usr/bin/perl -w
use Date::Parse;
$num_args = $#ARGV + 1;
if ($num_args != 1) {
# mkaccess.log - syslog's file, mikrotik remote logging.
print "\nUsage: ".$0." /path/to/mkaccess.log\n";
exit;
}
open (IN, "<".$ARGV[0]) || die $!;
while(<IN>){
chomp;
($line)=join " ",(split / /)[1,0,2,3,4,5,6,7,8];
$line =~ s/^\s+//gi;
$line =~ s/(\s+)/ /gi;
my($day,$mns,$time,$hname,$host,$method,$site,$access) = split('\s+', $line);
($date)=join " ",$day,$mns,$time;
$dateepoch=str2time($date." +0200");
if ($access eq 'action=allow') {
$string=$dateepoch.".000 999 ".$host." TCP_MISS/200 1024 ".$method." ".$site." - DIRECT/8.8.8.8 text/html\n";
print $string;
}
}
close IN;