A
A
Aristes2015-11-30 06:12:43
pfSense
Aristes, 2015-11-30 06:12:43

How to resolve names (pfSense + LightSquid + IPCad)?

In this bundle, the proxy collects almost all statistics.
But the LightSquid parser can't handle the resolution of names thrown by IPCad.
And in the statistics, the user gets a mess of data:

1	173.194.122.239:443\tcp	11	1.4 M	1.4 M	15.4%
2	104.25.162.28:443\tcp	9	716 525	2.1 M	7.3%
3	173.194.32.160:443\tcp	9	544 255	2.6 M	5.6%
4	www.lissyara.su	12	523 223	3.1 M	5.3%
5	www.thin.kiev.ua	40	464 297	3.6 M	4.7%
6	s7.addthis.com	   10	440 342	4.0 M	4.5%
7	habracdn.net	21	306 925	4.3 M	3.1%
8	208.123.73.18:443\tcp	2	279 189	4.6 M	2.8%
9	servisator.ru	53	278 953	4.8 M	2.8%
10	178.32.56.181:443\tcp	4	263 000	5.1 M	2.7%
11	173.194.32.143:443\tcp	9	236 346	5.3 M	2.4%
12	178.248.232.25:443\tcp	4	220 188	5.5 M	2.2%
13	shop.nativepc.ru	20	206 940	5.7 M	2.1%
14	173.194.32.152:443\tcp	7	204 810	5.9 M	2.1%
15	173.194.32.175:443\tcp	7	192 967	6.1 M	1.9%

The task is to resolve the most frequently encountered names.
For example, IP addresses starting with 173 are Google searches.
In the Lightsquid parser, I did not find anything other than grouping.
Comrades who know tell me how to get out of the situation? Suits any method: manual and automatic.
Thanks to all.

Answer the question

In order to leave comments, you need to log in

2 answer(s)
E
Eugene, 2015-12-24
@Aristes

You need to replace the contents of the /usr/local/sbin/tolog.sh file with the following: (where net="192.168.0" specifies the desired internal network template, you will also need to install dig on the system, the new resolver cannot return the short format, to do this, run pkg install bind-tools)
#!/bin/sh
rez2=""
#REZ="q"
iptoname ()
{
rez2=$1
REZ=$(/usr/local/bin/dig @172.16.185.1 -x $1 +short )
# dig @ use your DNS server
# echo "REZ - $REZ - $1"
if [ -z $REZ]
then
{
# echo
}
else
{
rez2=$REZ
}
fi
}
net="192.168.185"
#net = your local net
ttime=`/usr/bin/rsh localhost sh ip acco | /usr/bin/grep 'Accounting data saved' | /usr/bin/awk '{print ($4)}'`
/usr/bin/rsh localhost clear ip accounting
/usr/bin/rsh localhost show ip accounting checkpoint | /usr/bin/grep $net > /root/tolog.txt
while read p1 p2 p3 p4 p5 p6 p7 p8
do
#
if [ "$p5" != "0" ]
then
rez2=""
iptoname "$p1"
echo "$ttime.000" 1 $p2 "TCP_MISS/200" $p4 "CONNECT" $rez2:"$p5 "-" "DIRECT/"$p1" -"" >>/var/squid/logs/access.log
# echo "$vtime.000" 1 $p2 "TCP_MISS/200" $p4 "CONNECT" $rez2:"$p5 "-" "DIRECT/"
exit 0

A
awe007, 2016-04-12
@awe007

But what about in this case?

[2.2.4-RELEASE]/root: pkg install bind-tools
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
pkg: No packages available to install matching 'bind-tools' have been found in the repositories
[2.2.4-RELEASE]/root:

And what is the IP 172.16.185.1 in the script above?

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question