Awie,
this DOES NOT mean that squid passed a file tothe internet. What it means is that the machine at ip aaa.bbb.ccc.ddd requested the
URL http://www.library.itu.edu.tr/scripts/..%1c%9c.../winnt/sytem32/cmd.exe?(with more here but hidden from the log), using the HTTP
method GET and receieved a rsponse with status 500.
It DOES NOT mean that cmd.exe is present anywhere on any of your machines.
I suggest you read rfc 2616 and get familiar with the operation of HTTP. It will make understanding what is happening a lot easier
for you.
As far as converting 979273815 to readable time, this has been covered in the squid users archives very recently.
Rob
----- Original Message -----
From: "Awie" <awie@eksadata.com>
To: <squid-users@ircache.net>
Sent: Friday, January 26, 2001 10:48 PM
Subject: [SQU] Access.log
Folks,
I got this message (below) in my access.log. I found our Squid passed file CMD.EXE to Internet that requested by IP aaa.bbb.ccc.ddd.
979273815.589 2961 aaa.bbb.ccc.ddd TCP_MISS/500 324 GET http://www.library.itu.edu.tr/scripts/..%1c%9c.../winnt/sytem32/cmd.exe? -
DIRECT/www.library.itu.edu.tr text/html
1. Is that a normal progress Squid?
2. How can I get date and time by converting the lines? I could not run command grep 'cmd.exe' access.log | perl -pe
's/\d+/localtime $&/e; from my Linux prompt to get our system time
Your answer is very appreciated. Thx
Best Regards,
Awie
-- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Fri Jan 26 2001 - 05:09:33 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:35 MST