Just Test and need to share my idea 

Method

1. copy  file /var/log/squid/access.log to directory where you want, example : /var/www/log/access.log

cp /var/log/squid/access.log /var/www/log/access.log

2. clear data on /var/log/squid/access.log to make data clear and no duplicate log and make file small

cat /dev/null > /var/log/squid/access.log

3. write script to read  only online username ,mac and ip from table radacct 

i use perl

4. write data to q.sh 



sed -i 's/192.168.99.58 /192.168.99.58   bn401   00:16:6F:26:CD:2C   /g' /var/www/log/access.log

 

 

Notice : this script will find  192.168.99.58 in /var/www/log/access.log. if found it will replace with 192.168.99.58   bn401   00:16:6F:28:CD:20.

and we will got data in username ,ip , mac without to trouble mysql fat and makes CPU go slowwwwwwwwwwwww

5. now we got complete data in /var/www/log/access.log  so we cat it and keep it in a file that have date such as /var/www/log/access-07-10-2009.log and then you scripts to cat and keep in the file everytime you and q.sh. cause we must delete file /var/www/log/access.log after we run q.sh . use scripts below..

data=$(cat /var/www/log/access.log)
echo "$data" >> /var/www/log/access-07-10-2009.log
rm /var/www/log/access.log


make it run

chmod 755 q.sh
/var/www/perl/q.sh



ุ6. set crontab to run script every minutes. and then we wil real-time log in 90% garantee 


becarefool :-D
1. i run for 60-100 user. no cpu problem or all system. if your server have more users, i can garantee. 
2. linux sed use 1 minutes. if you have more user, server may use more time. some error mays appear. 
3.  log is compare only online user.  if in the minute of compare user go offline , we can not get log the user. but logging use only 1 minute for compare. normally user always stop to access web 1 minute before offline .

 

 

GO GO CHEER..

ขอความเห็นท่านอื่น และการแก้ไขข้อบกพร่องต่อไปครับ