I have 5 remote offices, each with a Content Engine 511 at the site. I have noticed, once in awhile, high WAN bandwidth utilization. Result was due to an infected workstation. At the HQ operations, we see the source address of the high bandwidth as the CE. Which makes sense since all the local users hit the CE before going out the WAN for Internet.
I know that the CE has logs in Squid format. I would like to regularly transfer these logs to a HQ server for retention. I would also like to install some sort of Squid log viewer to monitor each office's web hits and for troubleshooting to find the LAN IP address of an infected workstation. Does someone have some system in place performing these functions? I found some Squid viewers, but majority are for Unix-based servers. I'm working in a Windows shop. Thanks.