Re: [squid-users] Local port number logging woes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Amos, thanks a lot for your answer. On 22.01.2015 05:22, Amos Jeffries wrote: On 22/01/2015 7:00 a.m., Carl-Daniel Hailfinger wrote: I'm using cascaded/hierarchical Squid instances, one per machine. [...] This works great except for one oddity: Quite a few Squid log entries of the child proxy have 0 as local port number of the last server or peer connection. I have absolutely no idea why that would be the case. AFAICS cached entries have - as local port number and that's fine because it means there was no associated parent proxy connection. Am I doing something wrong? Are there any cases where the log format code %lp would legitimately yield 0? It is possible for connections which were never completely setup. The server/peer details will all be known, but the local TCP details will not be set by completion of the TCP handshake. Ah, that may explain it. So this would only happen if the TCP connection to the parent proxy can't be established completely. A colleague of mine thought it might be related to parent proxy connection keepalive. I'll forward your answer. Thanks again! Regards, Carl-Daniel -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFUwS1oRdNMz2eF/AERAv8kAJsF0XuTwBJvcy74MRpFrdJ7P5klQwCgnrg6 LEP4EkBarBc9qByymqo1hD0= =fgvz -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Local port number logging woes
Hi, I'm using cascaded/hierarchical Squid instances, one per machine. To get the ability to correlate access.log entries between instances, I have extended the default squid log format by %p and %lp . For correlation, I use the following two sets of information: The parent proxy uses URL, timestamp, client source port. The child proxy uses URL, timestamp, local port number of the last server or peer connection. Even with some slight timing variations due to caching/lookups/network, the child proxy local port number of the last peer connection and the parent proxy client source port help tremendously matching those entries against each other. This works great except for one oddity: Quite a few Squid log entries of the child proxy have 0 as local port number of the last server or peer connection. I have absolutely no idea why that would be the case. AFAICS cached entries have - as local port number and that's fine because it means there was no associated parent proxy connection. Am I doing something wrong? Are there any cases where the log format code %lp would legitimately yield 0? Regards, Carl-Daniel ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Local port number logging woes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 22/01/2015 7:00 a.m., Carl-Daniel Hailfinger wrote: Hi, I'm using cascaded/hierarchical Squid instances, one per machine. To get the ability to correlate access.log entries between instances, I have extended the default squid log format by %p and %lp . For correlation, I use the following two sets of information: The parent proxy uses URL, timestamp, client source port. The child proxy uses URL, timestamp, local port number of the last server or peer connection. Even with some slight timing variations due to caching/lookups/network, the child proxy local port number of the last peer connection and the parent proxy client source port help tremendously matching those entries against each other. This works great except for one oddity: Quite a few Squid log entries of the child proxy have 0 as local port number of the last server or peer connection. I have absolutely no idea why that would be the case. AFAICS cached entries have - as local port number and that's fine because it means there was no associated parent proxy connection. Am I doing something wrong? Are there any cases where the log format code %lp would legitimately yield 0? It is possible for connections which were never completely setup. The server/peer details will all be known, but the local TCP details will not be set by completion of the TCP handshake. Amos -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUwHr6AAoJELJo5wb/XPRj1e0H/R732wuWifxxJjiQuGQJxaej vc8c07NS02slvpVSDvLNjyOAMPl++oBgCEvy4EBHiWkR1MP/N7z4Utj4FS1c1HQA rEJqA0UCe8cnm6V/8zjrEd3l+N+zYx5oj/P4Yv97TmQlmLeMLeVZyaeJcOfMarKo yS9Tdyy7NIuQioTzFKfZ/1mclJeAKJ1fY2QLjzIWzekDh0NNvmX/3W3NEuFf1fsR cuYQ4vbTliCbkuugtvmJm/GOATAl3jNvP+pJp+5s1JPe+dYFlqj2All/eR2stai4 ElJaHQm5f2GgU3g/kuZvSHiXuMkMEmwvGj+pwlSu5+Okdi0XpMKx03BnRqPPJTQ= =SKrI -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users