[squid-users] Resolve ip_address to hostname in access.log ( no dns lookup )
Hi I'd like to store the hostnames instead of ip addresses of our AD PCs in the access.log I know that there's feature log_fqdn, but as far as I know it works as the DNS resolver. This however doesn't work for me, because we don't have PTR records of PCs at the DNS server ( DHCP is Cisco ) However , I have samba there and command nmblookup -A IP_Address works without any problem Is it possible to implement nmblookup hostname resolving to store the hostnames in the access.log ? Thanks a lot pet
[squid-users] How to improve Hit Ratio
Hi all I'd like to ask you how can I improve my Hit Ratio ( byte or request ) cause it's on average 12-15 %, so it seems too low I'm using cacti to measure squid snmp activites and my basic config is: RAM: 1 GB cache_mem 8 MB maximum_object_size_in_memory 1 MB cache_dir ufs /var/cache/squid 5500 16 256 minimum_object_size 0 bytes maximum_object_size 4194304 bytes cache_swap_low 90 cache_swap_high 95 refresh_pattern windowsupdate.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims refresh_pattern download.microsoft.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-p rivate refresh_pattern -i \.index.(html|htm)$ 0 40% 10080 refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320 refresh_pattern . 0 40% 40320 I'm hosting about 30 clients. FQDNcache Entries: 362 FQDNcache Requests: 25181 FQDNcache Hits: 15192 FQDNcache Negative Hits: 5348 FQDNcache Misses: 4641 IP Cache Statistics: IPcache Entries: 920 IPcache Requests: 497622 IPcache Hits: 332614 IPcache Negative Hits:1088 IPcache Numeric Hits: 23602 IPcache Misses: 140318 Is it possible ot reach higher hit ratio ? Thanks pet
RE: [squid-users] Zeros in cachemgr output
On 17.12.08 20:14, Jevos, Peter wrote: Is this ok with all these zero's in my output ? Cache information for squid: Request Hit Ratios: 5min: 0.0%, 60min: 0.0% Byte Hit Ratios:5min: 87.9%, 60min: 42.4% Request Memory Hit Ratios: 5min: 0.0%, 60min: 0.0% Request Disk Hit Ratios:5min: 0.0%, 60min: 0.0% Storage Swap size: 1843144 KB Storage Mem size: 104 KB Mean Object Size: 16.74 KB Requests given to unlinkd: 42884 Median Service Times (seconds) 5 min60 min: HTTP Requests (All): 1.00114 1.05672 Cache Misses: 1.00114 1.05672 Cache Hits:0.0 0.0 Near Hits: 0.0 0.0 Not-Modified Replies: 0.0 0.0 DNS Lookups: 0.0 0.00295 ICP Queries: 0.0 0.0 -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. - Holmes, what kind of school did you study to be a detective? - Elementary, Watson. Sorrym did you write something ? I've missed your advice Thanks in advance Br pet
[squid-users] Zeros in cachemgr output
Hi all Is this ok with all these zero's in my output ? Cache information for squid: Request Hit Ratios: 5min: 0.0%, 60min: 0.0% Byte Hit Ratios:5min: 87.9%, 60min: 42.4% Request Memory Hit Ratios: 5min: 0.0%, 60min: 0.0% Request Disk Hit Ratios:5min: 0.0%, 60min: 0.0% Storage Swap size: 1843144 KB Storage Mem size: 104 KB Mean Object Size: 16.74 KB Requests given to unlinkd: 42884 Median Service Times (seconds) 5 min60 min: HTTP Requests (All): 1.00114 1.05672 Cache Misses: 1.00114 1.05672 Cache Hits:0.0 0.0 Near Hits: 0.0 0.0 Not-Modified Replies: 0.0 0.0 DNS Lookups: 0.0 0.00295 ICP Queries: 0.0 0.0 In my access log I can see many value TCP_HIT and cache/log shows no error message Thanks Br pet
[squid-users] How to exclude domain from rep_mime acl
Hi, I've set the rep_mime_type acl to block the flash video. Unfortunately it has to be allowed on our domain sites. How could I exlude specified domain from that acl ? I tried to do: acl mydomain dstdomain .MYDOMAIN.com http_access allow mydomain and put it before http_reply_access deny rule but it doesn't work My acl is: acl streaming rep_mime_type -i ^application/x-pncmd ^flv-application/octet-stream ^video/x-ms-asf ^video/x-ms-sf ^audio/mpeg ^audio/x-mpeg ^application/x-mms-framed ^application/vnd.ms.wms-hdr.asfv1 ^video/x-flv ^video/flv ^video/mpeg ^video/x-ms-wvx ^video/x-ms-wmv ^video/vnd.divx ^video/quicktime http_reply_access deny streaming thanks for any advice br peter
[squid-users] Read Error - 104 connection reset by peer
Hi , I'd like to ask you if these error is about the proxy error or network problem Read Error - 104 connection reset by peer - error condition while reading data from network In the log is: 1227847205.654185 10.7.1.1 TCP_MISS/502 1489 GET http://co107w.col107.mail.live.com/mail/mail.aspx?ip=10.12.140.8d=d253 2mf=0rru=getm sg%3fmsg%3dFCD25EA1%2d9C51%2d4215%2d8711%2dC6AA3CD78309 - DIRECT/203.121.145.20 text/html [28/Nov/2008:11:40:05 +0700] thnaks peter
RE: [squid-users] Read Error - 104 connection reset by peer
Jevos, Peter wrote: Hi , I'd like to ask you if these error is about the proxy error or network problem Read Error - 104 connection reset by peer - error condition while reading data from network In the log is: 1227847205.654185 10.7.1.1 TCP_MISS/502 1489 GET http://co107w.col107.mail.live.com/mail/mail.aspx?ip=10.12.140.8d=d25 3 2mf=0rru=getm sg%3fmsg%3dFCD25EA1%2d9C51%2d4215%2d8711%2dC6AA3CD78309 - DIRECT/203.121.145.20 text/html [28/Nov/2008:11:40:05 +0700] Both. Proxy having issue reading from the network. Sounds like a Squid somewhere received an end-of-connection code (RST) while expecting more data. There is another log called cache.log which contains more detailed info on what Squid is doing during requests. Please check there for the reason if you don't understand the error page returned. Thnaks for your answer Unfortunatelly cache.log shows nothing during that time Importatn think is that yo triy to refresh this page in a few seconds it works and returns 200 But this problem happens regulary Whant should i check ? Thanks for any advice
[squid-users] how to solve DNS server outage
Hi I'm using latest squid 2.7 and in my resolve.conf there're 2 name servers. Unfortunately first didn't work well and all queries was not resolved : ..Unable to determine IP address from host name... Even though the secondary server was working the quere timeout out after a couple of minutes. How can I manage to try secondary server if primary is out of order? Thx Br pet
[squid-users] How to improve integratin of LDAP authentication
Hi, I'd like to ask you one question. I have ldap authentication against AD that works perfectly. My config is: auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -R -b dc=x, dc=x -D cn=x,ou=x,ou=x,dc=x,dc=x,dc=x -w x -f sAMAccountName=%s -h 10.0.0.1 -p 3268 When I run it login window apperas to insert login credentials. And that's fine and it works. My question is: Is it possible to hand over this credentials from MS Windows login credentials ( like domainname\user ) ? The reason is to avoid the interuption with login window Is it actually possible ? Thx pet
[squid-users] FW: How to improve integratin of LDAP authentication
Hi, I'd like to ask you one question. I have ldap authentication against AD that works perfectly. My config is: auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -R -b dc=x, dc=x -D cn=x,ou=x,ou=x,dc=x,dc=x,dc=x -w x -f sAMAccountName=%s -h 10.0.0.1 -p 3268 When I run it login window apperas to insert login credentials. And that's fine and it works. My question is: Is it possible to hand over this credentials from MS Windows login credentials automatically ( like domainname\user ) ? The reason is to avoid the interuption with login window. So probably squid should be somehow dig out this credentials from the system Is it actually possible ? Thx pet
RE: [squid-users] FW: How to improve integratin of LDAP authentication
-Original Message- From: Luis Claudio Botelho - Chefe de Tecnologia e Redes [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 11, 2008 2:20 PM To: Jevos, Peter; squid-users@squid-cache.org Subject: Re: [squid-users] FW: How to improve integratin of LDAP authentication Hi Peter We have this configuration here in my job. My workstations doesn't ask for login and password because they are integrated in the domain. Only the workstations that doesn't belong to the domain ask for user/password. The question is: is your workstation connected to the domain? Have you configured SAMBA in your Linux Server? Regards! Luis Claudio Botelho Brazil Thanks for your answer Luis Of coursse our stations are connected into the domain. I'm not using samba yet ( but it'spossible ) But all i'd like ot know is a brief principle how it works ( or brief howto ) Thx pet Hi, I'd like to ask you one question. I have ldap authentication against AD that works perfectly. My config is: auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -R -b dc=x, dc=x -D cn=x,ou=x,ou=x,dc=x,dc=x,dc=x -w x -f sAMAccountName=%s -h 10.0.0.1 -p 3268 When I run it login window apperas to insert login credentials. And that's fine and it works. My question is: Is it possible to hand over this credentials from MS Windows login credentials automatically ( like domainname\user ) ? The reason is to avoid the interuption with login window. So probably squid should be somehow dig out this credentials from the system Is it actually possible ? Thx pet
