[squid-users] How to detmine how many web pages have been visited in a month
I have my access.log files and there is one for each day of the month what is the best way to determine how many web pages were viewed for the month? Jim
[squid-users] squid shuts down and syslogs complains disk space over limit but I have free disc space
Squid is shutting down and syslog is reporting the following "Dec 29 10:04:34 squid1 squid[7873]: WARNING: Disk space over limit: 153268 KB > 102400 KB " But i have free disc space as shown below. df -h Filesystem Size Used Avail Use% Mounted on /dev/sda2 65G 18G 44G 28% / tmpfs 1010M 0 1009M 0% /dev/shm Jim
Re: [squid-users] parent cache
I added the below text to the child: nonhierarchical_direct off prefer_direct off cache_peer parent.server.ip parent 3128 0 default no-query And I added the child to an acl on the parent that does not allow downloading of .exe's but when I tried to downoad them I was able to. Since I added the child to an acl on the parent that does not allow download of exe's I do not see why I can download exe's. I thought since the child was added on the parent to an acl that did not allow downloads of exe's I would not be able to download them. To recap: >From child squid server given workstation IP can download anything Put child squid server IP into an acl on the parent server that can not downoad .exe's >From given workstion IP I can download .exe's but why? Jim Henrik NordstromTo: Jim_Brouse/[EMAIL PROTECTED] <[EMAIL PROTECTED] cc: [EMAIL PROTECTED] he.org> Subject: Re: [squid-users] parent cache 10/27/2004 03:46 PM On Wed, 27 Oct 2004 Jim_Brouse/[EMAIL PROTECTED] wrote: > I have been reading documentation at the below two urls and what I can not > determine is that do I need to enable something on server a if it is going > to be a parent to server b or do I just need to tell server b which server > is its parent? You need to make A allow B as a client if it is not already in the list of allowed clients, and to configure B to use A as it's parent. No other configuration on A is required. >cache_peer parentcache.foo.com parent 3128 0 no-query default >acl all src 0.0.0.0/0.0.0.0 >never_direct allow all > > or > >cache_peer parentcache.foo.com parent 3128 0 no-query >prefer_direct off Depends on what you want. The first always uses the parent, the second prefers to use the parent if available and it makes sense for the request in terms of caching, if not it will go direct. Regards Henrik
Re: [squid-users] parent cache
Do I need to enable something on the parent server so that it can be a parent server? Jim Kashif Ali Bukhari To: "jim_brouse/[EMAIL PROTECTED]" , squid users <[EMAIL PROTECTED]<[EMAIL PROTECTED]> l.com> cc: Subject: Re: [squid-users] parent cache 10/27/2004 02:42 PM Please respond to Kashif Ali Bukhari please explain your words On Wed, 27 Oct 2004 14:21:02 -0700, jim_brouse/[EMAIL PROTECTED] wrote: > I have been reading documentation at the below two urls and what I can not > determine is that do I need to enable something on server a if it is going > to be a parent to server b or do I just need to tell server b which server > is its parent? > > http://squid.visolve.com/squid/squid24s1/neighbour.htm#cache_peer > > http://www.squid-cache.org/Doc/FAQ/FAQ-4.html#ss4.9 > >cache_peer parentcache.foo.com parent 3128 0 no-query default >acl all src 0.0.0.0/0.0.0.0 >never_direct allow all > > or > >cache_peer parentcache.foo.com parent 3128 0 no-query >prefer_direct off > > Jim > > -- Syed Kashif Ali +923004295604 MSN:- [EMAIL PROTECTED] 11-B Toheed Park Gulshen-e-Ravi Lahore, Pakistan
[squid-users] parent cache
I have been reading documentation at the below two urls and what I can not determine is that do I need to enable something on server a if it is going to be a parent to server b or do I just need to tell server b which server is its parent? http://squid.visolve.com/squid/squid24s1/neighbour.htm#cache_peer http://www.squid-cache.org/Doc/FAQ/FAQ-4.html#ss4.9 cache_peer parentcache.foo.com parent 3128 0 no-query default acl all src 0.0.0.0/0.0.0.0 never_direct allow all or cache_peer parentcache.foo.com parent 3128 0 no-query prefer_direct off Jim
Re: [squid-users] can not access sites due to acl when using ntlm auth
Part of my problem was kiosk was defined as url_regex it should have been src. This was the specifics on KIOSK acl KIOSK url_regex "/etc/squid/acl/kiosk.src" acl KIOSK.dstdomain dstdomain "/etc/squid/acl/kiosk.dstdomain.acl" http_access allow KIOSK.dstdomain http_access allow KIOSK Now they are: acl KIOSK src "/etc/squid/acl/kiosk.src" acl KIOSK.dstdomain dstdomain "/etc/squid/acl/kiosk.dstdomain.acl" http_access allow KIOSK KIOSK.dstdomain And it works as before, I can not believe it was working before thanks everyone for the help. Here are my http_access statements before cleanup: > egrep -v '^$|^#' /etc/squid/squid.conf |grep http_access > http_access allow manager localhost > http_access deny manager > http_access allow KIOSK.dstdomain > http_access allow KIOSK > http_access deny KIOSK > http_access allow AIRMAIL > http_access allow PAGING > http_access deny PAGING > http_access deny BLOCK.NOT.YAHOO > http_access allow YAHOOMESSENGER > http_access deny YAHOOMESSENGER > http_access deny BLOCK.NOT.AOL > http_access allow AOL > http_access deny AOL > http_access deny lab.src lab.dstdomain > http_access allow lab.src > http_access deny lab.src > http_access allow LOG-ONLY-HOSTS > http_access deny NO.NONBLOCK NONBLOCK > http_access allow NONBLOCK > http_access allow NONPORN > http_access deny BLOCK > http_access deny MIMEBLOCK > http_access deny RESTRICTED-BROWSER > http_access deny RESTRICTED-DOM > http_access allow manager ADMIN-HOSTS > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access deny to_localhost > http_access deny all Here are my http_access after cleanup, Thanks Everyone. egrep -v '^$|^#' /etc/squid.conf |grep http_access -i http_access allow manager localhost http_access deny manager http_access allow KIOSK KIOSK.dstdomain http_access allow PAGING AIRMAIL http_access deny BLOCK.NOT.YAHOO YAHOOMESSENGER http_access allow YAHOOMESSENGER http_access deny AOL BLOCK.NOT.AOL http_access allow AOL http_access deny lab.dstdomain lab.src http_access allow guad.lab.src http_access allow LOG-ONLY-HOSTS http_access deny NO.NONBLOCK NONBLOCK http_access allow NONBLOCK http_access allow NONPORN http_access deny BLOCK http_access deny MIMEBLOCK http_access deny RESTRICTED-BROWSER http_access deny RESTRICTED-DOM http_access allow PERMITTED-HOSTS http_access allow manager ADMIN-HOSTS http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny to_localhost http_access deny all Jim Henrik NordstromTo: Jim_Brouse/[EMAIL PROTECTED] <[EMAIL PROTECTED] cc: [EMAIL PROTECTED] he.org> Subject: Re: [squid-users] can not access sites due to acl when using ntlm auth 08/19/2004 03:00 PM On Thu, 19 Aug 2004 Jim_Brouse/[EMAIL PROTECTED] wrote: > KIOSK is an acl that list what ip can use that acl and KIOSK.dstdomain > list what sites KIOSK can get to and it seems to work good. I did remove > http_access deny KIOSK but when I tried to combine the two statements that > I think I need, Then you should use http_access allow KIOSK KIOSK.dstdomain http_access deny KIOSK > That did not work the users in KIOSK can no longer access sites listed at > KIOSK.dstdomain which is the goal. Then something is wrong with either of these two acls. http_access allow A http_access allow B is very different from http_access allow A B The first allows access if either of the criterias is fulfilled. The second allows access only if both criterias is fulfilled. And this is one of many things of Squid access controls is what we try to explain in the Squid FAQ chapter 10 introduction. But the source of your authentication problem is most likely my last comment. Somewhere you need to allow the request be
Re: [squid-users] can not access sites due to acl when using ntlm auth
>> http_access allow KIOSK.dstdomain >> http_access allow KIOSK >>>Is this really what you want? >>>Allow everyone access to KOISK.dstdomain >>>Allow KIOSK access to everything. >> http_access deny KIOSK >>>This is redundant due to the above. KIOSK is an acl that list what ip can use that acl and KIOSK.dstdomain list what sites KIOSK can get to and it seems to work good. I did remove http_access deny KIOSK but when I tried to combine the two statements that I think I need, >> http_access allow KIOSK.dstdomain >> http_access allow KIOSK into > http_access allow KIOSK KIOSK.dstdomain That did not work the users in KIOSK can no longer access sites listed at KIOSK.dstdomain which is the goal. Jim Henrik NordstromTo: Jim_Brouse/[EMAIL PROTECTED] <[EMAIL PROTECTED] cc: Henrik Nordstrom <[EMAIL PROTECTED]>, [EMAIL PROTECTED] he.org> Subject: Re: [squid-users] can not access sites due to acl when using ntlm auth 08/19/2004 12:36 AM On Wed, 18 Aug 2004 Jim_Brouse/[EMAIL PROTECTED] wrote: >> http_access allow manager localhost >> http_access deny manager Ok >> http_access allow KIOSK.dstdomain >> http_access allow KIOSK Is this really what you want? Allow everyone access to KOISK.dstdomain Allow KIOSK access to everything. >> http_access deny KIOSK This is redundant due to the above. >> http_access allow MYAIRMAIL >> http_access allow PAGING >> http_access deny PAGING This is redundand. You can not deny what you have already allowed. >> http_access deny BLOCK.NOT.YAHOO >> http_access allow YAHOOMESSENGER >> http_access deny YAHOOMESSENGER This i redundant. >> http_access deny BLOCK.NOT.AOL >> http_access allow AOL >> http_access deny AOL This is redundant. >> http_access deny lab.src lab.dstdomain >> http_access allow lab.src >> http_access deny lab.src This is redundant. >> http_access allow LOG-ONLY-HOSTS >> http_access deny NO.NONBLOCK NONBLOCK >> http_access allow NONBLOCK >> http_access allow NONPORN >> http_access deny BLOCK >> http_access deny MIMEBLOCK >> http_access deny RESTRICTED-BROWSER >> http_access deny RESTRICTED-DOM >> http_access allow manager ADMIN-HOSTS >> http_access deny manager This is redundant due to the first two rules already taking care of all manager access. >> http_access deny !Safe_ports >> http_access deny CONNECT !SSL_ports >> http_access deny to_localhost These should be much higher, before your own first accept rule. Somewhere before this last deny of everything else it looks like there is some allow statements missing, allowing access after you have filtered out all the things you do not want to see.. >> http_access deny all Regards Henrik
Re: [squid-users] can not access sites due to acl when using ntlm auth
I read chapter 10 and also looked in Squid the Definitive Guide and I can not find any thing in those references that would make me want to change my acls.Would it make sends that I need this many acls depending upon my needs correct? Jim Brouse Internet Administrator Information Technology Department Pascua Yaqui Tribe of Arizona Phone: 520-879-5813 E-mail: [EMAIL PROTECTED] Henrik NordstromTo: Jim_Brouse/[EMAIL PROTECTED] <[EMAIL PROTECTED] cc: he.org> Subject: Re: [squid-users] can not access sites due to acl when using ntlm auth 08/18/2004 11:23 AM On Wed, 18 Aug 2004 Jim_Brouse/[EMAIL PROTECTED] wrote: > egrep -v '^$|^#' /etc/squid/squid.conf |grep http_access > http_access allow manager localhost > http_access deny manager > http_access allow KIOSK.dstdomain > http_access allow KIOSK > http_access deny KIOSK > http_access allow MYAIRMAIL > http_access allow PAGING > http_access deny PAGING > http_access deny BLOCK.NOT.YAHOO > http_access allow YAHOOMESSENGER > http_access deny YAHOOMESSENGER > http_access deny BLOCK.NOT.AOL > http_access allow AOL > http_access deny AOL > http_access deny lab.src lab.dstdomain > http_access allow lab.src > http_access deny lab.src > http_access allow LOG-ONLY-HOSTS > http_access deny NO.NONBLOCK NONBLOCK > http_access allow NONBLOCK > http_access allow NONPORN > http_access deny BLOCK > http_access deny MIMEBLOCK > http_access deny RESTRICTED-BROWSER > http_access deny RESTRICTED-DOM > http_access allow manager ADMIN-HOSTS > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access deny to_localhost > http_access deny all I think you need to clean this up somewhat to get it under control. Spend some time reading the introduction in Squid FAQ chapter 10 Access Controls. And please keep discusion on the mailinglist thanks. Regards Henrik
[squid-users] forward http traffic for one site
How can I forward http/squid traffic for one site or domain? I have looked on the FAQ on squid-cache.org, googled and looked in Squid the Definitive Guide. Jim
[squid-users] can not access sites due to acl when using ntlm auth
When I try to access sites after being authorized as a ntlm user I am getting this message in cache.log when in debug mode 2004/08/17 16:43:14| The request GET http://www.google.com/ is DENIED, because i t matched 'all' I have this configed in my squid.conf acl all src 0.0.0.0/0.0.0.0 http_access deny all The point is that why does squid not see ntlm auth and then not concernt itself with the all acl? Should I remove the all acl, but I believe that is so that we do not have someone use the proxy that is not explicity configed to. Jim
Re: [squid-users] proxy_auth
I tried the following but what is happening now is all users that are logged on with Microsoft AD usernames are being granted access to webpages even though there are not in the acl.users acl, and the reason in cache.log is because username matched all. I have http_access allow all commented out with a "#" Jim Henrik NordstromTo: Jim_Brouse/[EMAIL PROTECTED] <[EMAIL PROTECTED] cc: [EMAIL PROTECTED] he.org> Subject: Re: [squid-users] proxy_auth 05/03/2004 02:46 PM On Mon, 3 May 2004 Jim_Brouse/[EMAIL PROTECTED] wrote: > I do have proxy auth working to access any page with the following: > > acl AuthorizedUsers proxy_auth REQUIRED > http_access allow all AuthorizedUsers > > Below is the acl settings to allow only one user to one particular site. > acl acl.dstdomain dstdomain /etc/squid/acl/acl.dstdomain > acl acl.users proxy_auth/etc/squid/acl/acl.users > http_access allow acl.dstdomain > http_access allow acl.users > http_access deny acl.users I think you want http_access allow acl.dstdomain acl.users http_access deny acl.users See the Squid FAQ chapter 10 for details if unsure what the difference is. In addition you need "quotes" around the filenames.. if not Squid reads what you have wrote literally (i.e. the filename instead of the contents of the file). Regards Henrik
[squid-users] proxy_auth
I do have proxy auth working to access any page with the following: acl AuthorizedUsers proxy_auth REQUIRED http_access allow all AuthorizedUsers But when I comment that out http_access allow all AuthorizedUsers to allow out a particular user to access one site only I only get DENIED for the site listed in acl.dstdomain and all other domains. Below is the acl settings to allow only one user to one particular site. acl acl.dstdomain dstdomain /etc/squid/acl/acl.dstdomain acl acl.users proxy_auth/etc/squid/acl/acl.users http_access allow acl.dstdomain http_access allow acl.users http_access deny acl.users Jim
[squid-users] block only if part of a group
With squid acl's I usually grant access if a user is part of group then they have access to what that particular acl is about Is there a way to say if you are part of this group then access is denied to a particular acl, otherwise if you are not in the group then you have access to the site listed in the acl. Jim
[squid-users] ntlm and granting certain user access to certain sites
Is it possible to grant access in squid to certain sites based on a ntlm username So one could say joe can go to all sites and mary can go only to www.comany.com Is it necessary to use squidgaurd for this and if so does anyone know of a how to for something like this regarding ntlm usernames and squidguard. Jim
[squid-users] squid and ntlm auth
I have squid configured with NTLM auth and in the squid logs with squid in debug mode in cache.log squid first reports DENIED access to a site because they are a member of AuthorizedUsers and then it says it is ALLOWED because they are a member or AuthorizedUsers group so my question is why does Squid first deny it and then after it says ALLOWED. This is seamless to the user they do not see it being DENIED and then ALLOWED but it seems squid is doing twice the work. Below from cache.log 2004/04/16 09:13:50| The request GET http://somesite.edu/ is DENIED, because it matc hed 'AuthorizedUsers' 2004/04/16 09:13:50| The request GET http://somesite.edu/ is ALLOWED, because it mat ched 'AuthorizedUsers' Jim
Re: [squid-users] Windows Update mirroring
If you use SUS (link below) I believe it is free and you will then have a Windows Update server for your users on your local LAN. http://www.microsoft.com/windowsserversystem/sus/default.mspx Jim "Sampei" <[EMAIL PROTECTED] To: <[EMAIL PROTECTED]> ali.it> cc: Subject: [squid-users] Windows Update mirroring 04/16/2004 06:55 AM Please respond to "Sampei" Although I tried several times mirroring Microsoft Windows Update using free software I did not the solution; I looked at in Squid ML archives and other documentations on web but resolving nothing. I'm going to use Squid Accelerator. My aim is to reach MS windows update from whatever client in the lan because only some of them can download MS patches infact their browsers are set to go out in Internet (privileged users). I configured Squid Accelerator to listen to 80 port, with proxy option no active: httpd_accel_host virtual httpd_accel_with_proxy off httpd_accel_single_host off I installed 2 NIC in Squid Accelerator Server : internal and public network: 3 virtual ip addresses for internal Network Interface Card, 1 ip address for public Network Interface Card. In this way I can use a redirector script (written in PERL) to associate virtual ip address to these sites: 10.1.1.1www.windowsupdate.com 10.1.1.2v4.windowsupdate.microsoft.com 10.1.1.3www.microsoft.com When I access , for instance, to 10.1.1.2 my browser correctly point to v4.windowsupdate.microsoft.com but after few minutes I can see this error: no route to host. I must say that there's specified the DNS on Squid Accelerator. Problem is only for Windows Update site. Are there problems with Windows Update Javascript ? Could it be caused because there is attempt to use HTTPS ?! I noted that using a simple Squid (to go out in Internet) acting as cache-server (no configured as accelerator) and I set my browser to use it, I have no problem to run W.U. and download patches. I'm able to understand the "difference" about how they works and if there is difference how MS W.U. takes care answers toward Squid and Squid Accelerator. thanks Sampei
Re: [squid-users] Windows Update mirroring
>If you want your clients to go to another hostname then there is a product >you can buy from Microsoft for setting up a "Windows Update" style >distribution server. Don't remember what it is called but you can find it >in another thread about Windows Update some weeks ago.. If you want to mirror Windows Update then use this product http://www.microsoft.com/windowsserversystem/sus/default.mspx Jim Henrik NordstromTo: Sampei <[EMAIL PROTECTED]> <[EMAIL PROTECTED] cc: [EMAIL PROTECTED] he.org> Subject: Re: [squid-users] Windows Update mirroring 04/16/2004 09:49 AM On Fri, 16 Apr 2004, Sampei wrote: > Although I tried several times mirroring Microsoft Windows Update using free > software I did not the solution; I looked at in Squid ML archives and other > documentations on web but resolving nothing. You can not easily mirror Windows Update, but you can cache it and have clients redirected to the cache. The host names used by Windows Update must be accessible by the clients. The host names does not really need to point to Microsoft, but may point to accelerators. If you want your clients to go to another hostname then there is a product you can buy from Microsoft for setting up a "Windows Update" style distribution server. Don't remember what it is called but you can find it in another thread about Windows Update some weeks ago.. > When I access , for instance, to 10.1.1.2 my browser correctly point to > v4.windowsupdate.microsoft.com but after few minutes I can see this error: > no route to host. By browser or Squid? What address does the client attempt to contact? (use netstat on the client) > I noted that using a simple Squid (to go out in Internet) acting as > cache-server (no configured as accelerator) and I set my browser to use it, > I have no problem to run W.U. and download patches. Good. > I'm able to understand the "difference" about how they works and if there > is difference how MS W.U. takes care answers toward Squid and Squid > Accelerator. The difference is that the Windows Update function knows it's servers, so even if you request a specific server in the browser the Windows Update will try to use the server names it thinks it should have, so for this to work the client needs to know that for the Windows Update domains it should talk to your accelerator, not Microsoft. This you can configure in your internal DNS to have the Microsoft Update domains redirected to your accelerator, just make sure your Squid is using a real DNS without this "pollution". Regards Henrik
[squid-users] winbind and ntlm auth
I have gotten winbind to work with squid but one problem is that the authentication is basic and from what I read at the FAQ ntlm or basic auth is supported, is there a way to force ntlm auth, this is for a MS AD 2000 domain and Samba 3 with squid 2.5 Jim
Re: [squid-users] winbind and proxy_auth
I thought that the user was the user who was logged on the AD domian? How can I confirm what user is trying to access winbind's privileged pipe is that user basically just squid? Jim Darren Spruell cc: [EMAIL PROTECTED] Subject: Re: [squid-users] winbind and proxy_auth 04/14/2004 02:51 PM Jim_Brouse/[EMAIL PROTECTED] wrote: > I have been reading the faq at > http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5to setup winbind > authentication and everytime I try to access a webpage I am DENIED. > > Below is the output from cache.log with debug turned on. > > The request GET http://blah.com is DENIED because, it matched > 'AuthorizedUsers' When this happened during our setup, it was because the squid user did not have access to winbind's privileged pipe. -- Darren Spruell
[squid-users] winbind and proxy_auth
I have been reading the faq at http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5to setup winbind authentication and everytime I try to access a webpage I am DENIED. Below is the output from cache.log with debug turned on. The request GET http://blah.com is DENIED because, it matched 'AuthorizedUsers' Below is what was added to squid.conf for AuthorizedUsers -acl AuthorizedUsers proxy_auth REQUIRED - -http_access allow all AuthorizedUsers What is strange is that if the request matches AurhorizedUsers it should be allowed not denied. Jim
[squid-users] can squid determine browser version
Can squid determine what browser is making a http request so at the end of the day you could look at the squid logs and say we have 100 Opera clients, 12 MS IE 5.0 clients, and 11 MS IE 6.0 clients, Jim
[squid-users] winbind auth and squid
I am trying to configure squid for winbind auth so that users can be granted Internet access based on their username and not their IP. I have been referring to http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5 and I have successfully joined the MS AD domain, I can see the computer account on the Domain Controller and I can also use wbinfo -u and wbinfo -g to check the usernames and groups associated with that domain, but I can not successfully do a "wbinfo -a domainname\\username%password" I get the following output: plaintext password authentication failed error code was NT_STATUS_NO_LOGON_SERVERS (0xc05e) error messsage was: No logon servers Could not authenticate user domain\username%password with plaintext password challenge/response password authentication failed error code was NT_STATUS_NO_LOGON_SERVERS (0xc05e) error messsage was: No logon servers Could not authenticate user doamin\username with challenge/response Is this just a test or is this required for winbind auth to work with squid? Jim
Re: [squid-users] squid and ldap and active directory
Since winbind uses ``base64'' encoding is it possible for squid and winbind to only look at the username being presented and not ask for the password therefore the password would not be transmitted in clear text? Jim Henrik NordstromTo: Jim_Brouse/[EMAIL PROTECTED] <[EMAIL PROTECTED] cc: [EMAIL PROTECTED] he.org> Subject: Re: [squid-users] squid and ldap and active directory 03/19/2004 02:31 PM On Fri, 19 Mar 2004 Jim_Brouse/[EMAIL PROTECTED] wrote: > I want to use squid and have users authenticate via their currently in use > active directory username and password, to do this do I need open ldap > installed on the squid server? You need the OpenLDAP libraries if you want to use the LDAP helpers for Squid. You do not need the OpenLDAP server or clients installed. > Will the users be presented with an username/password box or will squid use > the curretly in use credentials of the user who is logged on? LDAP is only possible in the Basic authentication scheme where the users is asked for their login. If you want to use automatic login then you need to use the NTLM scheme, and here the recommended approach is to install Samba-3 and have the Squid server join your windows domain. See the Squid FAQ on winbind for details. Regards Henrik
Re: [squid-users] Squid-RRD
I have given it a few days I had crated a cronjob to run every five minutes and I have also run it manually about 20 times. Jim [EMAIL PROTECTED] To: Jim_Brouse/[EMAIL PROTECTED] 03/27/2004 cc: 12:58 AM Subject: Re: [squid-users] Squid-RRD > I just bought the Squid the Definitive Guide and it is a great book. > > I was looking at http://www.squid-cache.org/~wessels/squid-rrd/and > while I can run poll.pl without error and I can see the rrd graphs via a > web browser they are all blank I have tried this on 2 different squid > servers. Uave you waited long enough so rrd caqn fill it's graph database??? If you wait at least 1 hour, and run the update script every 5 minutes then you will see the beginning of the graph comming. Ries > > > > Jim > >
[squid-users] Squid-RRD
I just bought the Squid the Definitive Guide and it is a great book. I was looking at http://www.squid-cache.org/~wessels/squid-rrd/and while I can run poll.pl without error and I can see the rrd graphs via a web browser they are all blank I have tried this on 2 different squid servers. Jim
[squid-users] squid and ldap and active directory
I want to use squid and have users authenticate via their currently in use active directory username and password, to do this do I need open ldap installed on the squid server? Will the users be presented with an username/password box or will squid use the curretly in use credentials of the user who is logged on? Jim
Re: [squid-users] How to Determine what is being cached
> Both access.log and store.log gives you this information. TCP_CLIENT_REFRESH_MISS/304 is that what access.log will display when something is not going to be cached? Jim Henrik NordstromTo: Jim_Brouse/[EMAIL PROTECTED] <[EMAIL PROTECTED] cc: [EMAIL PROTECTED] he.org> Subject: Re: [squid-users] How to Determine what is being cached 02/25/2004 02:32 PM On Wed, 25 Feb 2004 Jim_Brouse/[EMAIL PROTECTED] wrote: > How does this look? > > acl nocache dstdomain /etc/squid/acl/nocache > no_cache deny nocache The file name above should be within quotes, other than that it looks ok. > How can I determine what is being cached and what is not being cached? Both access.log and store.log gives you this information. Regards Henrik
[squid-users] How to Determine what is being cached
I have the below lines to squid.conf. If there is a URL that mactch any words in the file then they should not be cached. How does this look? acl nocache dstdomain /etc/squid/acl/nocache no_cache deny nocache How can I determine what is being cached and what is not being cached? Jim
Re: [squid-users] SNMP Variables
Go to the below URL http://www.squid-cache.org/SNMP/snmpwalk.html Jim "galle" <[EMAIL PROTECTED] To: <[EMAIL PROTECTED]> ov.ar> cc: Subject: [squid-users] SNMP Variables 02/25/2004 02:33 PM Hi all !!! Can someone explain me a little the meaning of these snmp variables ? what are they monitoring and what unit ? Thanks cacheProtoAggregateStats.1 cacheHttpHits cacheRequests cacheHits cacheMisses cacheServerRequests cacheClients Diego
Re: [squid-users] Do not cache certain sites/words
> We still want the users to be able to access those sites but just not have > them cached >See the no_cache TAG. >put the acl-name which you don't want to cache them. >no_cache deny I looked in my squid.conf and I found the following Can I create another line with no_cahe deny "fileanme of file with wordlist to not cache" or shoudl I just add my filename after QUERY on the same line #We recommend you to use the following two lines. acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY Jim "Muthukumar" <[EMAIL PROTECTED] To: <[EMAIL PROTECTED]>, tmail.com> cc: 02/24/2004 Subject: Re: [squid-users] Do not cache certain sites/words 08:28 PM > Is it possible to have a squid not cache certain sites. > Yes. > > We still want the users to be able to access those sites but just not have > them cached See the no_cache TAG. put the acl-name which you don't want to cache them. no_cache deny Regards, Muthukumar.
[squid-users] Do not cache certain sites/words
Is it possible to have a squid not cache certain sites. We still want the users to be able to access those sites but just not have them cached Jim
[squid-users] Does squid try to update is cache automatically
Does squid try to go out and update webpages that users frequently visit, like if I visit www.kernel.org in the morning will it keep checking whether it has an up to date page even if a user is not requesting that site or does squid only update it cache when users request a particular site? Jim
[squid-users] Creating an ACL that only certain users go through
I have created an ACL that only certain users are supposed to go through but instead all users are being having to run through this dstdomain block list. acl list.dstdomain dstdom_regex "location of dstdomain block list" acl list.src src "location of list of IPs that have to use this list" http_access deny list.dstdomain http_access allow list.src http_access deny list.src The problem is that I have other src lists and users in those lists are having to go through the list.domain file of blocked domains and I only want IP to go through that list if they are in the list.src file. Jim
Re: [squid-users] Transparent Proxy Trouble
Can you browse the Internet from the squid server itself? Is it possibly a firewall rule rejecting the traffic from the wireless clients? Is it possibly a routing rule sending Internet traffic out the wrong interface? ping www.google.com for example then do "ip route get IPaddressofgoogle.com" and see which interface it it trying to go out of, try this with several different internet sites. Jim [EMAIL PROTECTED] linux.orgTo: [EMAIL PROTECTED] cc: 02/17/2004 Subject: [squid-users] Transparent Proxy Trouble 12:21 PM Hello, Folks - I have been using squid/squidGuard on our proxy servers here at the library I work at for about a year and a half, and have been having great success with them. I am now trying to set up a transparent proxy for a new wireless network so that we can let folks bring in there laptops and hook up, but have the content content filtered (Unfortunately, that is our policy). I am using a brand new HP Proliant DL140, with a fresh box-stock install of redhat 9.0. The server has 2 ethernet interfaces, eth0 is outside, eth1 is the wireless. I have tried to set up the machine as described in this article: http://www.faqs.org/docs/Linux-mini/TransparentProxy.html I am able to set up squid no sweat, and when I point a wireless client browser to port 3128 on the server, squid says that it is fetching pages. When I "un- point" my browser, I am still able to browse, but squid's access log is silent. Does anybody have any clues as to where I need to look? Is the above URL a valid way to do this? Thanks - Mark Ehle Computer Support Librarian Willard Public Library Battle Creek, MI
Re: [squid-users] Reporting on Squid
grep `grep givensite.com /var/log/squid/access-02-13-04.log |tr -s ' ' | cut -d' ' -f3 |sort -n|uniq` /var/log/squid/access-02-13-04.log | wc -l The above command tells the total amount of times a particular site was visited by all ips but how could you change this so it says IP address so and so accessed that site 10 times and the whereas a different ip visited it 100 times. Jim "Muthukumar" <[EMAIL PROTECTED] To: <[EMAIL PROTECTED]>, tmail.com> cc: 02/17/2004 Subject: Re: [squid-users] Reporting on Squid 11:15 AM > I use the below command to determine who has been to a particular site but > grep givensite.com /var/log/squid/access-02-13-04.log |tr -s ' ' | cut -d' ' -f3 |sort -n|uniq > what would I need to add to determine how many times they did visit that > site. grep `grep givensite.com /var/log/squid/access-02-13-04.log |tr -s ' ' | cut -d' ' -f3 |sort -n|uniq` /var/log/squid/access-02-13-04.log | wc -l Regards, Muthukumar. India: 0-91-94431-01756
[squid-users] Reporting on Squid
I use the below command to determine who has been to a particular site but what would I need to add to determine how many times they did visit that site. grep givensite.com /var/log/squid/access-02-13-04.log |tr -s ' ' | cut -d' ' -f3 |sort -n|uniq Jim
Re: [squid-users] Massive problems with https connections to Domino Server (long)
Maybe there is something wrong with the client update the client to latest version of IE with all hotfixes, service packs etc. Jim Jim Rainer Traut epost.de>cc: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED] 02/09/2004 Subject: Re: [squid-users] Massive problems with https connections to 07:43 AM Domino Server (long) vda wrote: > On Monday 09 February 2004 13:15, Rainer Traut wrote: > > I see ~50 connections open from squid to domino, > all of them are being closed when you close IE. This might be by accident, but SSL_RESUMABLE_SESSIONS is 50. > Since I do not see tcpdump between IE and squid, > I can only guess that IE, too, kept ~50 open > connections to squid. You can verify this with > tcpdump and/or by viewing squid access log. Yes, that's right, same count. > Why IE don't do it when you go direct? I don't know. > You may do detailed tcpdumps and try to spot differences > between direct/cached cases. I will try this. > BTW. Is your squid transparent? No. > BTW#2. Why do you proxy https traffic at all? > What are you trying to achieve? Security. From what I learned is to deny direct tcp connections to the internet. I can go direct in this case but that is an exception. Besides it's easy to implement squid's acl. > IE DoSes your server. In this case inadvertently but still, > you have to take measures. > You probably should configure squid/Domino to limit number > of TCP connections from one IP, total number of open > connections and/or limit max connection lifetime. I know you are very kind and are trying to help me, thx very much for this. But this cannot be a solution. There is something fundamentally wrong. I can take down one server with just one client -easily-. Wild guess here: Might it has sth to do with IE's ssl_unclean_shutdown I am reading everywhere? Perhaps Domino shuts down the SSL connections right when IE is direct connected but fails with proxy? Rainer
[squid-users] squid reread config files while running
What is the best way to tell squid to re-read its config files while it is running so a change made in a config file will be made active now? Jim
Re: [squid-users] mrtg and squid
How can I determine what OID cacheMedianTime.5 is?
Jim
Henrik
NordstromTo: Jim_Brouse/[EMAIL PROTECTED]
<[EMAIL PROTECTED] cc: [EMAIL PROTECTED]
he.org> Subject: Re: [squid-users] mrtg and squid
01/07/2004
09:35 AM
Seems this version of MRTG does not like mixing numeric and symbolic names
in the same OID.
Should work with symbolic OIDs where no additional arguments is required
in the OID however.
Regards
Henrik
On Wed, 7 Jan 2004 Jim_Brouse/[EMAIL PROTECTED] wrote:
>
> I was trying to reference the OID numerically because when I refence it
by
> name I get messages like "evaluated to 5 instead of a number"
>
> File output and mrtg output below.
>
>
>
> cat /var/www/mrtg/squid/mrtg.cache.cfg
>
>
> WorkDir: /var/www/mrtg/squid
> IconDir: /images/
> LoadMIBs: /var/www/mrtg/squid/mib.txt
> Target[squid.cache.client.usage]:
> "cacheMedianTime.5&cacheMedianTime.5:[EMAIL PROTECTED]:3401"
> Title[squid.cache.client.usage]: Cache Statistics: Client IP Accesses
> PageTop[squid.cache.client.usage]: Cache Statistics: # of Client IPs
> accessing cache
> Xsize[squid.cache.client.usage]: 600
> Ysize[squid.cache.client.usage]: 200
> Ytics[squid.cache.client.usage]: 10
> LegendI[squid.cache.client.usage]: Client Accesses
> ShortLegend[squid.cache.client.usage]:
> LegendO[squid.cache.client.usage]:
> Legend1[squid.cache.client.usage]: Client Accesses
> Legend2[squid.cache.client.usage]:
> YLegend[squid.cache.client.usage]: # of current clients
> MaxBytes[squid.cache.client.usage]: 10
> Options[squid.cache.client.usage]: gauge
>
>
>
> mrtg /var/www/mrtg/squid/mrtg.cache.cfg
>
> ERROR: Target[squid.cache.client.usage][_IN_] '" $$target[0]{$mode} "'
> evaluated to ' 5 ' instead of a number
> ERROR: Target[squid.cache.client.usage][_OUT_] '" $$target[0]{$mode} "'
> evaluated to ' 5 ' instead of a number
> WARNING: Skipping Update of squid.cache.client.usage, inlast is not
defined
> WARNING: Skipping Update of squid.cache.client.usage, outlast is not
> defined
>
>
>
> Jim
>
>
>
>
>
> Henrik
> NordstromTo:
Jim_Brouse/[EMAIL PROTECTED]
> <[EMAIL PROTECTED] cc: Henrik Nordstrom
<[EMAIL PROTECTED]>,
> he.org> <[EMAIL PROTECTED]>
> Subject: Re: [squid-users]
mrtg and squid
> 01/06/2004
> 02:45 PM
>
>
>
>
>
>
> Your Target does not at all match what is in the documentation.
>
> The numeric OID you have specified does not exists as a value in the
Squid
> MIB, and the error message is thus fully correct as MRTG can not plot
> things that does not exists.
>
> .1.3.6.1.4.1.3495.1.1.1 is enterprise.nlanr.Squid.cacheSystem.
>
>
> Why do you specify the OID numerically? It is much easier to load the
> Squid MIB into MRTG and then specify the OID by name.
>
> Regards
> Henrik
>
>
> On Tue, 6 Jan 2004 Jim_Brouse/[EMAIL PROTECTED] wrote:
>
> >
> > I have tried many configurations I am now trying to get this simplified
> > mrtg.cfg for squid to work
> >
> > >From Documentation at
> >
>
http://howto.aphroland.de/HOWTO/MRTG/SquidMonitoringWithMRTGHostsInIPCache
> >
> > Below contents of mrtg.cfg file
> > WorkDir: /var/www/mrtg/squid
> > Target[squid.cache.ipcache]:
> > .1.3.6.1.4.1.3495.1.1.1&.1.3.6.1.4.1.3495.1.1.1:[EMAIL PROTECTED]:3401
> > Title[squid.cache.ipcache]: Cache Statistics: # of Hosts in IP Cache
> >
> > Output is
> > mrtg /var/www/mrtg/squid/mrtg.client.squid.cfg
> > SNMP Error:
> > Received SNMP response with error code
> > error status: noSuchName
> > index 3 (OID: 1.3.6.1.2.1.1.3.0)
> > SNMPGET Problem for .1.3.6.1.4.1.3495.1.1.1 .1.3.6.1.4.1.3495.1.1.1
>
>
>
>
>
Re: [squid-users] mrtg and squid
I was trying to reference the OID numerically because when I refence it by
name I get messages like "evaluated to 5 instead of a number"
File output and mrtg output below.
cat /var/www/mrtg/squid/mrtg.cache.cfg
WorkDir: /var/www/mrtg/squid
IconDir: /images/
LoadMIBs: /var/www/mrtg/squid/mib.txt
Target[squid.cache.client.usage]:
"cacheMedianTime.5&cacheMedianTime.5:[EMAIL PROTECTED]:3401"
Title[squid.cache.client.usage]: Cache Statistics: Client IP Accesses
PageTop[squid.cache.client.usage]: Cache Statistics: # of Client IPs
accessing cache
Xsize[squid.cache.client.usage]: 600
Ysize[squid.cache.client.usage]: 200
Ytics[squid.cache.client.usage]: 10
LegendI[squid.cache.client.usage]: Client Accesses
ShortLegend[squid.cache.client.usage]:
LegendO[squid.cache.client.usage]:
Legend1[squid.cache.client.usage]: Client Accesses
Legend2[squid.cache.client.usage]:
YLegend[squid.cache.client.usage]: # of current clients
MaxBytes[squid.cache.client.usage]: 10
Options[squid.cache.client.usage]: gauge
mrtg /var/www/mrtg/squid/mrtg.cache.cfg
ERROR: Target[squid.cache.client.usage][_IN_] '" $$target[0]{$mode} "'
evaluated to ' 5 ' instead of a number
ERROR: Target[squid.cache.client.usage][_OUT_] '" $$target[0]{$mode} "'
evaluated to ' 5 ' instead of a number
WARNING: Skipping Update of squid.cache.client.usage, inlast is not defined
WARNING: Skipping Update of squid.cache.client.usage, outlast is not
defined
Jim
Henrik
NordstromTo: Jim_Brouse/[EMAIL PROTECTED]
<[EMAIL PROTECTED] cc: Henrik Nordstrom <[EMAIL
PROTECTED]>,
he.org> <[EMAIL PROTECTED]>
Subject: Re: [squid-users] mrtg and squid
01/06/2004
02:45 PM
Your Target does not at all match what is in the documentation.
The numeric OID you have specified does not exists as a value in the Squid
MIB, and the error message is thus fully correct as MRTG can not plot
things that does not exists.
.1.3.6.1.4.1.3495.1.1.1 is enterprise.nlanr.Squid.cacheSystem.
Why do you specify the OID numerically? It is much easier to load the
Squid MIB into MRTG and then specify the OID by name.
Regards
Henrik
On Tue, 6 Jan 2004 Jim_Brouse/[EMAIL PROTECTED] wrote:
>
> I have tried many configurations I am now trying to get this simplified
> mrtg.cfg for squid to work
>
> >From Documentation at
>
http://howto.aphroland.de/HOWTO/MRTG/SquidMonitoringWithMRTGHostsInIPCache
>
> Below contents of mrtg.cfg file
> WorkDir: /var/www/mrtg/squid
> Target[squid.cache.ipcache]:
> .1.3.6.1.4.1.3495.1.1.1&.1.3.6.1.4.1.3495.1.1.1:[EMAIL PROTECTED]:3401
> Title[squid.cache.ipcache]: Cache Statistics: # of Hosts in IP Cache
>
> Output is
> mrtg /var/www/mrtg/squid/mrtg.client.squid.cfg
> SNMP Error:
> Received SNMP response with error code
> error status: noSuchName
> index 3 (OID: 1.3.6.1.2.1.1.3.0)
> SNMPGET Problem for .1.3.6.1.4.1.3495.1.1.1 .1.3.6.1.4.1.3495.1.1.1
Re: [squid-users] barebones squid configuration
If you download the standard webmin package at www.webmin.com it includes support for squid and the support to easily add/remove ip from ACLs. Jim Payal Rathod <[EMAIL PROTECTED] To: Jim_Brouse/[EMAIL PROTECTED] ticky.com> cc: Subject: Re: [squid-users] barebones squid configuration 01/06/2004 12:54 PM On Tue, Jan 06, 2004 at 12:53:45PM -0700, Jim_Brouse/[EMAIL PROTECTED] wrote: > > Webmin is a nice to have around so that others can work on squid in a > friendly fashion if they are not familiar with squid. But will it allow me to add/delete ips from acls easily? Regards, -Payal -- For GNU/Linux Success Stories and Articles visit: http://payal.staticky.com
Re: [squid-users] mrtg and squid
I have tried many configurations I am now trying to get this simplified
mrtg.cfg for squid to work
>From Documentation at
http://howto.aphroland.de/HOWTO/MRTG/SquidMonitoringWithMRTGHostsInIPCache
Below contents of mrtg.cfg file
WorkDir: /var/www/mrtg/squid
Target[squid.cache.ipcache]:
.1.3.6.1.4.1.3495.1.1.1&.1.3.6.1.4.1.3495.1.1.1:[EMAIL PROTECTED]:3401
Title[squid.cache.ipcache]: Cache Statistics: # of Hosts in IP Cache
PageTop[squid.cache.ipcache]: Cache Statistics: # of Hosts in IP
Cache(Hostname-to-address)
Xsize[squid.cache.ipcache]: 600
Ysize[squid.cache.ipcache]: 200
Ytics[squid.cache.ipcache]: 10
LegendI[squid.cache.ipcache]: Hosts in IP Cache(Hostname-to-Address)
ShortLegend[squid.cache.ipcache]:
LegendO[squid.cache.ipcache]: Hosts in IP Cache(Address-to-Hostname)
Legend1[squid.cache.ipcache]: Hosts in IP Cache(Hostname-to-Address)
Legend2[squid.cache.ipcache]: Hosts in IP Cache(Address-to-Hostname)
YLegend[squid.cache.ipcache]: Hosts
MaxBytes[squid.cache.ipcache]: 50
Options[squid.cache.ipcache]: gauge
Output is
mrtg /var/www/mrtg/squid/mrtg.client.squid.cfg
SNMP Error:
Received SNMP response with error code
error status: noSuchName
index 3 (OID: 1.3.6.1.2.1.1.3.0)
SNMPv1_Session (remote host: "localhost" [127.0.0.1].3401)
community: "public"
request ID: -497639849
PDU bufsize: 8000 bytes
timeout: 2s
retries: 5
backoff: 1)
at /usr/share/perl5/SNMP_util.pm line 486
SNMPGET Problem for .1.3.6.1.4.1.3495.1.1.1 .1.3.6.1.4.1.3495.1.1.1
sysUptime sysName on [EMAIL PROTECTED]:3401
at /usr/bin/mrtg line 1683
ERROR: Target[squid.cache.ipcache][_IN_] ' $$target[0]{$mode} ' did not
eval into defined data
ERROR: Target[squid.cache.ipcache][_OUT_] ' $$target[0]{$mode} ' did not
eval into defined data
WARNING: Skipping Update of squid.cache.ipcache, inlast is not defined
WARNING: Skipping Update of squid.cache.ipcache, outlast is not defined
Jim
Henrik
NordstromTo: Jim_Brouse/[EMAIL PROTECTED]
<[EMAIL PROTECTED] cc: [EMAIL PROTECTED]
he.org> Subject: Re: [squid-users] mrtg and squid
01/05/2004
08:19 PM
On Mon, 5 Jan 2004 Jim_Brouse/[EMAIL PROTECTED] wrote:
> SNMPGET Problem for cacheClientHttpRequests cacheClientHttpRequests
I think you meant to query for cacheProtoClientHttpRequests, not
cacheClientHttpRequests.
footnote: cacheClientHttpRequests is the number of requests from a
specific client in the cacheClientTable (indexed by the client IP
address). Not sure how to plot this using MRTG but maybe it can be
plotted using cacheClientHttpRequests.ip.of.client.station. This obviously
requires client_db to be enabled.
Regards
Henrik
[squid-users] mrtg and squid
I have been unable to get mrtg working with Squid on my debian box. I have tried this on two different boxes with the same results. While snmpget does work I am trying to use a script located at http://www.psychofx.com/chris/unix/mrtg/mrtg-squid.cfg for the mrtg config Example output: http://www.psychofx.com/chris/unix/mrtg/squidsample/ Here is an snmpget that does work successfully for squid. snmpget -v 1 -c public localhost:3401 .1.3.6.1.4.1.3495.1.1.1 SNMPv2-SMI::enterprises.3495.1.1.1 = INTEGER: 92 The problem is that mrtg will not successfully run against squid. mrtg /var/www/mrtg/mrtg-squid.cfg SNMP Error: Received SNMP response with error code error status: noSuchName index 1 (OID: 1.3.6.1.4.1.3495.1.5.2.1.2) SNMPv1_Session (remote host: "localhost" [127.0.0.1].3401) community: "public" request ID: -1877762615 PDU bufsize: 8000 bytes timeout: 2s retries: 5 backoff: 1) at /usr/share/perl5/SNMP_util.pm line 465 SNMPGET Problem for cacheClientHttpRequests cacheClientHttpRequests cacheUptime cacheSoftware cacheVersionId on [EMAIL PROTECTED]:3401 at /usr/bin/mrtg line 1683 Use of uninitialized value in concatenation (.) or string at /usr/bin/mrtg line 1686. Use of uninitialized value in concatenation (.) or string at /usr/bin/mrtg line 1686. Modification of non-creatable array value attempted, subscript -2 at /usr/bin/mrtg line 1686. By the way I can run mrtf cfgs against this server although for network interface input and output sucsessfully. The mrtg-squid.cfg I am using is located here http://www.psychofx.com/chris/unix/mrtg/mrtg-squid.cfg I am making the changes requested in the commented section at the beggining for hostname etc. System Specifics: Debian kernel 2.4.21 mrtg 2.9.29-1 squid 2.5.4-2 snmpd 5.0.9-3 Jim
[squid-users] ftp access
We are trying to ftp to a site with the following format ftp://[EMAIL PROTECTED] Although the error we are getting is "cache access denied" we can access sites on that machine but we get the error cache access denied when trying to ftp to site with the above method. Below is the error message: ___ While trying to retrieve the URL: ftp://[EMAIL PROTECTED] The following error was encountered: Cache Access Denied. Sorry, you are not currently allowed to request: ftp://[EMAIL PROTECTED] from this cache until you have authenticated yourself. You need to use Netscape version 2.0 or greater, or Microsoft Internet Explorer 3.0, or an HTTP/1.1 compliant browser for this to work. Please contact the cache administrator if you have difficulties authenticating yourself or change your default password. __ We authenticate users for internet access based on IP addresses not on usernames and passwords so I am not sure if this is cachemgr.cgi issue or not? There is a username/password that the site is requiring I am not sure if squid is also requiring something in addition to that? Jim
Re: [squid-users] Drill Down Reporting
Check out this tool --> http://ababa.org/ all information is placed in a MySQL db with this tool. I use this tool and SARG. Jim [EMAIL PROTECTED] icanhm.comTo: [EMAIL PROTECTED] cc: 12/15/2003Subject: [squid-users] Drill Down Reporting 12:34 PM Can anyone point me towards a reporting tool that provides drill down access to the complete object list per user? The closest thing I have been able to find is SARG (http://web.onda.com.br/orso/) but that only drills down to the domain name of the site visited (overall a very nice tool). What kind of reporting tools do most of you use? What are the popular packages used in most medium-large organizations? Thanks, Jason
Re: [squid-users] Squid, snmp and MRTG
Below is what I got after your email snmpget -v 1 -c public localhost:3401 .1.3.6.1.4.1.3495.1.1.1 SNMPv2-SMI::enterprises.3495.1.1.1 = INTEGER: 92 Then I tried my mrtf-squid.cfg again. mrtg /var/www/mrtg/mrtg-squid.cfg SNMP Error: Received SNMP response with error code error status: noSuchName index 1 (OID: 1.3.6.1.4.1.3495.1.5.2.1.2) SNMPv1_Session (remote host: "localhost" [127.0.0.1].3401) community: "public" request ID: -1877762615 PDU bufsize: 8000 bytes timeout: 2s retries: 5 backoff: 1) at /usr/share/perl5/SNMP_util.pm line 465 SNMPGET Problem for cacheClientHttpRequests cacheClientHttpRequests cacheUptime cacheSoftware cacheVersionId on [EMAIL PROTECTED]:3401 at /usr/bin/mrtg line 1683 Use of uninitialized value in concatenation (.) or string at /usr/bin/mrtg line 1686. Use of uninitialized value in concatenation (.) or string at /usr/bin/mrtg line 1686. Modification of non-creatable array value attempted, subscript -2 at /usr/bin/mrtg line 1686. Two /var/log/squid/cache.logs attached one is when I have the snmp debug enabled 49,9 and the other is for ALL, 1 When I have both I only get SNMP debug messages not all (ALL,1) By the way I can run other mrtg commands against this server although I have not been sucessful at running squid mrtg configs against this server yet. Also attached is the mrtg-squid.cfg file that I am using; I am making the changes requested in the commented section (of mrtg-squid.cfg) at the beggining of the file like hostname etc. The mrtg-squid.cfg I am using is located here http://www.psychofx.com/chris/unix/mrtg/mrtg-squid.cfg I am making the changes requested in the commented section at the beggining for hostname etc. (See attached file: cache.log)(See attached file: ALL,1.cache.log) Jim Jim Duane Wessels <[EMAIL PROTECTED] To: Jim_Brouse/[EMAIL PROTECTED] cache.org>cc: [EMAIL PROTECTED] Subject: Re: [squid-users] Squid, snmp and MRTG 12/11/2003 09:59 PM On Thu, 11 Dec 2003 Jim_Brouse/[EMAIL PROTECTED] wrote: > > This is the command I used mrtg /var/www/mrtg/mrtg-squid.cfg 49,9 > > Is that how you meant for 49,9 to be used? Not really. I meant for this line to be in squid.conf: debug_options ALL,1 49,9 > Below is the output in cache.log > > 2003/12/11 08:47:09| Failed SNMP agent query from : 127.0.0.1. This is helpful anyway.It implies that Squid is denying the SNMP query because it is not matching your access rules.Based on what you've shown so far, it seems like it should work. You are sending queries to 127.0.0.1 and using 'public' as the SNMP community. To see if the problem is with Squid or with MRTG, you might want to try a different SNMP client, such as snmpget from Net-SNMP (net-snmp.sourceforge.net). For example: % snmpget -v 1 -c public localhost:3401 .1.3.6.1.4.1.3495.1.1.1 Duane W. cache.log Description: Binary data ALL,1.cache.log Description: Binary data
Re: [squid-users] Squid, snmp and MRTG
This is the command I used mrtg /var/www/mrtg/mrtg-squid.cfg 49,9 Is that how you meant for 49,9 to be used? Below is the output in cache.log 2003/12/11 08:47:09| Failed SNMP agent query from : 127.0.0.1. 2003/12/11 08:47:11| Failed SNMP agent query from : 127.0.0.1. 2003/12/11 08:47:13| Failed SNMP agent query from : 127.0.0.1. 2003/12/11 08:47:15| Failed SNMP agent query from : 127.0.0.1. 2003/12/11 08:47:17| Failed SNMP agent query from : 127.0.0.1. 2003/12/11 09:18:52| Failed SNMP agent query from : 127.0.0.1. 2003/12/11 09:18:53| Failed SNMP agent query from : 127.0.0.1. 2003/12/11 09:18:55| Failed SNMP agent query from : 127.0.0.1. 2003/12/11 09:18:57| Failed SNMP agent query from : 127.0.0.1. 2003/12/11 09:18:59| Failed SNMP agent query from : 127.0.0.1. 2003/12/11 13:29:24| Failed SNMP agent query from : 127.0.0.1. 2003/12/11 13:29:26| Failed SNMP agent query from : 127.0.0.1. 2003/12/11 13:29:28| Failed SNMP agent query from : 127.0.0.1. 2003/12/11 13:29:30| Failed SNMP agent query from : 127.0.0.1. 2003/12/11 13:29:32| Failed SNMP agent query from : 127.0.0.1. Jim Duane Wessels <[EMAIL PROTECTED] To: Jim_Brouse/[EMAIL PROTECTED] cache.org>cc: [EMAIL PROTECTED] Subject: Re: [squid-users] Squid, snmp and MRTG 12/11/2003 11:45 AM On Thu, 11 Dec 2003 Jim_Brouse/[EMAIL PROTECTED] wrote: > I am trying to configure Squid for snmp although when I execute mrtg > pointing to my mrtg-squid.cfg I get a error "no response recieved". > > I am using the walkthrough contained on > http://www.psychofx.com/chris/unix/mrtg/ > > > > > I have edited squid.conf and configured it for SNMP on port 3401 and have > uncommented the following sections and squid stops and starts without > errors. > > Since I have the acl snmppublic do I need to add my ip to the acl so that I > can query squid? > > snmp_port 3401 > acl snmppublic snmp_community public > snmp_access allow snmppublic localhost > snmp_incoming_address 0.0.0.0 > snmp_outgoing_address 255.255.255.255 Since you are using localhost, the above 'snmp_access' line should be fine. You may want to add "49,9" to debug_options in squid.conf. Then watch cache.log. That should show you if Squid is actually receiving the SNMP queries, and whether or not they are allowed. You might also want to use tcpdump/ethereal to look for SNMP packets. Duane W.
[squid-users] Squid, snmp and MRTG
I am trying to configure Squid for snmp although when I execute mrtg pointing to my mrtg-squid.cfg I get a error "no response recieved". I am using the walkthrough contained on http://www.psychofx.com/chris/unix/mrtg/ I have edited squid.conf and configured it for SNMP on port 3401 and have uncommented the following sections and squid stops and starts without errors. Since I have the acl snmppublic do I need to add my ip to the acl so that I can query squid? snmp_port 3401 acl snmppublic snmp_community public snmp_access allow snmppublic localhost snmp_incoming_address 0.0.0.0 snmp_outgoing_address 255.255.255.255 output below. mrtg /var/www/mrtg/mrtg-squid.cfg SNMP Error: no response received SNMPv1_Session (remote host: "localhost" [127.0.0.1].3401) community: "public" request ID: -2107181969 PDU bufsize: 8000 bytes timeout: 2s retries: 5 backoff: 1) at /usr/share/perl5/SNMP_util.pm line 465 SNMPGET Problem for cacheServerRequests cacheServerRequests cacheUptime cacheSoftware cacheVersionId on [EMAIL PROTECTED]:3401 at /usr/bin/mrtg line 1683 Use of uninitialized value in concatenation (.) or string at /usr/bin/mrtg line 1686. Use of uninitialized value in concatenation (.) or string at /usr/bin/mrtg line 1686. Modification of non-creatable array value attempted, subscript -2 at /usr/bin/mrtg line 1686. Jim
Re: [squid-users] Squid Server multiple Nics
When I typed in ip route I got the same results with having 2 default gateways one for each network. Maybe I should set the default gateway on eth0 to be the IP address of eth1 although I am not sure if that will break any communications with the network on eth0 and this server? When I entered "ip route get ipaddress" to see the results of what nic is used I got the following. hostname:# host cnn.com cnn.com has address 64.236.24.28 cnn.com has address 64.236.16.20 cnn.com has address 64.236.16.52 cnn.com has address 64.236.16.84 cnn.com has address 64.236.16.116 cnn.com has address 64.236.24.4 cnn.com has address 64.236.24.12 cnn.com has address 64.236.24.20 hostname:# ip route get 64.236.16.84 64.236.16.84 via 55.0.0.3 dev eth1 src 55.0.0.2 cache mtu 1500 advmss 1460 hostname:# host www.google.com www.google.com is an alias for www.google.akadns.net. www.google.akadns.net has address 216.239.41.99 hostname:# ip route get 216.239.41.99 216.239.41.99 via 24.0.0.3 dev eth0 src 24.0.0.2 cache mtu 1500 advmss 1460 So what is strange is that for cnn.com it would go out eth1 and for google.com it would go out eth0. Jim Henrik NordstromTo: Jim_Brouse/[EMAIL PROTECTED] <[EMAIL PROTECTED] cc: unixware <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> he.org> Subject: Re: [squid-users] Squid Server multiple Nics 11/19/2003 03:16 PM On Wed, 19 Nov 2003 Jim_Brouse/[EMAIL PROTECTED] wrote: > > Here is what is in my route table I output this by entering route at the > command prompt. > > > 55.0.0.2 * 255.255.255.128 U 0 00 eth1 > 24.0.0.2 * 255.255.255.0 U 0 00 eth0 > 55.0.0.2 55.0.0.3 255.0.0.0 UG0 00 eth1 > 24.0.0.2 24.0.0.3255.0.0.0 UG0 00 eth0 > default 55.0.0.3 0.0.0.0 UG0 00 eth1 > default24.0.0.30.0.0.0 UG0 00 eth0 > > > With a route table like this considering that the dns server address is on > the 55.0.0.x network will it try to gain internet access from 55.0.0.x or > will it attempt to gain access from either nic? Hard to tell, but I guess it will use the first default route. Normally you can only have one route per destination. Is this a Linux system? If so then the output of "ip route" is better expressing your actual routing table. The ip route command also have an option where you can ask what route will be used for a given destination. ip route get ip.of.selected.destination Regards Henrik
Re: [squid-users] Squid Server multiple Nics
Here is what is in my route table I output this by entering route at the command prompt. 55.0.0.2 * 255.255.255.128 U 0 00 eth1 24.0.0.2 * 255.255.255.0 U 0 00 eth0 55.0.0.2 55.0.0.3 255.0.0.0 UG0 00 eth1 24.0.0.2 24.0.0.3255.0.0.0 UG0 00 eth0 default 55.0.0.3 0.0.0.0 UG0 00 eth1 default24.0.0.30.0.0.0 UG0 00 eth0 With a route table like this considering that the dns server address is on the 55.0.0.x network will it try to gain internet access from 55.0.0.x or will it attempt to gain access from either nic? Should I remove one of the routes? Jim unixware <[EMAIL PROTECTED] To: Jim_Brouse/[EMAIL PROTECTED], [EMAIL PROTECTED] ahoo.com>cc: Subject: Re: [squid-users] Squid Server multiple Nics 11/17/2003 05:19 PM Dear Jim its depend on your default gateway you are using for yr machine check with route command on linux based systems [EMAIL PROTECTED] root]# route Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 192.168.1.0* 255.255.255.128 U 0 00 eth1 192.168.1.128 * 255.255.255.128 U 0 00 eth1 169.254.0.0 * 255.255.0.0 U 0 00 eth1 127.0.0.0 * 255.0.0.0 U 0 00 lo default 192.168.1.1 0.0.0.0 UG0 00 eth1 that is showing it is using eth1 as default gateway to all other networks you can add default route with following commmadn route add default gw 192.168.1.1 eth1 Regards UW --- Jim_Brouse/[EMAIL PROTECTED] wrote: > > eth0 ip address is 24.0.0.2 > eth1 ip address is 55.0.0.2 > > > We have a squid server with 2 nics, if the DNS > server is at 55.0.0.5. > > How does the squid server know which nic to gain > Internet access from? > > Will it gain Internet access from the same nic that > the DNS server is > listed on? What stops squid from resolving > www.domain.com to an IP address > and then choosing either of the nics to get internet > access from. > > I only want squid to gain Internet access on eth1 > > > Jim > __ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree
Re: [squid-users] Changing Squid Error Files
Could it be a permission issue? Does the file you created have the same permission as the other error files that squid generated when it was installed? Jim Henrik NordstromTo: Dan DeLong <[EMAIL PROTECTED]> <[EMAIL PROTECTED] cc: [EMAIL PROTECTED] he.org> Subject: Re: [squid-users] Changing Squid Error Files 11/19/2003 10:14 AM On Wed, 19 Nov 2003, Dan DeLong wrote: > I am running squid2.5.STABLE4. In my squid.conf file I have the following > line that points to my error files. > error_directory /squid/share/errors/English > I have a site that is getting the Zero Sized Reply error that, to the best > of my knowledge, is being called from the ERR_ZERO_SIZE_OBJECT file. It is, assuming you do get the Squid error message and not an error message from your browser. The Squid error message is seen if the server closes the connection before sending any response at all, while some browsers give a such error message if the server sends a 0 bytes response (valid headers but no data). > I want to change this error file to a more generic error before I fix the > cause of the error. However, I have changed this error file to be a generic > html file (keeping the file name the same of course) yet I still keep > getting the same Zero Sized Reply error page instead of my new generic error > page. Odd. Works here. Exacly what does the error message you see in your browser look like? Regards Henrik
Re: [squid-users] Squid service crashes abruptly
I had the same problem when I hit the 2 gig file size limit on my store.log file I have since configured squid to not use a store.log file. Jim Henrik NordstromTo: squid <[EMAIL PROTECTED]> <[EMAIL PROTECTED] cc: [EMAIL PROTECTED] he.org> Subject: Re: [squid-users] Squid service crashes abruptly 11/19/2003 10:12 AM On Wed, 19 Nov 2003, squid wrote: > I am runnnig SQUID2.5STABLE1 on RH9 using Intel x86 Arch. and the squid > service, after about 3 days of intense pounding, fails. When i goto restart > the service it appears as thought i tries to start, authenticator processes > and all, but it then suddenly crashes. If i do a squid -X there are no > errors within the config file. Does Anyne have any ideas or experiences with > this? Anything in cache.log and/or your systems messages file? Try starting Squid interactively /path/to/squid -DNYd3 The most common cause to problems like the above is a) Running out of disk space b) Hitting the magic 2GB file size limitation on the log file Solution for 'a' is to configure your Squid to not use more space than available. Solution for 'b' is to use log rotation to rotate the logs before the 2GB size is reached. Regards Henrik
[squid-users] Squid Server multiple Nics
eth0 ip address is 24.0.0.2 eth1 ip address is 55.0.0.2 We have a squid server with 2 nics, if the DNS server is at 55.0.0.5. How does the squid server know which nic to gain Internet access from? Will it gain Internet access from the same nic that the DNS server is listed on? What stops squid from resolving www.domain.com to an IP address and then choosing either of the nics to get internet access from. I only want squid to gain Internet access on eth1 Jim
[squid-users] yahoo messenger squid and ACL's
I am trying to use an ACL for squid so that anyone the people listed in the ACL can use yahoo messenger. I do not use squidguard only squid with ACL and proxy restrictions. What is the best way to do this? I have created an ACL that is called YAHOOMESSENGER that is supposed to define what IPs are in that ACL. Then I have another ACL that says anyone in this ACL can access yahoo.com I am not sure how to tie the two together so that anyone is in the YAHOOMESSENGER acl then is redirected to another ACL YAHOO that says these IP's can go to .msg.yahoo.com Jim
[squid-users] store.log access.log and logrotate
Can the store.log files that have been rotated be deleted are they useful for anything, I read in the documentation to they are for debugging. What is needed to be configured in logrotate so that it does not rotate access.log. On my linux system logrotate rotates access.log and store.log I want logrotate to continue to rotate store.log but not access.log. I have read the manpage etc but still need some assistance. Jim
Re: [squid-users] Squid Report Issue
The day the log was split was actually not the day I had the problem sorry for the confusion. What I am finding is that on days where the log was not split I do sometimes have many users listed. For example we only have several hundred users on the internet but when this report produces bad data (and I can reproduce the bad report if I copy the access.log file to any other server running SARG) at that point the report will list 23801 users but in the user column in the report I see thousands of entries where IP addresses should be although there are not IP addresses only numbers like "007" I searched access.log and I did find a mention of 007 although it is part of a URL. Some how the access.log is different than normal so then SARG is running against the wrong fields. What do you think is the best way to fix this log? The log is 121 Meg's. I also have another failed log with 28 megs. What is happening is that the report generators get confused and the then the rest of the report is destroyed because it is a sequential file and now it is looking at a field like a url and think it is the userid field. What is the best way to run the logs through a scipt that determines whether or not each line is a good line of data? Jim Henrik NordstromTo: Jim_Brouse/[EMAIL PROTECTED], [EMAIL PROTECTED] <[EMAIL PROTECTED] cc: he.org> Subject: Re: [squid-users] Squid Report Issue 08/19/2003 11:23 AM On Tuesday 19 August 2003 19.07, Jim_Brouse/[EMAIL PROTECTED] wrote: > Is it possible for some reason that squid split the acccess.log > file so now i need to cat them together? Squid never splits the access.log. What Squid may do is to rotate access.log into access.log.1, access.log.2, access.log.3 etc.. If you find other log files then these are either generated by other software, or extracted logs generated by one of your friends administrating the server. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
Re: [squid-users] Problems
Try this but be do not leave debug on too long just long enough to test why it is failing. debug is very verbose squid -k debug access some website squid -k debug Jim "Serge Paquin" <[EMAIL PROTECTED] To: .org>cc: Subject: Re: [squid-users] Problems 08/19/2003 10:03 AM It doesn't say anything meaningfull other than items like: 2003/08/19 11:14:53| clientReadRequest: FD 221 Invalid Request Everything else seems very standard and unrelated. - Original Message - From: To: "Serge Paquin" <[EMAIL PROTECTED]> Sent: Tuesday, August 19, 2003 12:54 PM Subject: Re: [squid-users] Problems > > Have you done a "tail -f /var/log/squid/cache.log" that might provide some > insight, > > > Jim > > > > > > > "Serge Paquin" > <[EMAIL PROTECTED] To: [EMAIL PROTECTED] > .org>cc: > Subject: [squid-users] Problems > 08/19/2003 > 09:39 AM > > > > > > > Hello, > > I am getting a bunch of messages like: > > clientReadRequest: FD 89 Invalid Request > > in my log file. Also I have people complaining that they cannot for > example log into myEbay at .ebay.com. They get a 400 error from > Squid. > > I am using WCCP and have squid running as a transparent proxy. > > In testing I get the Invalid Request when the client gets the 400 error. > > The problem I'm having is that the 400 errors tells you what the problem > *MIGHT* be. I cannot seem to find any information in cache.log or > access.log to find out what the problem *IS*. > > How can I figure this out and solve it? > > As soon as I turn squid off everything then routes fine. > > Oddly enough it only seems to hapen for our test users using Lynx. People > with PPP sessions using IE do not seem to be having the issue. > > Thanks, > Serge. > > > >
Re: [squid-users] Squid Report Issue
I think I might have found part of the problem. I have a access.log file for that date that is 514 megs and I also have a bk.access.log file for that date that is only 150 megs. The two files are only separated by Is it possible for some reason that squid split the acccess.log file so now i need to cat them together? How can I tell which one I need to cat to which one? if I use filename >> filename how can I tell which one should be >> into the other one? They are only separated by a minute. What I am thinking happened is that while SARG was running then there was another cron job that did a /us/sbin/squid -k shutdown Below is their output from an ls -alht -rwxr--r--1 root root 514M Jul 31 15:14 access-07-25-03.log -rwxr--r--1 root root 150M Jul 31 15:13 bk.access-07-25-03.log Jim Jim_Brouse/[EMAIL PROTECTED] ITRIBE.ORG To: [EMAIL PROTECTED] cc: 08/18/2003 10:51 AM Subject: [squid-users] Squid Report Issue Currently, I am having a problem I can not resolve at this point though. I have tried looking everywhere for information on this particular squid report issue. I am using SARG for these reports. I do not always get these errors. There is a cron job every night and sometimes I get reports that list about 7000 userid's. We have less than 500 users that have Internet access and the data for all of the 500 users is not in report with the 7000 users which do not show correct ip addresses they are just a set of zeros here is an example of one of the userids "007" normally it is an IP address that makes in the userid field. Jim
[squid-users] Squid Report Issue
Currently, I am having a problem I can not resolve at this point though. I have tried looking everywhere for information on this particular squid report issue. I am using SARG for these reports. I do not always get these errors. There is a cron job every night and sometimes I get reports that list about 7000 userid's. We have less than 500 users that have Internet access and the data for all of the 500 users is not in report with the 7000 users which do not show correct ip addresses they are just a set of zeros here is an example of one of the userids "007" normally it is an IP address that makes in the userid field. Jim
[squid-users] Squid Report not working
I have a report that I am trying to run with the below script. I use crontab to start the job although the job never seems to start. Does the script look good, do you see any problems? How can I tell why it failed or if it did attempt to run at the scheduled time? cat /etc/cron.d/sarg.weekly #!/bin/bash #Get current date TODAY=$(date +%d/%m/%Y) #Get one week ago today LASTWEEK=$(date --date "7 days ago" +%d/%m/%Y) /usr/bin/sarg -d $LASTWEEK-$TODAY exit 0 Jim
Re: [squid-users] Using Mysql as external ACL with Squid 2.5 STABLE 3???
I have used webmin with squid and when you apply changes it only takes a second and squid is not restarted but the changes are applied.I am not sure how that is done, does webmin use cachemgr.cgi? Jim "Carlos Simbana" <[EMAIL PROTECTED] To: <[EMAIL PROTECTED]>, "Markus Korbel" vices.com> <[EMAIL PROTECTED]> cc: 08/05/2003 08:14 Subject: Re: [squid-users] Using Mysql as external ACL with Squid 2.5 AM STABLE 3??? I worked mysql with squid 2.4 and not is necesary restart squid. Today I am looking for an external acl for squid 2.5 stable 3. Do you have it? Carlos Markus wrote: > Hi, I like to use Mysql as source of the acl's for squid. We want to block > several sites, so they cant be viewed. The problem with the standard acl's > used by squid is, if you want to add/remove a site from the list, you need > to restart squid all the time, wich takes several minutes. In these > minutes no internet traffic is possible, which is a big problem. > > Any solutions? > > Thx in advance, Markus >
Re: [squid-users] Determining total time spent at a particular web site andtotal amount of hits
How can I determine for a particular day sites visited for a particular IP in the order visited and time spent on each? Jim Antony Stone <[EMAIL PROTECTED] To: [EMAIL PROTECTED] ons.co.uk>cc: Subject: Re: [squid-users] Determining total time spent at a 08/04/2003 02:14 PMparticular web site and total amount of hits On Monday 04 August 2003 10:06 pm, Jim_Brouse/[EMAIL PROTECTED] wrote: > How can I determine the total time spent at a particular domain for a > particular IP address? (a) Record the time the address first contacts the domain. (b) Record the time they last contact the domain. (c) Subtract (a) from (b) = time spent at the domain. Both (a) and (b) can be found from access.log Remember that http is a stateless protocol - you cannot tell when someone 'leaves' a domain, except by noticing that they haven't returned Antony. -- Most people have more than the average number of legs.
[squid-users] Determining total time spent at a particular web site and total amount ofhits
How can I determine the total time spent at a particular domain for a particular IP address?
Re: [squid-users] Squid Activity/Usage and Reporting Tools
That worked great: grep " http://www.website.net"; access.log | tr -s ' ' | cut -d' ' -f3 | sort -n | uniq > /filename What is the best way to add to this a number next to each IP of the amount of times a particular site was contacted, and the date of last contact? Jim Brouse Internet Administrator Information Technology Department Pascua Yaqui Tribe of Arizona Phone: 520-879-5813 E-mail: [EMAIL PROTECTED] Antony Stone <[EMAIL PROTECTED] To: [EMAIL PROTECTED] ons.co.uk>cc: Subject: Re: [squid-users] Squid Activity/Usage and Reporting Tools 07/31/2003 02:43 PM On Thursday 31 July 2003 10:16 pm, Jim_Brouse/[EMAIL PROTECTED] wrote: > I tried the below script although it did give back a file it only had one > entry in it. What I am interested in is all IP addresses that visited a > particular domains site and subdomains of that site. Try a simpler version: grep -c " http://www.website.net"; access.log will tell you how many accesses there were to the site grep " http://www.website.net"; access.log | tr -s ' ' | cut -d' ' -f3 will give you a list of the IPs that visited it If you want a list showing each IP only once, no matter how many visits it made: grep " http://www.website.net"; access.log | tr -s ' ' | cut -d' ' -f3 | sort -n | uniq Antony. -- How I want a drink, alcoholic of course, after the heavy chapters involving quantum mechanics. - 3.14159265358979
Re: [squid-users] Squid Activity/Usage and Reporting Tools
I installed squid through apt-get install squid If cachemngr.cgi is not there how can I get it there; do I need to reinstall? Jim Henrik NordstromTo: Jim_Brouse/[EMAIL PROTECTED], [EMAIL PROTECTED] <[EMAIL PROTECTED] cc: he.org> Subject: Re: [squid-users] Squid Activity/Usage and Reporting Tools 07/31/2003 02:29 PM On Thursday 31 July 2003 21.48, Jim_Brouse/[EMAIL PROTECTED] wrote: > The only cachemgr.cgi located on my harddrive is at the following > location /usr/share/webmin/webmin-1.090/squid/cachemgr.cgi > > Can I use that cachemgr.cgi or is that specific to webmin? Might be useable, but I do not know. If unsure, install the one shipped with Squid. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
Re: [squid-users] Squid Activity/Usage and Reporting Tools
I tried the below script although it did give back a file it only had one
entry in it. What I am interested in is all IP addresses that visited a
particular domains site and subdomains of that site.
egrep http://www.somesite.com access.log | egrep '192.168.1.[234]' | awk
egrep: access.log: No such file or directory
Jim Brouse
Internet Administrator
Information Technology Department
Pascua Yaqui Tribe of Arizona
Phone: 520-879-5813
E-mail: [EMAIL PROTECTED]
"Adam"
<[EMAIL PROTECTED] To: <[EMAIL PROTECTED]>
l.net> cc:
Subject: Re: [squid-users] Squid
Activity/Usage and Reporting Tools
07/31/2003
11:11 AM
Please respond
to "Adam"
Jim_wrote:
> What is the best way to determine how busy squid is, for example if there
> is an Internet slow down. Some way to determine if the squid box is
busy,
> if the squid box can not get out to the Internet, or just a particulary
> slow web page?
"How busy squid is" would seem to me to be different that if there is an
internet slow down. For monitoring squid, use the cachemgr.cgi script.
Info here: http://www.squid-cache.org/Doc/FAQ/FAQ-9.html. The general info
page has some useful info - if any particular value is not self-evident
then
just search for it using groups.google.com (to just search this mailing
list, go to Advanced and put in mailing.unix.squid-users).
However my problem is often: is it squid or the internet? Fortunately we
have a few test boxes that can go via the proxy or directly out. So from
those boxes and the proxy itself we do traceroutes and pings to various
test
sites (e.g. our own offsite servers) so we have an idea of what
normal/expected traffic and return times are.
I use ping to see packet loss and any ups/downs in traffice. We have 2
T1's
and one often has intermittent problems so this helps to show them:
$ ping -s www.somesite.com 56 100 (this says send 56byte packets a
hundred times - it's ping -t on Win2K).
PING www.somesite.com: 56 data bytes
64 bytes from www.somesite.com (209.157.104.243): icmp_seq=0. time=11. ms
64 bytes from www.somesite.com (209.157.104.243): icmp_seq=1. time=109. ms
64 bytes from www.somesite.com (209.157.104.243): icmp_seq=2. time=128. ms
etc.
traceroute www.somesite.com is also very handy.
> Also if I have a squid access.log and I want to determine all users IP
> addresses that are accessing www.somesite.com what is the best way to
pull
> out that information.
Short of using one of the reports/tools listed here
http://www.squid-cache.org/Scripts/, why not use something like this:
egrep http://www.somesite.com access.log | egrep '192.168.1.[234]' | awk
'{print $3}' | sort -u > /tmp/gotcha
(Assumes you are using native log format, are not logging fqdn, hence IP is
3rd field. Substitute 192.168.1.[234] for whatever IP range you are
seeking).
hth
Adam
Re: [squid-users] Squid Activity/Usage and Reporting Tools
The only cachemgr.cgi located on my harddrive is at the following location
/usr/share/webmin/webmin-1.090/squid/cachemgr.cgi
Can I use that cachemgr.cgi or is that specific to webmin?
I am using Debian with kernel 2.4.21
Jim
"Adam"
<[EMAIL PROTECTED] To: <[EMAIL PROTECTED]>
l.net> cc:
Subject: Re: [squid-users] Squid
Activity/Usage and Reporting Tools
07/31/2003
11:11 AM
Please respond
to "Adam"
Jim_wrote:
> What is the best way to determine how busy squid is, for example if there
> is an Internet slow down. Some way to determine if the squid box is
busy,
> if the squid box can not get out to the Internet, or just a particulary
> slow web page?
"How busy squid is" would seem to me to be different that if there is an
internet slow down. For monitoring squid, use the cachemgr.cgi script.
Info here: http://www.squid-cache.org/Doc/FAQ/FAQ-9.html. The general info
page has some useful info - if any particular value is not self-evident
then
just search for it using groups.google.com (to just search this mailing
list, go to Advanced and put in mailing.unix.squid-users).
However my problem is often: is it squid or the internet? Fortunately we
have a few test boxes that can go via the proxy or directly out. So from
those boxes and the proxy itself we do traceroutes and pings to various
test
sites (e.g. our own offsite servers) so we have an idea of what
normal/expected traffic and return times are.
I use ping to see packet loss and any ups/downs in traffice. We have 2
T1's
and one often has intermittent problems so this helps to show them:
$ ping -s www.somesite.com 56 100 (this says send 56byte packets a
hundred times - it's ping -t on Win2K).
PING www.somesite.com: 56 data bytes
64 bytes from www.somesite.com (209.157.104.243): icmp_seq=0. time=11. ms
64 bytes from www.somesite.com (209.157.104.243): icmp_seq=1. time=109. ms
64 bytes from www.somesite.com (209.157.104.243): icmp_seq=2. time=128. ms
etc.
traceroute www.somesite.com is also very handy.
> Also if I have a squid access.log and I want to determine all users IP
> addresses that are accessing www.somesite.com what is the best way to
pull
> out that information.
Short of using one of the reports/tools listed here
http://www.squid-cache.org/Scripts/, why not use something like this:
egrep http://www.somesite.com access.log | egrep '192.168.1.[234]' | awk
'{print $3}' | sort -u > /tmp/gotcha
(Assumes you are using native log format, are not logging fqdn, hence IP is
3rd field. Substitute 192.168.1.[234] for whatever IP range you are
seeking).
hth
Adam
[squid-users] Squid Activity/Usage and Reporting Tools
What is the best way to determine how busy squid is, for example if there is an Internet slow down. Some way to determine if the squid box is busy, if the squid box can not get out to the Internet, or just a particulary slow web page? Also if I have a squid access.log and I want to determine all users IP addresses that are accessing www.somesite.com what is the best way to pull out that information. Jim
[squid-users] Squid Report
I am using sarg to create reports for squid and there are some columns that I have a question about for example % bytes is this the % of bytes that each page comprises of for each user? Also % time does each page have some percentage depending on the total time spent downloading that page. Also there is used time and milliseconds are these the same just that the milliseconds column is the download time broken down in milliseconds? Jim E-mail: [EMAIL PROTECTED]
[squid-users] Squid File Locations for standard Denied message
At one time I had located the files that are used to create the different messages for example when a user receives a denied message. Can anyone please tell me this location again. I am using Debian. Jim
