[squid-users] How to detmine how many web pages have been visited in a month

2005-01-14 Thread Jim_Brouse/PYT
I have my access.log files and there is one for each day of the month what
is the best way to determine how many web pages were viewed for the month?




Jim





[squid-users] squid shuts down and syslogs complains disk space over limit but I have free disc space

2004-12-29 Thread Jim_Brouse/PYT
Squid is shutting down and syslog is reporting the following "Dec 29
10:04:34 squid1 squid[7873]: WARNING: Disk space over limit: 153268 KB >
102400 KB
"  But i have free disc space as shown below.


df -h
Filesystem    Size  Used Avail Use% Mounted on
/dev/sda2  65G   18G   44G  28% /
tmpfs    1010M 0 1009M   0% /dev/shm




Jim



Re: [squid-users] parent cache

2004-10-27 Thread Jim_Brouse/PYT

I added the below text to the child:

nonhierarchical_direct off
prefer_direct off
cache_peer parent.server.ip  parent 3128 0 default no-query

And I added the child to an acl on the parent that does not allow
downloading of .exe's but when I tried to downoad them I was able to.
Since I added the child to an acl on the parent that does not allow
download of exe's I do not see why I can download exe's.

I thought  since the child was added on the parent to an acl that did not
allow downloads of exe's I would not be able to download them.

To recap:

>From child squid server given  workstation IP can download anything
Put child squid server IP into an acl on the parent server that can not
downoad .exe's
>From given workstion IP I can download .exe's but why?



Jim




   
   
Henrik 
   
NordstromTo: Jim_Brouse/[EMAIL PROTECTED]  

<[EMAIL PROTECTED]   cc: [EMAIL PROTECTED] 
 
he.org>  Subject: Re: [squid-users] parent cache   
   
   
   
10/27/2004 
   
03:46 PM   
   
   
   
   
   




On Wed, 27 Oct 2004 Jim_Brouse/[EMAIL PROTECTED] wrote:

> I have been reading documentation at the below two urls and what I can
not
> determine is that do I need to enable something on server a if it is
going
> to be a parent to server b or do I just need to tell server b which
server
> is its parent?

You need to make A allow B as a client if it is not already in the list of
allowed clients, and to configure B to use A as it's parent.

No other configuration on A is required.

>cache_peer parentcache.foo.com parent 3128 0 no-query default
>acl all src 0.0.0.0/0.0.0.0
>never_direct allow all
>
>  or
>
>cache_peer parentcache.foo.com parent 3128 0 no-query
>prefer_direct off

Depends on what you want. The first always uses the parent, the second
prefers to use the parent if available and it makes sense for the request
in terms of caching, if not it will go direct.

Regards
Henrik






Re: [squid-users] parent cache

2004-10-27 Thread Jim_Brouse/PYT

Do I need to enable something on the parent server so that it can be a
parent server?




Jim




   
   
Kashif Ali 
   
Bukhari  To: "jim_brouse/[EMAIL PROTECTED]" 
, squid users 
<[EMAIL PROTECTED]<[EMAIL PROTECTED]>  
 
l.com>   cc:   
   
 Subject: Re: [squid-users] parent cache   
   
10/27/2004 
   
02:42 PM   
   
Please respond 
   
to Kashif Ali  
   
Bukhari
   
   
   
   
   




please explain your words


On Wed, 27 Oct 2004 14:21:02 -0700,
jim_brouse/[EMAIL PROTECTED]
 wrote:
> I have been reading documentation at the below two urls and what I can
not
> determine is that do I need to enable something on server a if it is
going
> to be a parent to server b or do I just need to tell server b which
server
> is its parent?
>
> http://squid.visolve.com/squid/squid24s1/neighbour.htm#cache_peer
>
> http://www.squid-cache.org/Doc/FAQ/FAQ-4.html#ss4.9
>
>cache_peer parentcache.foo.com parent 3128 0 no-query default
>acl all src 0.0.0.0/0.0.0.0
>never_direct allow all
>
>  or
>
>cache_peer parentcache.foo.com parent 3128 0 no-query
>prefer_direct off
>
> Jim
>
>


--
Syed Kashif Ali
+923004295604
MSN:- [EMAIL PROTECTED]
11-B Toheed Park Gulshen-e-Ravi Lahore, Pakistan






[squid-users] parent cache

2004-10-27 Thread Jim_Brouse/PYT
I have been reading documentation at the below two urls and what I can not
determine is that do I need to enable something on server a if it is going
to be a parent to server b or do I just need to tell server b which server
is its parent?


http://squid.visolve.com/squid/squid24s1/neighbour.htm#cache_peer

http://www.squid-cache.org/Doc/FAQ/FAQ-4.html#ss4.9


cache_peer parentcache.foo.com parent 3128 0 no-query default
acl all src 0.0.0.0/0.0.0.0
never_direct allow all


  or

cache_peer parentcache.foo.com parent 3128 0 no-query
prefer_direct off






Jim



Re: [squid-users] can not access sites due to acl when using ntlm auth

2004-08-24 Thread Jim_Brouse/PYT

Part of my problem was kiosk was defined as url_regex it should have been
src.


This was the specifics on KIOSK

acl KIOSK url_regex "/etc/squid/acl/kiosk.src"
acl KIOSK.dstdomain dstdomain "/etc/squid/acl/kiosk.dstdomain.acl"
http_access allow KIOSK.dstdomain
http_access allow KIOSK


Now they are:

acl KIOSK src "/etc/squid/acl/kiosk.src"
acl KIOSK.dstdomain dstdomain "/etc/squid/acl/kiosk.dstdomain.acl"
http_access allow KIOSK KIOSK.dstdomain


And it works as before, I can not believe it was working before thanks
everyone for the help.

Here are my http_access statements before cleanup:

> egrep -v '^$|^#' /etc/squid/squid.conf  |grep http_access
> http_access allow manager localhost
> http_access deny manager
> http_access allow KIOSK.dstdomain
> http_access allow KIOSK
> http_access deny KIOSK
> http_access allow AIRMAIL
> http_access allow PAGING
> http_access deny PAGING
> http_access deny BLOCK.NOT.YAHOO
> http_access allow YAHOOMESSENGER
> http_access deny YAHOOMESSENGER
> http_access deny BLOCK.NOT.AOL
> http_access allow AOL
> http_access deny  AOL
> http_access deny lab.src  lab.dstdomain
> http_access allow lab.src
> http_access deny lab.src
> http_access allow LOG-ONLY-HOSTS
> http_access deny NO.NONBLOCK  NONBLOCK
> http_access allow NONBLOCK
> http_access allow NONPORN
> http_access deny BLOCK
> http_access deny MIMEBLOCK
> http_access deny RESTRICTED-BROWSER
> http_access deny RESTRICTED-DOM
> http_access allow manager ADMIN-HOSTS
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access deny to_localhost
> http_access deny all

Here are my http_access after cleanup, Thanks Everyone.


 egrep -v '^$|^#' /etc/squid.conf |grep http_access -i
http_access allow manager localhost
http_access deny manager
http_access allow KIOSK KIOSK.dstdomain
http_access allow PAGING AIRMAIL
http_access deny BLOCK.NOT.YAHOO YAHOOMESSENGER
http_access allow YAHOOMESSENGER
http_access deny AOL BLOCK.NOT.AOL
http_access allow AOL
http_access deny lab.dstdomain lab.src
http_access allow  guad.lab.src
http_access allow LOG-ONLY-HOSTS
http_access deny NO.NONBLOCK  NONBLOCK
http_access allow NONBLOCK
http_access allow NONPORN
http_access deny BLOCK
http_access deny MIMEBLOCK
http_access deny RESTRICTED-BROWSER
http_access deny RESTRICTED-DOM
http_access allow PERMITTED-HOSTS
http_access allow manager ADMIN-HOSTS
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access deny all



Jim



   
   
Henrik 
   
NordstromTo: Jim_Brouse/[EMAIL PROTECTED]  

<[EMAIL PROTECTED]   cc: [EMAIL PROTECTED] 
 
he.org>  Subject: Re: [squid-users] can not access 
sites due to acl when using ntlm auth  
   
   
08/19/2004 
   
03:00 PM   
   
   
   
   
   




On Thu, 19 Aug 2004 Jim_Brouse/[EMAIL PROTECTED] wrote:

> KIOSK is an acl that list what ip can use that acl and KIOSK.dstdomain
> list what sites KIOSK can get to and it seems to work good.  I did remove
> http_access deny KIOSK but when I tried to combine the two statements
that
> I think I need,

Then you should use

http_access allow KIOSK KIOSK.dstdomain
http_access deny KIOSK

> That did not work the users in KIOSK can no longer access sites listed at
> KIOSK.dstdomain which is the goal.

Then something is wrong with either of these two acls.

http_access allow A
http_access allow B

is very different from

http_access allow A B


The first allows access if either of the criterias is fulfilled. The
second allows access only if both criterias is fulfilled. And this is one
of many things of Squid access controls is what we try to explain in the
Squid FAQ chapter 10 introduction.


But the source of your authentication problem is most likely my last
comment. Somewhere you need to allow the request be

Re: [squid-users] can not access sites due to acl when using ntlm auth

2004-08-19 Thread Jim_Brouse/PYT

>> http_access allow KIOSK.dstdomain
>> http_access allow KIOSK

>>>Is this really what you want?

>>>Allow everyone access to KOISK.dstdomain

>>>Allow KIOSK access to everything.

>> http_access deny KIOSK

>>>This is redundant due to the above.




 KIOSK is an acl that list what ip can use that acl and KIOSK.dstdomain
list what sites KIOSK can get to and it seems to work good.  I did remove
http_access deny KIOSK but when I tried to combine the two statements that
I think I need,


>> http_access allow KIOSK.dstdomain
>> http_access allow KIOSK

into

> http_access allow KIOSK KIOSK.dstdomain

That did not work the users in KIOSK can no longer access sites listed at
KIOSK.dstdomain which is the goal.




Jim



   
   
Henrik 
   
NordstromTo: Jim_Brouse/[EMAIL PROTECTED]  

<[EMAIL PROTECTED]   cc: Henrik Nordstrom <[EMAIL 
PROTECTED]>, [EMAIL PROTECTED]  
he.org>  Subject: Re: [squid-users] can not access 
sites due to acl when using ntlm auth  
   
   
08/19/2004 
   
12:36 AM   
   
   
   
   
   






On Wed, 18 Aug 2004 Jim_Brouse/[EMAIL PROTECTED] wrote:

>> http_access allow manager localhost
>> http_access deny manager

Ok

>> http_access allow KIOSK.dstdomain
>> http_access allow KIOSK

Is this really what you want?

Allow everyone access to KOISK.dstdomain

Allow KIOSK access to everything.

>> http_access deny KIOSK

This is redundant due to the above.

>> http_access allow MYAIRMAIL

>> http_access allow PAGING

>> http_access deny PAGING

This is redundand. You can not deny what you have already allowed.

>> http_access deny BLOCK.NOT.YAHOO
>> http_access allow YAHOOMESSENGER
>> http_access deny YAHOOMESSENGER

This i redundant.

>> http_access deny BLOCK.NOT.AOL
>> http_access allow AOL
>> http_access deny  AOL

This is redundant.

>> http_access deny lab.src  lab.dstdomain
>> http_access allow lab.src
>> http_access deny lab.src

This is redundant.

>> http_access allow LOG-ONLY-HOSTS
>> http_access deny NO.NONBLOCK  NONBLOCK
>> http_access allow NONBLOCK
>> http_access allow NONPORN
>> http_access deny BLOCK
>> http_access deny MIMEBLOCK
>> http_access deny RESTRICTED-BROWSER
>> http_access deny RESTRICTED-DOM

>> http_access allow manager ADMIN-HOSTS
>> http_access deny manager

This is redundant due to the first two rules already taking care of all
manager access.

>> http_access deny !Safe_ports
>> http_access deny CONNECT !SSL_ports
>> http_access deny to_localhost

These should be much higher, before your own first accept rule.

Somewhere before this last deny of everything else it looks like there is
some allow statements missing, allowing access after you have filtered out
all the things you do not want to see..

>> http_access deny all

Regards
Henrik






Re: [squid-users] can not access sites due to acl when using ntlm auth

2004-08-18 Thread Jim_Brouse/PYT

I read chapter 10 and also looked in Squid the Definitive Guide and I can
not find any thing in those references that would make me want to change my
acls.Would it make sends that I need this many acls depending upon my
needs correct?



Jim Brouse
Internet Administrator
Information Technology Department
Pascua Yaqui Tribe of Arizona
Phone: 520-879-5813
E-mail: [EMAIL PROTECTED]




   
   
Henrik 
   
NordstromTo: Jim_Brouse/[EMAIL PROTECTED]  

<[EMAIL PROTECTED]   cc:   
   
he.org>  Subject: Re: [squid-users] can not access 
sites due to acl when using ntlm auth  
   
   
08/18/2004 
   
11:23 AM   
   
   
   
   
   




On Wed, 18 Aug 2004 Jim_Brouse/[EMAIL PROTECTED] wrote:

> egrep -v '^$|^#' /etc/squid/squid.conf  |grep http_access
> http_access allow manager localhost
> http_access deny manager
> http_access allow KIOSK.dstdomain
> http_access allow KIOSK
> http_access deny KIOSK
> http_access allow MYAIRMAIL
> http_access allow PAGING
> http_access deny PAGING
> http_access deny BLOCK.NOT.YAHOO
> http_access allow YAHOOMESSENGER
> http_access deny YAHOOMESSENGER
> http_access deny BLOCK.NOT.AOL
> http_access allow AOL
> http_access deny  AOL
> http_access deny lab.src  lab.dstdomain
> http_access allow lab.src
> http_access deny lab.src
> http_access allow LOG-ONLY-HOSTS
> http_access deny NO.NONBLOCK  NONBLOCK
> http_access allow NONBLOCK
> http_access allow NONPORN
> http_access deny BLOCK
> http_access deny MIMEBLOCK
> http_access deny RESTRICTED-BROWSER
> http_access deny RESTRICTED-DOM
> http_access allow manager ADMIN-HOSTS
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access deny to_localhost
> http_access deny all


I think you need to clean this up somewhat to get it under control. Spend
some time reading the introduction in Squid FAQ chapter 10 Access
Controls.

And please keep discusion on the mailinglist thanks.

Regards
Henrik






[squid-users] forward http traffic for one site

2004-08-18 Thread Jim_Brouse/PYT
How can I forward http/squid traffic for one site or domain?

I have looked on the FAQ on squid-cache.org, googled and looked in Squid
the Definitive Guide.


Jim



[squid-users] can not access sites due to acl when using ntlm auth

2004-08-17 Thread Jim_Brouse/PYT

When I try to access sites after being authorized as a ntlm user I am
getting this message in cache.log when in debug mode


2004/08/17 16:43:14| The request GET http://www.google.com/ is DENIED,
because i
t matched 'all'


I have this configed in my squid.conf

acl all src 0.0.0.0/0.0.0.0

http_access deny all

The point is that why does squid not see ntlm auth and then not concernt
itself with the all acl?

Should I remove the all acl, but I believe that is so that we do not have
someone use the proxy that is not explicity configed to.



Jim



Re: [squid-users] proxy_auth

2004-05-19 Thread Jim_Brouse/PYT

I tried the following but what is happening now is all users that are
logged on with  Microsoft AD usernames are being granted access to webpages
even though there are not in the acl.users acl, and the reason in cache.log
is because username matched all.

I have  http_access allow all commented out with a "#"



Jim



   
   
Henrik 
   
NordstromTo: Jim_Brouse/[EMAIL PROTECTED]  

<[EMAIL PROTECTED]   cc: [EMAIL PROTECTED] 
 
he.org>  Subject: Re: [squid-users] proxy_auth 
   
   
   
05/03/2004 
   
02:46 PM   
   
   
   
   
   




On Mon, 3 May 2004 Jim_Brouse/[EMAIL PROTECTED] wrote:

> I do have proxy auth working to access any page with the following:
>
> acl AuthorizedUsers  proxy_auth REQUIRED
> http_access allow all AuthorizedUsers
>
> Below is the acl settings to allow only one user to one particular site.
> acl acl.dstdomain dstdomain /etc/squid/acl/acl.dstdomain
> acl acl.users proxy_auth/etc/squid/acl/acl.users
> http_access allow acl.dstdomain
> http_access allow acl.users
> http_access deny acl.users


I think you want

http_access allow acl.dstdomain acl.users
http_access deny acl.users


See the Squid FAQ chapter 10 for details if unsure what the difference is.


In addition you need "quotes" around the filenames.. if not Squid reads
what you have wrote literally (i.e. the filename instead of the contents
of the file).


Regards
Henrik







[squid-users] proxy_auth

2004-05-03 Thread Jim_Brouse/PYT
I do have proxy auth working to access any page with the following:

acl AuthorizedUsers  proxy_auth REQUIRED
http_access allow all AuthorizedUsers

But when I comment that out http_access allow all AuthorizedUsers to  allow
out a particular user to access one site only I only get DENIED for the
site listed in acl.dstdomain and all other domains.


Below is the acl settings to allow only one user to one particular site.
acl acl.dstdomain dstdomain /etc/squid/acl/acl.dstdomain
acl acl.users proxy_auth/etc/squid/acl/acl.users
http_access allow acl.dstdomain
http_access allow acl.users
http_access deny acl.users


Jim



[squid-users] block only if part of a group

2004-04-20 Thread Jim_Brouse/PYT
With squid acl's I usually grant access if a user is part of group then
they have access to what that particular acl is about

Is there a way to say if you are part of this group then access is denied
to a particular acl, otherwise if you are not in the group then you have
access to the site listed in the acl.




Jim



[squid-users] ntlm and granting certain user access to certain sites

2004-04-16 Thread Jim_Brouse/PYT
Is it possible to grant access in squid to certain sites based on a ntlm
username


So one could say joe can go to all sites
and mary can go only to www.comany.com

Is it necessary to use squidgaurd for this and if so does anyone know of a
how to for something like this regarding ntlm usernames and squidguard.


Jim






[squid-users] squid and ntlm auth

2004-04-16 Thread Jim_Brouse/PYT
I have squid configured with NTLM auth and in the squid logs with squid in
debug mode in cache.log squid first reports DENIED access to a site because
they are a member of AuthorizedUsers and then it says it is ALLOWED because
they are a member or AuthorizedUsers group so my question is why does Squid
first deny it and then after it says ALLOWED.

This is seamless to the user they do not see it being DENIED and then
ALLOWED but it seems squid is doing twice the work.

Below from cache.log
2004/04/16 09:13:50| The request GET http://somesite.edu/ is DENIED,
because it matc
hed 'AuthorizedUsers'
2004/04/16 09:13:50| The request GET http://somesite.edu/ is ALLOWED,
because it mat
ched 'AuthorizedUsers'





Jim





Re: [squid-users] Windows Update mirroring

2004-04-16 Thread Jim_Brouse/PYT

If you use SUS (link below) I believe it is free and you will then have a
Windows Update server for your users on your local LAN.



http://www.microsoft.com/windowsserversystem/sus/default.mspx


Jim



   
   
"Sampei"   
   
<[EMAIL PROTECTED]   To: <[EMAIL PROTECTED]>   
 
ali.it>  cc:   
   
 Subject: [squid-users] Windows Update 
mirroring  
04/16/2004 
   
06:55 AM   
   
Please respond 
   
to "Sampei"
   
   
   
   
   




Although I tried several times mirroring Microsoft Windows Update using
free
software I did not the solution; I  looked at in Squid ML archives and
other
documentations on web but resolving nothing. I'm going to use Squid
Accelerator. My aim is to reach MS windows update from whatever client in
the lan because only some of them can download MS patches infact their
browsers are set to go out in Internet (privileged users).

I configured Squid Accelerator to listen to 80 port, with proxy option no
active:
httpd_accel_host virtual
httpd_accel_with_proxy off
httpd_accel_single_host off

I installed 2 NIC in Squid Accelerator Server : internal and public
network:
3 virtual ip addresses for internal Network Interface Card,
1 ip address for public Network Interface Card.

In this way I can use a redirector script (written in PERL) to associate
virtual ip address to these sites:

10.1.1.1www.windowsupdate.com
10.1.1.2v4.windowsupdate.microsoft.com
10.1.1.3www.microsoft.com

When I access , for instance, to 10.1.1.2 my browser correctly point to
v4.windowsupdate.microsoft.com but after few minutes I can see this error:
no route to host. I must say that there's specified the DNS on Squid
Accelerator.

Problem is only for Windows Update site.
Are there problems with Windows Update Javascript ?
Could it be caused because there is attempt to use HTTPS ?!

I noted that using a simple Squid (to go out in Internet) acting as
cache-server (no configured as accelerator) and I set my browser to use it,
I have no problem to run W.U. and download patches.
I'm able to understand the "difference" about how they works and if  there
is difference how MS W.U. takes care answers toward Squid and Squid
Accelerator.

thanks

Sampei













Re: [squid-users] Windows Update mirroring

2004-04-16 Thread Jim_Brouse/PYT

>If you want your clients to go to another hostname then there is a product

>you can buy from Microsoft for setting up a "Windows Update" style
>distribution server. Don't remember what it is called but you can find it
>in another thread about Windows Update some weeks ago..

If you want to mirror Windows Update then use this product

http://www.microsoft.com/windowsserversystem/sus/default.mspx



Jim



   
   
Henrik 
   
NordstromTo: Sampei <[EMAIL PROTECTED]>
 
<[EMAIL PROTECTED]   cc: [EMAIL PROTECTED] 
 
he.org>  Subject: Re: [squid-users] Windows Update 
mirroring  
   
   
04/16/2004 
   
09:49 AM   
   
   
   
   
   




On Fri, 16 Apr 2004, Sampei wrote:

> Although I tried several times mirroring Microsoft Windows Update using
free
> software I did not the solution; I  looked at in Squid ML archives and
other
> documentations on web but resolving nothing.

You can not easily mirror Windows Update, but you can cache it and have
clients redirected to the cache.

The host names used by Windows Update must be accessible by the clients.
The host names does not really need to point to Microsoft, but may point
to accelerators.

If you want your clients to go to another hostname then there is a product
you can buy from Microsoft for setting up a "Windows Update" style
distribution server. Don't remember what it is called but you can find it
in another thread about Windows Update some weeks ago..

> When I access , for instance, to 10.1.1.2 my browser correctly point to
> v4.windowsupdate.microsoft.com but after few minutes I can see this
error:
> no route to host.

By browser or Squid?

What address does the client attempt to contact? (use netstat on the
client)

> I noted that using a simple Squid (to go out in Internet) acting as
> cache-server (no configured as accelerator) and I set my browser to use
it,
> I have no problem to run W.U. and download patches.

Good.

> I'm able to understand the "difference" about how they works and if
there
> is difference how MS W.U. takes care answers toward Squid and Squid
> Accelerator.


The difference is that the Windows Update function knows it's servers, so
even if you request a specific server in the browser the Windows Update
will try to use the server names it thinks it should have, so for this to
work the client needs to know that for the Windows Update domains it
should talk to your accelerator, not Microsoft.  This you can configure in
your internal DNS to have the Microsoft Update domains redirected to your
accelerator, just make sure your Squid is using a real DNS without this
"pollution".

Regards
Henrik







[squid-users] winbind and ntlm auth

2004-04-14 Thread Jim_Brouse/PYT
I have gotten winbind to work with squid but one problem is that the
authentication is basic and from what I read at the FAQ ntlm or basic auth
is supported, is there a way to force ntlm auth, this is for a MS AD 2000
domain and Samba 3 with squid 2.5




 Jim



Re: [squid-users] winbind and proxy_auth

2004-04-14 Thread Jim_Brouse/PYT

I thought that the user was the user who was logged on the AD domian?

How can I confirm what user is trying to access winbind's privileged pipe
is that user basically just squid?


Jim




   
 
Darren Spruell 
 
 cc: [EMAIL PROTECTED]   
   
   Subject: Re: [squid-users] winbind and 
proxy_auth
04/14/2004 02:51   
 
PM 
 
   
 
   
 




Jim_Brouse/[EMAIL PROTECTED] wrote:
> I have been reading the faq at
> http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5to setup winbind
> authentication and everytime I try to access a webpage I am DENIED.
>
> Below is the output from cache.log with debug turned on.
>
> The request  GET  http://blah.com  is DENIED because, it matched
> 'AuthorizedUsers'

When this happened during our setup, it was because the squid user did
not have access to winbind's privileged pipe.

--
Darren Spruell






[squid-users] winbind and proxy_auth

2004-04-14 Thread Jim_Brouse/PYT
I have been reading the faq at
http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5to setup winbind
authentication and everytime I try to access a webpage I am DENIED.

Below is the output from cache.log with debug turned on.

The request  GET  http://blah.com  is DENIED because, it matched
'AuthorizedUsers'

Below is what was added to squid.conf for AuthorizedUsers


-acl AuthorizedUsers proxy_auth REQUIRED
-
-http_access allow all AuthorizedUsers

What is strange is that if the request matches AurhorizedUsers it should be
allowed not denied.



Jim





[squid-users] can squid determine browser version

2004-04-14 Thread Jim_Brouse/PYT
Can squid determine what browser is making a http request so at the end of
the day you could  look at the squid logs and say we have 100 Opera
clients, 12 MS IE 5.0 clients, and 11 MS IE 6.0 clients,

Jim



[squid-users] winbind auth and squid

2004-04-13 Thread Jim_Brouse/PYT
I am trying to configure squid for winbind auth so that users can be
granted Internet access based on their username and not their IP.

I have been referring to
http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5 and I have
successfully joined the MS AD domain, I  can see the computer account on
the Domain Controller and I can also use wbinfo -u and wbinfo -g to check
the usernames and groups associated with that domain, but I can not
successfully do a  "wbinfo -a domainname\\username%password"


I get the following output:

plaintext password authentication failed
error code was NT_STATUS_NO_LOGON_SERVERS (0xc05e)
error messsage was: No logon servers
Could not authenticate user domain\username%password with plaintext
password
challenge/response password authentication failed
error code was NT_STATUS_NO_LOGON_SERVERS (0xc05e)
error messsage was: No logon servers
Could not authenticate user doamin\username with challenge/response


Is this just a test or is this required for winbind auth to work with
squid?


Jim



Re: [squid-users] squid and ldap and active directory

2004-04-01 Thread Jim_Brouse/PYT

Since winbind uses ``base64'' encoding is it possible for squid and winbind
to only look at the username being presented and not ask for the password
therefore the password would not be transmitted in clear text?


Jim



   
   
Henrik 
   
NordstromTo: Jim_Brouse/[EMAIL PROTECTED]  

<[EMAIL PROTECTED]   cc: [EMAIL PROTECTED] 
 
he.org>  Subject: Re: [squid-users] squid and ldap 
and active directory   
   
   
03/19/2004 
   
02:31 PM   
   
   
   
   
   




On Fri, 19 Mar 2004 Jim_Brouse/[EMAIL PROTECTED] wrote:

> I want to use squid and have users authenticate via their currently in
use
> active directory username and password, to do this do I need open ldap
> installed on the squid server?

You need the OpenLDAP libraries if you want to use the LDAP helpers for
Squid.

You do not need the OpenLDAP server or clients installed.

> Will the users be presented with an username/password box or will squid
use
> the curretly in use credentials of the user who is logged on?

LDAP is only possible in the Basic authentication scheme where the users
is asked for their login.

If you want to use automatic login then you need to use the NTLM scheme,
and here the recommended approach is to install Samba-3 and have the Squid
server join your windows domain. See the Squid FAQ on winbind for details.

Regards
Henrik







Re: [squid-users] Squid-RRD

2004-03-29 Thread Jim_Brouse/PYT

I have given it a few days I had crated a cronjob to run every five minutes
and I have also run it manually about 20 times.


Jim




   
   
[EMAIL PROTECTED]  
  
 To: Jim_Brouse/[EMAIL PROTECTED]  

03/27/2004   cc:   
   
12:58 AM Subject: Re: [squid-users] Squid-RRD  
   
   
   
   
   




> I just bought the Squid the Definitive Guide and it is a great book.
>
> I was looking at http://www.squid-cache.org/~wessels/squid-rrd/and
> while I can run poll.pl without error and I can see the rrd graphs via a
> web browser they are all blank I have tried this on 2 different squid
> servers.
Uave you waited long enough so rrd caqn fill it's graph database???
If you wait at least 1 hour, and run the update script every 5 minutes then
you
will see the beginning of the graph comming.


Ries
>
>
>
> Jim
>
>









[squid-users] Squid-RRD

2004-03-26 Thread Jim_Brouse/PYT
I just bought the Squid the Definitive Guide and it is a great book.

I was looking at http://www.squid-cache.org/~wessels/squid-rrd/and
while I can run poll.pl without error and I can see the rrd graphs via a
web browser they are all blank I have tried this on 2 different squid
servers.



Jim



[squid-users] squid and ldap and active directory

2004-03-19 Thread Jim_Brouse/PYT
I want to use squid and have users authenticate via their currently in use
active directory username and password, to do this do I need open ldap
installed on the squid server?

Will the users be presented with an username/password box or will squid use
the curretly in use credentials of the user who is logged on?





Jim





Re: [squid-users] How to Determine what is being cached

2004-02-25 Thread Jim_Brouse/PYT

> Both access.log and store.log gives you this information.

TCP_CLIENT_REFRESH_MISS/304 is that what access.log will display when
something is not going to be cached?





Jim




   
   
Henrik 
   
NordstromTo: Jim_Brouse/[EMAIL PROTECTED]  

<[EMAIL PROTECTED]   cc: [EMAIL PROTECTED] 
 
he.org>  Subject: Re: [squid-users] How to 
Determine what is being cached 
   
   
02/25/2004 
   
02:32 PM   
   
   
   
   
   




On Wed, 25 Feb 2004 Jim_Brouse/[EMAIL PROTECTED] wrote:

> How does this look?
>
> acl nocache dstdomain /etc/squid/acl/nocache
> no_cache deny nocache

The file name above should be within quotes, other than that it looks ok.

> How can I determine what is being cached and what is not being cached?

Both access.log and store.log gives you this information.

Regards
Henrik







[squid-users] How to Determine what is being cached

2004-02-25 Thread Jim_Brouse/PYT
I have the below lines to squid.conf.   If there is a URL  that mactch any
words in the file then they should not be cached.

How does this look?


acl nocache dstdomain /etc/squid/acl/nocache
no_cache deny nocache


How can I determine what is being cached and what is not being cached?


Jim



Re: [squid-users] SNMP Variables

2004-02-25 Thread Jim_Brouse/PYT

Go to the below URL


http://www.squid-cache.org/SNMP/snmpwalk.html



Jim



   

"galle"

<[EMAIL PROTECTED]   To: <[EMAIL PROTECTED]>   
  
ov.ar>   cc:   

 Subject: [squid-users] SNMP Variables 

02/25/2004 

02:33 PM   

   

   





Hi all !!!
Can someone explain me a little the meaning of these snmp variables ? what
are they monitoring and what unit ?
Thanks

cacheProtoAggregateStats.1
cacheHttpHits
cacheRequests
cacheHits
cacheMisses
cacheServerRequests
cacheClients

Diego







Re: [squid-users] Do not cache certain sites/words

2004-02-25 Thread Jim_Brouse/PYT

> We still want the users to be able to access those sites but just not
have
> them cached

>See the no_cache TAG.
>put the acl-name which you don't want to cache them.
>no_cache deny 

I looked in my squid.conf and I found the following

Can I create another line with no_cahe deny "fileanme of file with wordlist
to not cache" or shoudl I just add my filename after QUERY on the same line

#We recommend you to use the following two lines.
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY



Jim




   
   
"Muthukumar"   
   
<[EMAIL PROTECTED]   To: <[EMAIL PROTECTED]>,  
 
tmail.com>   

 cc:   
   
02/24/2004   Subject: Re: [squid-users] Do not cache 
certain sites/words  
08:28 PM   
   
   
   
   
   







> Is it possible to have a squid not cache certain sites.
>
Yes.

>
> We still want the users to be able to access those sites but just not
have
> them cached

See the no_cache TAG.
put the acl-name which you don't want to cache them.
no_cache deny 

Regards,
Muthukumar.








[squid-users] Do not cache certain sites/words

2004-02-24 Thread Jim_Brouse/PYT
Is it possible to have a squid not cache certain sites.


We still want the users to be able to access those sites but just not have
them cached


Jim



[squid-users] Does squid try to update is cache automatically

2004-02-24 Thread Jim_Brouse/PYT
Does squid try to go out and update webpages that users frequently visit,
like if I visit www.kernel.org in the morning will it keep checking whether
it has an up to date page even if a user is not requesting that site or
does squid only update it cache when users request a particular site?


Jim



[squid-users] Creating an ACL that only certain users go through

2004-02-24 Thread Jim_Brouse/PYT
I have created an ACL that only certain users are supposed to go through
but instead all users are being having to run through this dstdomain block
list.

acl list.dstdomain dstdom_regex "location of dstdomain block list"
acl list.src src "location of list of IPs that have to use this list"
http_access deny  list.dstdomain
http_access allow list.src
http_access deny list.src



The problem is that I have other src lists and users in those lists are
having to go through the list.domain file of blocked domains and I only
want IP to go through that list if they are in the list.src file.



Jim



Re: [squid-users] Transparent Proxy Trouble

2004-02-17 Thread Jim_Brouse/PYT

Can you browse the Internet from the squid server itself?

Is it possibly a firewall rule rejecting the traffic from the wireless
clients?

Is it possibly a routing rule sending Internet traffic out the wrong
interface?

ping www.google.com for example then do "ip route get
IPaddressofgoogle.com" and see which interface it it trying to go out of,
try this with several different internet sites.



Jim




   

[EMAIL PROTECTED]  
   
linux.orgTo: [EMAIL PROTECTED] 
  
 cc:   

02/17/2004   Subject: [squid-users] Transparent Proxy 
Trouble  
12:21 PM   

   

   





Hello, Folks -

I have been using squid/squidGuard on our proxy servers here at the library
I
work at for about a year and a half, and have been having great success
with
them.

I am now trying to set up a transparent proxy for a new wireless network so

that we can let folks bring in there laptops and hook up, but have the
content
content filtered (Unfortunately, that is our policy).

I am using a brand new HP Proliant DL140, with a fresh box-stock install of

redhat 9.0. The server has 2 ethernet interfaces, eth0 is outside, eth1 is
the
wireless.

I have tried to set up the machine as described in this article:

http://www.faqs.org/docs/Linux-mini/TransparentProxy.html

I am able to set up squid no sweat, and when I point a wireless client
browser
to port 3128 on the server, squid says that it is fetching pages. When I
"un-
point" my browser, I am still able to browse, but squid's access log is
silent.

Does anybody have any clues as to where I need to look? Is the above URL a
valid way to do this?

Thanks -

Mark Ehle
Computer Support Librarian
Willard Public Library
Battle Creek, MI






Re: [squid-users] Reporting on Squid

2004-02-17 Thread Jim_Brouse/PYT

grep `grep givensite.com  /var/log/squid/access-02-13-04.log |tr -s ' ' |
cut -d' ' -f3
|sort -n|uniq` /var/log/squid/access-02-13-04.log | wc -l

The above command tells the total amount of times a particular site was
visited by all ips but how could you change this so it says IP address so
and so accessed that site 10 times and the whereas a different ip visited
it 100 times.





Jim




   

"Muthukumar"   

<[EMAIL PROTECTED]   To: <[EMAIL PROTECTED]>,  
  
tmail.com>   
 
 cc:   

02/17/2004   Subject: Re: [squid-users] Reporting on 
Squid 
11:15 AM   

   

   








> I use the below command to determine who has been to a particular site
but

> grep givensite.com  /var/log/squid/access-02-13-04.log |tr -s ' ' | cut
-d' ' -f3 |sort -n|uniq

> what would I need to add to determine how many times they did visit that
> site.

grep `grep givensite.com  /var/log/squid/access-02-13-04.log |tr -s ' ' |
cut -d' ' -f3
|sort -n|uniq` /var/log/squid/access-02-13-04.log | wc -l

Regards,
Muthukumar.
India: 0-91-94431-01756






[squid-users] Reporting on Squid

2004-02-17 Thread Jim_Brouse/PYT
I use the below command to determine who has been to a particular site but
what would I need to add to determine how many times they did visit that
site.



grep givensite.com  /var/log/squid/access-02-13-04.log |tr -s ' ' | cut -d'
' -f3 |sort -n|uniq



Jim



Re: [squid-users] Massive problems with https connections to Domino Server (long)

2004-02-09 Thread Jim_Brouse/PYT

Maybe there is something wrong with the client update the client to latest
version of IE with all hotfixes, service packs etc.



Jim


Jim



   

Rainer Traut   

   
   
epost.de>cc: "'[EMAIL PROTECTED]'" <[EMAIL 
PROTECTED]>,
  [EMAIL PROTECTED]
  
02/09/2004   Subject: Re: [squid-users] Massive 
problems with https connections to 
07:43 AM  Domino Server (long) 

   

   





vda wrote:
> On Monday 09 February 2004 13:15, Rainer Traut wrote:
>
> I see ~50 connections open from squid to domino,
> all of them are being closed when you close IE.
This might be by accident, but SSL_RESUMABLE_SESSIONS is 50.

> Since I do not see tcpdump between IE and squid,
> I can only guess that IE, too, kept ~50 open
> connections to squid. You can verify this with
> tcpdump and/or by viewing squid access log.
Yes, that's right, same count.

> Why IE don't do it when you go direct? I don't know.
> You may do detailed tcpdumps and try to spot differences
> between direct/cached cases.
I will try this.

> BTW. Is your squid transparent?
No.

> BTW#2. Why do you proxy https traffic at all?
> What are you trying to achieve?
Security. From what I learned is to deny direct tcp connections to the
internet. I can go direct in this case but that is an exception.
Besides it's easy to implement squid's acl.

> IE DoSes your server. In this case inadvertently but still,
> you have to take measures.
> You probably should configure squid/Domino to limit number
> of TCP connections from one IP, total number of open
> connections and/or limit max connection lifetime.
I know you are very kind and are trying to help me, thx very much for
this. But this cannot be a solution. There is something fundamentally
wrong. I can take down one server with just one client -easily-.

Wild guess here: Might it has sth to do with
IE's ssl_unclean_shutdown I am reading everywhere?
Perhaps Domino shuts down the SSL connections right when IE is direct
connected but fails with proxy?

Rainer








[squid-users] squid reread config files while running

2004-01-15 Thread Jim_Brouse/PYT
What is the best way to tell squid to re-read its config files while it is
running so a change made in a config file will be made active now?


Jim



Re: [squid-users] mrtg and squid

2004-01-07 Thread Jim_Brouse/PYT

How can I determine what OID cacheMedianTime.5 is?




Jim



   

Henrik 

NordstromTo: Jim_Brouse/[EMAIL PROTECTED]  
 
<[EMAIL PROTECTED]   cc: [EMAIL PROTECTED] 
  
he.org>  Subject: Re: [squid-users] mrtg and squid 

   

01/07/2004 

09:35 AM   

   

   





Seems this version of MRTG does not like mixing numeric and symbolic names
in the same OID.

Should work with symbolic OIDs where no additional arguments is required
in the OID however.

Regards
Henrik


On Wed, 7 Jan 2004 Jim_Brouse/[EMAIL PROTECTED] wrote:

>
> I was trying to reference the OID numerically because when I refence it
by
> name I get messages like "evaluated to 5 instead of a number"
>
> File output and mrtg output below.
>
>
>
> cat /var/www/mrtg/squid/mrtg.cache.cfg
>
>
> WorkDir: /var/www/mrtg/squid
> IconDir: /images/
> LoadMIBs: /var/www/mrtg/squid/mib.txt
> Target[squid.cache.client.usage]:
> "cacheMedianTime.5&cacheMedianTime.5:[EMAIL PROTECTED]:3401"
> Title[squid.cache.client.usage]: Cache Statistics: Client IP Accesses
> PageTop[squid.cache.client.usage]: Cache Statistics: # of Client IPs
> accessing cache
> Xsize[squid.cache.client.usage]: 600
> Ysize[squid.cache.client.usage]: 200
> Ytics[squid.cache.client.usage]: 10
> LegendI[squid.cache.client.usage]: Client Accesses
> ShortLegend[squid.cache.client.usage]:  
> LegendO[squid.cache.client.usage]:
> Legend1[squid.cache.client.usage]: Client Accesses
> Legend2[squid.cache.client.usage]:
> YLegend[squid.cache.client.usage]: # of current clients
> MaxBytes[squid.cache.client.usage]: 10
> Options[squid.cache.client.usage]: gauge
>
>
>
>  mrtg /var/www/mrtg/squid/mrtg.cache.cfg
>
> ERROR: Target[squid.cache.client.usage][_IN_] '" $$target[0]{$mode} "'
> evaluated to ' 5 ' instead of a number
> ERROR: Target[squid.cache.client.usage][_OUT_] '" $$target[0]{$mode} "'
> evaluated to ' 5 ' instead of a number
> WARNING: Skipping Update of squid.cache.client.usage, inlast is not
defined
> WARNING: Skipping Update of squid.cache.client.usage, outlast is not
> defined
>
>
>
> Jim
>
>
>
>
>

> Henrik

> NordstromTo:
Jim_Brouse/[EMAIL PROTECTED]
> <[EMAIL PROTECTED]   cc: Henrik Nordstrom
<[EMAIL PROTECTED]>,
> he.org>   <[EMAIL PROTECTED]>

>  Subject: Re: [squid-users]
mrtg and squid
> 01/06/2004

> 02:45 PM

>

>

>
>
>
>
> Your Target does not at all match what is in the documentation.
>
> The numeric OID you have specified does not exists as a value in the
Squid
> MIB, and the error message is thus fully correct as MRTG can not plot
> things that does not exists.
>
> .1.3.6.1.4.1.3495.1.1.1 is enterprise.nlanr.Squid.cacheSystem.
>
>
> Why do you specify the OID numerically? It is much easier to load the
> Squid MIB into MRTG and then specify the OID by name.
>
> Regards
> Henrik
>
>
> On Tue, 6 Jan 2004 Jim_Brouse/[EMAIL PROTECTED] wrote:
>
> >
> > I have tried many configurations I am now trying to get this simplified
> > mrtg.cfg for squid to work
> >
> > >From Documentation at
> >
>
http://howto.aphroland.de/HOWTO/MRTG/SquidMonitoringWithMRTGHostsInIPCache
> >
> > Below contents of mrtg.cfg file
> > WorkDir: /var/www/mrtg/squid
> > Target[squid.cache.ipcache]:
> > .1.3.6.1.4.1.3495.1.1.1&.1.3.6.1.4.1.3495.1.1.1:[EMAIL PROTECTED]:3401
> > Title[squid.cache.ipcache]: Cache Statistics: # of Hosts in IP Cache
> >
> > Output is
> >  mrtg /var/www/mrtg/squid/mrtg.client.squid.cfg
> > SNMP Error:
> > Received SNMP response with error code
> >   error status: noSuchName
> >   index 3 (OID: 1.3.6.1.2.1.1.3.0)
> > SNMPGET Problem for .1.3.6.1.4.1.3495.1.1.1 .1.3.6.1.4.1.3495.1.1.1
>
>
>
>
>







Re: [squid-users] mrtg and squid

2004-01-07 Thread Jim_Brouse/PYT

I was trying to reference the OID numerically because when I refence it by
name I get messages like "evaluated to 5 instead of a number"

File output and mrtg output below.



cat /var/www/mrtg/squid/mrtg.cache.cfg


WorkDir: /var/www/mrtg/squid
IconDir: /images/
LoadMIBs: /var/www/mrtg/squid/mib.txt
Target[squid.cache.client.usage]:
"cacheMedianTime.5&cacheMedianTime.5:[EMAIL PROTECTED]:3401"
Title[squid.cache.client.usage]: Cache Statistics: Client IP Accesses
PageTop[squid.cache.client.usage]: Cache Statistics: # of Client IPs
accessing cache
Xsize[squid.cache.client.usage]: 600
Ysize[squid.cache.client.usage]: 200
Ytics[squid.cache.client.usage]: 10
LegendI[squid.cache.client.usage]: Client Accesses
ShortLegend[squid.cache.client.usage]:  
LegendO[squid.cache.client.usage]:
Legend1[squid.cache.client.usage]: Client Accesses
Legend2[squid.cache.client.usage]:
YLegend[squid.cache.client.usage]: # of current clients
MaxBytes[squid.cache.client.usage]: 10
Options[squid.cache.client.usage]: gauge



 mrtg /var/www/mrtg/squid/mrtg.cache.cfg

ERROR: Target[squid.cache.client.usage][_IN_] '" $$target[0]{$mode} "'
evaluated to ' 5 ' instead of a number
ERROR: Target[squid.cache.client.usage][_OUT_] '" $$target[0]{$mode} "'
evaluated to ' 5 ' instead of a number
WARNING: Skipping Update of squid.cache.client.usage, inlast is not defined
WARNING: Skipping Update of squid.cache.client.usage, outlast is not
defined



Jim




   

Henrik 

NordstromTo: Jim_Brouse/[EMAIL PROTECTED]  
 
<[EMAIL PROTECTED]   cc: Henrik Nordstrom <[EMAIL 
PROTECTED]>,   
he.org>   <[EMAIL PROTECTED]>  
  
 Subject: Re: [squid-users] mrtg and squid 

01/06/2004 

02:45 PM   

   

   





Your Target does not at all match what is in the documentation.

The numeric OID you have specified does not exists as a value in the Squid
MIB, and the error message is thus fully correct as MRTG can not plot
things that does not exists.

.1.3.6.1.4.1.3495.1.1.1 is enterprise.nlanr.Squid.cacheSystem.


Why do you specify the OID numerically? It is much easier to load the
Squid MIB into MRTG and then specify the OID by name.

Regards
Henrik


On Tue, 6 Jan 2004 Jim_Brouse/[EMAIL PROTECTED] wrote:

>
> I have tried many configurations I am now trying to get this simplified
> mrtg.cfg for squid to work
>
> >From Documentation at
>
http://howto.aphroland.de/HOWTO/MRTG/SquidMonitoringWithMRTGHostsInIPCache
>
> Below contents of mrtg.cfg file
> WorkDir: /var/www/mrtg/squid
> Target[squid.cache.ipcache]:
> .1.3.6.1.4.1.3495.1.1.1&.1.3.6.1.4.1.3495.1.1.1:[EMAIL PROTECTED]:3401
> Title[squid.cache.ipcache]: Cache Statistics: # of Hosts in IP Cache
>
> Output is
>  mrtg /var/www/mrtg/squid/mrtg.client.squid.cfg
> SNMP Error:
> Received SNMP response with error code
>   error status: noSuchName
>   index 3 (OID: 1.3.6.1.2.1.1.3.0)
> SNMPGET Problem for .1.3.6.1.4.1.3495.1.1.1 .1.3.6.1.4.1.3495.1.1.1







Re: [squid-users] barebones squid configuration

2004-01-06 Thread Jim_Brouse/PYT

If you download the standard webmin package at www.webmin.com it includes
support for squid and the support to easily add/remove ip from ACLs.



Jim



   
  
Payal Rathod   
  
<[EMAIL PROTECTED]   To: Jim_Brouse/[EMAIL PROTECTED]  
 
ticky.com> cc: 
  
   Subject: Re: [squid-users] barebones 
squid configuration  
01/06/2004 12:54   
  
PM 
  
   
  
   
  




On Tue, Jan 06, 2004 at 12:53:45PM -0700,
Jim_Brouse/[EMAIL PROTECTED] wrote:
>
> Webmin is a nice to have around so that others can work on squid in a
> friendly fashion if they are not familiar with squid.

But will it allow me to add/delete ips from acls easily?

Regards,
-Payal


--
For GNU/Linux Success Stories and Articles visit:
  http://payal.staticky.com






Re: [squid-users] mrtg and squid

2004-01-06 Thread Jim_Brouse/PYT

I have tried many configurations I am now trying to get this simplified
mrtg.cfg for squid to work

>From Documentation at
http://howto.aphroland.de/HOWTO/MRTG/SquidMonitoringWithMRTGHostsInIPCache




Below contents of mrtg.cfg file
WorkDir: /var/www/mrtg/squid
Target[squid.cache.ipcache]:
.1.3.6.1.4.1.3495.1.1.1&.1.3.6.1.4.1.3495.1.1.1:[EMAIL PROTECTED]:3401
Title[squid.cache.ipcache]: Cache Statistics: # of Hosts in IP Cache
PageTop[squid.cache.ipcache]: Cache Statistics: # of Hosts in IP
Cache(Hostname-to-address)
Xsize[squid.cache.ipcache]: 600
Ysize[squid.cache.ipcache]: 200
Ytics[squid.cache.ipcache]: 10
LegendI[squid.cache.ipcache]: Hosts in IP Cache(Hostname-to-Address) 
ShortLegend[squid.cache.ipcache]:  
LegendO[squid.cache.ipcache]: Hosts in IP Cache(Address-to-Hostname) 
Legend1[squid.cache.ipcache]: Hosts in IP Cache(Hostname-to-Address)
Legend2[squid.cache.ipcache]: Hosts in IP Cache(Address-to-Hostname)
YLegend[squid.cache.ipcache]: Hosts
MaxBytes[squid.cache.ipcache]: 50
Options[squid.cache.ipcache]: gauge

Output is
 mrtg /var/www/mrtg/squid/mrtg.client.squid.cfg
SNMP Error:
Received SNMP response with error code
  error status: noSuchName
  index 3 (OID: 1.3.6.1.2.1.1.3.0)
SNMPv1_Session (remote host: "localhost" [127.0.0.1].3401)
  community: "public"
 request ID: -497639849
PDU bufsize: 8000 bytes
timeout: 2s
retries: 5
backoff: 1)
 at /usr/share/perl5/SNMP_util.pm line 486
SNMPGET Problem for .1.3.6.1.4.1.3495.1.1.1 .1.3.6.1.4.1.3495.1.1.1
sysUptime sysName on [EMAIL PROTECTED]:3401
 at /usr/bin/mrtg line 1683
ERROR: Target[squid.cache.ipcache][_IN_] ' $$target[0]{$mode} ' did not
eval into defined data
ERROR: Target[squid.cache.ipcache][_OUT_] ' $$target[0]{$mode} ' did not
eval into defined data
WARNING: Skipping Update of squid.cache.ipcache, inlast is not defined
WARNING: Skipping Update of squid.cache.ipcache, outlast is not defined



Jim



   

Henrik 

NordstromTo: Jim_Brouse/[EMAIL PROTECTED]  
 
<[EMAIL PROTECTED]   cc: [EMAIL PROTECTED] 
  
he.org>  Subject: Re: [squid-users] mrtg and squid 

   

01/05/2004 

08:19 PM   

   

   





On Mon, 5 Jan 2004 Jim_Brouse/[EMAIL PROTECTED] wrote:

> SNMPGET Problem for cacheClientHttpRequests cacheClientHttpRequests

I think you meant to query for cacheProtoClientHttpRequests, not
cacheClientHttpRequests.

footnote: cacheClientHttpRequests is the number of requests from a
specific client in the cacheClientTable (indexed by the client IP
address).  Not sure how to plot this using MRTG but maybe it can be
plotted using cacheClientHttpRequests.ip.of.client.station. This obviously
requires client_db to be enabled.


Regards
Henrik







[squid-users] mrtg and squid

2004-01-05 Thread Jim_Brouse/PYT
I have been unable to get mrtg working with Squid on my debian box.  I have
tried this on two different boxes with the same results.

While snmpget does work I am trying to use a script located at
http://www.psychofx.com/chris/unix/mrtg/mrtg-squid.cfg for the mrtg config

Example output:
http://www.psychofx.com/chris/unix/mrtg/squidsample/


Here is an snmpget that does work successfully for squid.
snmpget -v 1 -c public localhost:3401 .1.3.6.1.4.1.3495.1.1.1
SNMPv2-SMI::enterprises.3495.1.1.1 = INTEGER: 92

The problem is that mrtg will not successfully run against squid.


 mrtg /var/www/mrtg/mrtg-squid.cfg
SNMP Error:
Received SNMP response with error code
  error status: noSuchName
  index 1 (OID: 1.3.6.1.4.1.3495.1.5.2.1.2)
SNMPv1_Session (remote host: "localhost" [127.0.0.1].3401)
  community: "public"
 request ID: -1877762615
PDU bufsize: 8000 bytes
timeout: 2s
retries: 5
backoff: 1)
 at /usr/share/perl5/SNMP_util.pm line 465
SNMPGET Problem for cacheClientHttpRequests cacheClientHttpRequests
cacheUptime cacheSoftware cacheVersionId on [EMAIL PROTECTED]:3401
 at /usr/bin/mrtg line 1683
Use of uninitialized value in concatenation (.) or string at /usr/bin/mrtg
line 1686.
Use of uninitialized value in concatenation (.) or string at /usr/bin/mrtg
line 1686.
Modification of non-creatable array value attempted, subscript -2 at
/usr/bin/mrtg line 1686.






By the way I can run mrtf cfgs against this server although for network
interface input and output sucsessfully.



The mrtg-squid.cfg I am using is located here
http://www.psychofx.com/chris/unix/mrtg/mrtg-squid.cfg I am making the
changes requested in the commented section at the beggining for hostname
etc.


System Specifics:
Debian
kernel 2.4.21
mrtg 2.9.29-1
squid 2.5.4-2
snmpd 5.0.9-3

Jim



[squid-users] ftp access

2003-12-30 Thread Jim_Brouse/PYT
We are trying to ftp to a site with the following format
ftp://[EMAIL PROTECTED]

Although the error we are getting is "cache access denied" we can access
sites on that machine but we get the error cache access denied when trying
to ftp to  site with the above method.

Below is the error message:
___
While trying to retrieve the URL: ftp://[EMAIL PROTECTED]

The following error was encountered:

Cache Access Denied.

Sorry, you are not currently allowed to request:

ftp://[EMAIL PROTECTED]
from this cache until you have authenticated yourself.

You need to use Netscape version 2.0 or greater, or Microsoft Internet
Explorer 3.0, or an HTTP/1.1 compliant browser for this to work. Please
contact the cache administrator if you have difficulties authenticating
yourself or change your default password.

__



We authenticate users for internet access based on IP addresses not on
usernames and passwords so I am not sure if this is cachemgr.cgi issue or
not?


There is a username/password that the site is requiring I am not sure if
squid is also requiring something in addition to that?





Jim



Re: [squid-users] Drill Down Reporting

2003-12-15 Thread Jim_Brouse/PYT

Check out this tool --> http://ababa.org/ all information is placed in a
MySQL db with this tool.  I use this tool and SARG.




Jim





   
 
[EMAIL PROTECTED]  
   
icanhm.comTo: [EMAIL PROTECTED]
   
  cc:  
 
12/15/2003Subject: [squid-users] Drill Down 
Reporting   
12:34 PM   
 
   
 
   
 




Can anyone point me towards a reporting tool that provides drill down
access
to the complete object list per user?  The closest thing I have been able
to
find is SARG (http://web.onda.com.br/orso/) but that only drills down to
the
domain name of the site visited (overall a very nice tool).

What kind of reporting tools do most of you use?  What are the popular
packages used in most medium-large organizations?

Thanks,

Jason






Re: [squid-users] Squid, snmp and MRTG

2003-12-15 Thread Jim_Brouse/PYT


Below is what I got after your email


snmpget -v 1 -c public localhost:3401 .1.3.6.1.4.1.3495.1.1.1
SNMPv2-SMI::enterprises.3495.1.1.1 = INTEGER: 92

Then I tried my mrtf-squid.cfg again.

 mrtg /var/www/mrtg/mrtg-squid.cfg
SNMP Error:
Received SNMP response with error code
  error status: noSuchName
  index 1 (OID: 1.3.6.1.4.1.3495.1.5.2.1.2)
SNMPv1_Session (remote host: "localhost" [127.0.0.1].3401)
  community: "public"
 request ID: -1877762615
PDU bufsize: 8000 bytes
timeout: 2s
retries: 5
backoff: 1)
 at /usr/share/perl5/SNMP_util.pm line 465
SNMPGET Problem for cacheClientHttpRequests cacheClientHttpRequests
cacheUptime cacheSoftware cacheVersionId on [EMAIL PROTECTED]:3401
 at /usr/bin/mrtg line 1683
Use of uninitialized value in concatenation (.) or string at /usr/bin/mrtg
line 1686.
Use of uninitialized value in concatenation (.) or string at /usr/bin/mrtg
line 1686.
Modification of non-creatable array value attempted, subscript -2 at
/usr/bin/mrtg line 1686.


Two /var/log/squid/cache.logs attached one is when I have the snmp debug
enabled 49,9 and the other is for ALL, 1

When I have both I only get SNMP debug messages not all (ALL,1)




By the way I can run other mrtg commands against this server although I
have not been sucessful at running squid mrtg configs against this server
yet.


Also attached is the mrtg-squid.cfg file that I am using; I am making the
changes requested in the commented section (of mrtg-squid.cfg) at the
beggining of the file like hostname etc.


The mrtg-squid.cfg I am using is located here
http://www.psychofx.com/chris/unix/mrtg/mrtg-squid.cfg I am making the
changes requested in the commented section at the beggining for hostname
etc.



(See attached file: cache.log)(See attached file: ALL,1.cache.log)

Jim




Jim



   
 
Duane Wessels  
 
<[EMAIL PROTECTED]   To: Jim_Brouse/[EMAIL PROTECTED]  
 
cache.org>cc: [EMAIL PROTECTED]
   
  Subject: Re: [squid-users] Squid, snmp 
and MRTG   
12/11/2003 
 
09:59 PM   
 
   
 
   
 







On Thu, 11 Dec 2003 Jim_Brouse/[EMAIL PROTECTED] wrote:

>
> This is the command I used mrtg /var/www/mrtg/mrtg-squid.cfg 49,9
>
> Is that how you meant for 49,9 to be used?

Not really.  I meant for this line to be in squid.conf:

debug_options ALL,1 49,9

> Below is the output in cache.log
>
> 2003/12/11 08:47:09| Failed SNMP agent query from : 127.0.0.1.

This is helpful anyway.It implies that Squid is denying the SNMP
query because it is not matching your access rules.Based on what
you've shown so far, it seems like it should work.  You are sending
queries to 127.0.0.1 and using 'public' as the SNMP community.

To see if the problem is with Squid or with MRTG, you might want
to try a different SNMP client, such as snmpget from Net-SNMP
(net-snmp.sourceforge.net).  For example:

% snmpget -v 1 -c public localhost:3401 .1.3.6.1.4.1.3495.1.1.1

Duane W.




cache.log
Description: Binary data


ALL,1.cache.log
Description: Binary data


Re: [squid-users] Squid, snmp and MRTG

2003-12-11 Thread Jim_Brouse/PYT

This is the command I used mrtg /var/www/mrtg/mrtg-squid.cfg 49,9

Is that how you meant for 49,9 to be used?

Below is the output in cache.log





2003/12/11 08:47:09| Failed SNMP agent query from : 127.0.0.1.
2003/12/11 08:47:11| Failed SNMP agent query from : 127.0.0.1.
2003/12/11 08:47:13| Failed SNMP agent query from : 127.0.0.1.
2003/12/11 08:47:15| Failed SNMP agent query from : 127.0.0.1.
2003/12/11 08:47:17| Failed SNMP agent query from : 127.0.0.1.
2003/12/11 09:18:52| Failed SNMP agent query from : 127.0.0.1.
2003/12/11 09:18:53| Failed SNMP agent query from : 127.0.0.1.
2003/12/11 09:18:55| Failed SNMP agent query from : 127.0.0.1.
2003/12/11 09:18:57| Failed SNMP agent query from : 127.0.0.1.
2003/12/11 09:18:59| Failed SNMP agent query from : 127.0.0.1.
2003/12/11 13:29:24| Failed SNMP agent query from : 127.0.0.1.
2003/12/11 13:29:26| Failed SNMP agent query from : 127.0.0.1.
2003/12/11 13:29:28| Failed SNMP agent query from : 127.0.0.1.
2003/12/11 13:29:30| Failed SNMP agent query from : 127.0.0.1.
2003/12/11 13:29:32| Failed SNMP agent query from : 127.0.0.1.


Jim


   
 
Duane Wessels  
 
<[EMAIL PROTECTED]   To: Jim_Brouse/[EMAIL PROTECTED]  
 
cache.org>cc: [EMAIL PROTECTED]
   
  Subject: Re: [squid-users] Squid, snmp 
and MRTG   
12/11/2003 
 
11:45 AM   
 
   
 
   
 







On Thu, 11 Dec 2003 Jim_Brouse/[EMAIL PROTECTED] wrote:

> I am trying to configure Squid for snmp although when I execute mrtg
> pointing to my mrtg-squid.cfg I get a error "no response recieved".
>
> I am using the walkthrough contained on
> http://www.psychofx.com/chris/unix/mrtg/
>
>
>
>
> I have edited squid.conf and configured it for SNMP on port 3401 and have
> uncommented the following sections and squid stops and starts without
> errors.
>
> Since I have the acl snmppublic do I need to add my ip to the acl so that
I
> can query squid?
>
>  snmp_port 3401
>  acl snmppublic snmp_community public
>  snmp_access allow snmppublic localhost
> snmp_incoming_address 0.0.0.0
> snmp_outgoing_address 255.255.255.255

Since you are using localhost, the above 'snmp_access' line should be fine.

You may want to add "49,9" to debug_options in squid.conf.  Then watch
cache.log.  That should show you if Squid is actually receiving the
SNMP queries, and whether or not they are allowed.  You might also
want to use tcpdump/ethereal to look for SNMP packets.

Duane W.






[squid-users] Squid, snmp and MRTG

2003-12-11 Thread Jim_Brouse/PYT
I am trying to configure Squid for snmp although when I execute mrtg
pointing to my mrtg-squid.cfg I get a error "no response recieved".

I am using the walkthrough contained on
http://www.psychofx.com/chris/unix/mrtg/




I have edited squid.conf and configured it for SNMP on port 3401 and have
uncommented the following sections and squid stops and starts without
errors.

Since I have the acl snmppublic do I need to add my ip to the acl so that I
can query squid?

 snmp_port 3401
 acl snmppublic snmp_community public
 snmp_access allow snmppublic localhost
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 255.255.255.255


output below.
mrtg  /var/www/mrtg/mrtg-squid.cfg
SNMP Error:
no response received
SNMPv1_Session (remote host: "localhost" [127.0.0.1].3401)
  community: "public"
 request ID: -2107181969
PDU bufsize: 8000 bytes
timeout: 2s
retries: 5
backoff: 1)
 at /usr/share/perl5/SNMP_util.pm line 465
SNMPGET Problem for cacheServerRequests cacheServerRequests cacheUptime
cacheSoftware cacheVersionId on [EMAIL PROTECTED]:3401
 at /usr/bin/mrtg line 1683
Use of uninitialized value in concatenation (.) or string at /usr/bin/mrtg
line 1686.
Use of uninitialized value in concatenation (.) or string at /usr/bin/mrtg
line 1686.
Modification of non-creatable array value attempted, subscript -2 at
/usr/bin/mrtg line 1686.



Jim



Re: [squid-users] Squid Server multiple Nics

2003-11-19 Thread Jim_Brouse/PYT

When I typed in ip route I got the same results with having 2 default
gateways one for each network.

Maybe I should set the default gateway on eth0 to be the IP address of eth1
although I am not sure if that will break any communications with the
network on eth0 and this server?




When I entered "ip route get ipaddress" to see the results of what nic is
used I got the following.


hostname:# host cnn.com
cnn.com has address 64.236.24.28
cnn.com has address 64.236.16.20
cnn.com has address 64.236.16.52
cnn.com has address 64.236.16.84
cnn.com has address 64.236.16.116
cnn.com has address 64.236.24.4
cnn.com has address 64.236.24.12
cnn.com has address 64.236.24.20
hostname:# ip route get 64.236.16.84
64.236.16.84 via 55.0.0.3 dev eth1  src 55.0.0.2
cache  mtu 1500 advmss 1460
hostname:# host www.google.com
www.google.com is an alias for www.google.akadns.net.
www.google.akadns.net has address 216.239.41.99
hostname:# ip route get 216.239.41.99
216.239.41.99 via 24.0.0.3 dev eth0  src 24.0.0.2
cache  mtu 1500 advmss 1460



So what is strange is that for cnn.com it would go out eth1 and for
google.com it would go out eth0.


Jim




   

Henrik 

NordstromTo: Jim_Brouse/[EMAIL PROTECTED]  
 
<[EMAIL PROTECTED]   cc: unixware <[EMAIL PROTECTED]>, 
<[EMAIL PROTECTED]>   
he.org>  Subject: Re: [squid-users] Squid Server 
multiple Nics 
   

11/19/2003 

03:16 PM   

   

   





On Wed, 19 Nov 2003 Jim_Brouse/[EMAIL PROTECTED] wrote:

>
> Here is what is in my route table I output this by entering route at the
> command prompt.
>
>
> 55.0.0.2   *   255.255.255.128 U 0  00 eth1
> 24.0.0.2  *   255.255.255.0   U 0  00
eth0
> 55.0.0.2 55.0.0.3 255.0.0.0   UG0  00 eth1
> 24.0.0.2   24.0.0.3255.0.0.0   UG0  00 eth0
> default 55.0.0.3   0.0.0.0 UG0  00 eth1
> default24.0.0.30.0.0.0 UG0  00 eth0
>
>
> With a route table like this considering that the dns server address is
on
> the 55.0.0.x network will it try to gain internet access from 55.0.0.x or
> will it attempt to gain access from either nic?


Hard to tell, but I guess it will use the first default route. Normally
you can only have one route per destination.

Is this a Linux system? If so then the output of "ip route" is better
expressing your actual routing table. The ip route command also have an
option where you can ask what route will be used for a given destination.

  ip route get ip.of.selected.destination

Regards
Henrik







Re: [squid-users] Squid Server multiple Nics

2003-11-19 Thread Jim_Brouse/PYT

Here is what is in my route table I output this by entering route at the
command prompt.


55.0.0.2   *   255.255.255.128 U 0  00 eth1
24.0.0.2  *   255.255.255.0   U 0  00 eth0
55.0.0.2 55.0.0.3 255.0.0.0   UG0  00 eth1
24.0.0.2   24.0.0.3255.0.0.0   UG0  00 eth0
default 55.0.0.3   0.0.0.0 UG0  00 eth1
default24.0.0.30.0.0.0 UG0  00 eth0


With a route table like this considering that the dns server address is on
the 55.0.0.x network will it try to gain internet access from 55.0.0.x or
will it attempt to gain access from either nic?

Should I remove one of the routes?




Jim



   

unixware   

<[EMAIL PROTECTED]   To: Jim_Brouse/[EMAIL PROTECTED], 
[EMAIL PROTECTED]  
ahoo.com>cc:   

 Subject: Re: [squid-users] Squid Server 
multiple Nics 
11/17/2003 

05:19 PM   

   

   






Dear Jim

its depend on your default gateway you are using for
yr machine check with route command on linux based
systems

[EMAIL PROTECTED] root]# route
Kernel IP routing table
Destination Gateway Genmask Flags
Metric RefUse Iface
192.168.1.0*   255.255.255.128 U 0
 00 eth1
192.168.1.128  *   255.255.255.128 U 0
 00 eth1
169.254.0.0 *   255.255.0.0 U
0  00 eth1
127.0.0.0   *   255.0.0.0   U
0  00 lo
default 192.168.1.1 0.0.0.0 UG0
  00 eth1

that is showing it is using eth1 as default gateway to
all other networks

you can add default route with following commmadn

route add default gw 192.168.1.1 eth1

Regards

UW



--- Jim_Brouse/[EMAIL PROTECTED] wrote:
>
> eth0 ip address is 24.0.0.2
> eth1 ip address is 55.0.0.2
>
>
> We have a squid server with 2 nics, if the DNS
> server is at 55.0.0.5.
>
> How does the squid server know which nic to gain
> Internet access from?
>
> Will it gain Internet access from the same nic that
> the DNS server is
> listed on?  What stops squid from resolving
> www.domain.com to an IP address
> and then choosing either of the nics to get internet
> access from.
>
> I only want squid to gain Internet access on eth1
>
>
> Jim
>


__
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree






Re: [squid-users] Changing Squid Error Files

2003-11-19 Thread Jim_Brouse/PYT

Could it be a permission issue?  Does the file you created have the same
permission as the other error files that squid generated when it was
installed?



Jim



   

Henrik 

NordstromTo: Dan DeLong <[EMAIL PROTECTED]>
 
<[EMAIL PROTECTED]   cc: [EMAIL PROTECTED] 
  
he.org>  Subject: Re: [squid-users] Changing Squid 
Error Files 
   

11/19/2003 

10:14 AM   

   

   





On Wed, 19 Nov 2003, Dan DeLong wrote:

> I am running squid2.5.STABLE4.  In my squid.conf file I have the
following
> line that points to my error files.
> error_directory /squid/share/errors/English
> I have a site that is getting the Zero Sized Reply error that, to the
best
> of my knowledge, is being called from the ERR_ZERO_SIZE_OBJECT file.

It is, assuming you do get the Squid error message and not an error
message from your browser. The Squid error message is seen if the server
closes the connection before sending any response at all, while some
browsers give a such error message if the server sends a 0 bytes response
(valid headers but no data).

> I want to change this error file to a more generic error before I fix the
> cause of the error.  However, I have changed this error file to be a
generic
> html file (keeping the file name the same of course) yet I still keep
> getting the same Zero Sized Reply error page instead of my new generic
error
> page.

Odd. Works here.

Exacly what does the error message you see in your browser look like?

Regards
Henrik







Re: [squid-users] Squid service crashes abruptly

2003-11-19 Thread Jim_Brouse/PYT

I had the same problem when I hit the 2 gig file size limit on my store.log
file I have since configured squid to not use a store.log file.


Jim



   

Henrik 

NordstromTo: squid <[EMAIL PROTECTED]> 
   
<[EMAIL PROTECTED]   cc: [EMAIL PROTECTED] 
  
he.org>  Subject: Re: [squid-users] Squid service 
crashes abruptly 
   

11/19/2003 

10:12 AM   

   

   





On Wed, 19 Nov 2003, squid wrote:

> I am runnnig SQUID2.5STABLE1 on RH9 using Intel x86 Arch. and the squid
> service, after about 3 days of intense pounding, fails. When i goto
restart
> the service it appears as thought i tries to start, authenticator
processes
> and all, but it then suddenly crashes. If i do a squid -X there are no
> errors within the config file. Does Anyne have any ideas or experiences
with
> this?

Anything in cache.log and/or your systems messages file?

Try starting Squid interactively

  /path/to/squid -DNYd3


The most common cause to problems like the above is

  a) Running out of disk space

  b) Hitting the magic 2GB file size limitation on the log file


Solution for 'a' is to configure your Squid to not use more space than
available.

Solution for 'b' is to use log rotation to rotate the logs before the 2GB
size is reached.

Regards
Henrik







[squid-users] Squid Server multiple Nics

2003-11-17 Thread Jim_Brouse/PYT

eth0 ip address is 24.0.0.2
eth1 ip address is 55.0.0.2


We have a squid server with 2 nics, if the DNS server is at 55.0.0.5.

How does the squid server know which nic to gain Internet access from?

Will it gain Internet access from the same nic that the DNS server is
listed on?  What stops squid from resolving www.domain.com to an IP address
and then choosing either of the nics to get internet access from.

I only want squid to gain Internet access on eth1


Jim



[squid-users] yahoo messenger squid and ACL's

2003-10-01 Thread Jim_Brouse/PYT

I am trying to use an ACL for squid so that anyone the people listed in the
ACL can use yahoo messenger.  I do not use squidguard only squid with ACL
and proxy restrictions.  What is the best way to do this?


I have created an ACL that is called YAHOOMESSENGER that is supposed to
define what IPs are in that ACL.  Then I have another ACL that says anyone
in this ACL can access yahoo.com I am not sure how to tie the two together
so that anyone is in the YAHOOMESSENGER acl then is redirected to another
ACL YAHOO that says these IP's can go to .msg.yahoo.com

Jim



[squid-users] store.log access.log and logrotate

2003-09-10 Thread Jim_Brouse/PYT

Can the store.log files that have been rotated be deleted are they useful
for anything, I read in the documentation to they are for debugging.

What is needed to be configured in logrotate so that it does not rotate
access.log.

On my linux system logrotate rotates access.log and store.log I want
logrotate to continue to rotate store.log but not access.log.  I have read
the manpage etc but still need some assistance.




Jim





Re: [squid-users] Squid Report Issue

2003-08-20 Thread Jim_Brouse/PYT

 The day the log was split was actually not the day I had the problem
sorry for the confusion.

 What I am finding is that on days where the log was not split I do
sometimes have many users listed.

 For example we only have several hundred users on the internet but
when this report produces bad data (and I can reproduce the bad report if I
copy the access.log file to any other server running SARG) at that point
the report will list 23801 users but in the user column in the report I see
thousands of entries where IP addresses should be although there are not IP
addresses only numbers like "007"

I searched access.log and I did find a mention of 007 although
it is part of a URL.  Some how the access.log is different than normal so
then SARG is running against the wrong fields.  What do you think is the
best way to fix this log?   The log is 121 Meg's.  I also have another
failed log with 28 megs.


What is happening is that the report generators get confused and the then
the rest of the report is destroyed because it is a sequential file and now
it is looking at a field like a url and think it is the userid field.

What is the best way to run the logs through a scipt that determines
whether or not each line is a good line of data?










Jim






   

Henrik 

NordstromTo: Jim_Brouse/[EMAIL PROTECTED], [EMAIL 
PROTECTED]  
<[EMAIL PROTECTED]   cc:   

he.org>  Subject: Re: [squid-users] Squid Report 
Issue 
   

08/19/2003 

11:23 AM   

   

   





On Tuesday 19 August 2003 19.07, Jim_Brouse/[EMAIL PROTECTED]
wrote:

> Is it possible for some reason that squid split the acccess.log
> file so now i need to cat them together?

Squid never splits the access.log.

What Squid may do is to rotate access.log into access.log.1,
access.log.2, access.log.3 etc..

If you find other log files then these are either generated by other
software, or extracted logs generated by one of your friends
administrating the server.

Regards
Henrik

--
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]






Re: [squid-users] Problems

2003-08-19 Thread Jim_Brouse/PYT

Try this but be do not leave debug on too long just long enough to test why
it is failing.  debug is very verbose





 squid -k debug 
 access some website
 squid -k debug 






Jim



   

"Serge Paquin" 

<[EMAIL PROTECTED]   To: 
 
.org>cc:   

 Subject: Re: [squid-users] Problems   

08/19/2003 

10:03 AM   

   

   





It doesn't say anything meaningfull other than items like:

2003/08/19 11:14:53| clientReadRequest: FD 221 Invalid Request

Everything else seems very standard and unrelated.


- Original Message -
From: 
To: "Serge Paquin" <[EMAIL PROTECTED]>
Sent: Tuesday, August 19, 2003 12:54 PM
Subject: Re: [squid-users] Problems


>
> Have you done a "tail -f /var/log/squid/cache.log" that might provide
some
> insight,
>
>
> Jim
>
>
>
>
>
>
> "Serge Paquin"
> <[EMAIL PROTECTED]   To:
[EMAIL PROTECTED]
> .org>cc:
>  Subject: [squid-users]
Problems
> 08/19/2003
> 09:39 AM
>
>
>
>
>
>
> Hello,
>
> I am getting a bunch of messages like:
>
> clientReadRequest: FD 89 Invalid Request
>
> in my log file.  Also I have people complaining that they cannot for
> example log into myEbay at .ebay.com.  They get a 400 error from
> Squid.
>
> I am using WCCP and have squid running as a transparent proxy.
>
> In testing I get the Invalid Request when the client gets the 400 error.
>
> The problem I'm having is that the 400 errors tells you what the problem
> *MIGHT* be.  I cannot seem to find any information in cache.log or
> access.log to find out what the problem *IS*.
>
> How can I figure this out and solve it?
>
> As soon as I turn squid off everything then routes fine.
>
> Oddly enough it only seems to hapen for our test users using Lynx.
People
> with PPP sessions using IE do not seem to be having the issue.
>
> Thanks,
> Serge.
>
>
>
>







Re: [squid-users] Squid Report Issue

2003-08-19 Thread Jim_Brouse/PYT

I think I might have found part of the problem.  I have a access.log file
for that date that is 514 megs and I also have a bk.access.log file for
that date that is only 150 megs.  The two files are only separated by

Is it possible for some reason that squid split the acccess.log file so now
i need to cat them together?

How can I tell which one I need to cat to which one?  if I use filename >>
filename how can I tell which one should be >> into the other one?  They
are only separated by a minute.

What I am thinking happened is that while SARG was running then there was
another cron job that did a /us/sbin/squid -k shutdown


Below is their output from an ls -alht
-rwxr--r--1 root root 514M Jul 31 15:14 access-07-25-03.log
-rwxr--r--1 root root 150M Jul 31 15:13
bk.access-07-25-03.log

Jim





   
   
Jim_Brouse/[EMAIL PROTECTED]   
  
ITRIBE.ORG  To: [EMAIL PROTECTED]  
 
cc:
   
08/18/2003 10:51 AM Subject: [squid-users] Squid 
Report Issue 
   
   
   
   





Currently, I am having a problem I can not resolve at this point though.  I
have tried looking everywhere
for information on this particular squid report issue.  I am using SARG for
these reports.

I do not always get these errors.

There is a cron job every night and sometimes I get reports that list about
7000 userid's.

We have less than 500 users that have Internet access and the data for all
of the
500 users is not in report with the 7000 users which do not show correct ip
addresses they are just a set of zeros
here is an example of one of the userids "007" normally it is
an IP address that makes in the userid field.





Jim







[squid-users] Squid Report Issue

2003-08-18 Thread Jim_Brouse/PYT

Currently, I am having a problem I can not resolve at this point though.  I
have tried looking everywhere
for information on this particular squid report issue.  I am using SARG for
these reports.

I do not always get these errors.

There is a cron job every night and sometimes I get reports that list about
7000 userid's.

We have less than 500 users that have Internet access and the data for all
of the
500 users is not in report with the 7000 users which do not show correct ip
addresses they are just a set of zeros
here is an example of one of the userids "007" normally it is
an IP address that makes in the userid field.





Jim



[squid-users] Squid Report not working

2003-08-14 Thread Jim_Brouse/PYT

I have a report that I am trying to run with the below script.  I use
crontab to start the job although the job never seems to start.

Does the script look good, do you see any problems?

How can I tell why it failed or if it did attempt to run at the scheduled
time?

 cat /etc/cron.d/sarg.weekly
#!/bin/bash

#Get current date
TODAY=$(date +%d/%m/%Y)

#Get one week ago today
LASTWEEK=$(date --date "7 days ago" +%d/%m/%Y)

/usr/bin/sarg -d $LASTWEEK-$TODAY

exit 0




Jim





Re: [squid-users] Using Mysql as external ACL with Squid 2.5 STABLE 3???

2003-08-14 Thread Jim_Brouse/PYT

I have used webmin with squid and when you apply changes it only takes a
second and squid is not restarted but the changes are applied.I am not
sure how that is done, does webmin use cachemgr.cgi?


Jim


   
  
"Carlos Simbana"   
  
<[EMAIL PROTECTED]   To: <[EMAIL PROTECTED]>, "Markus 
Korbel"
vices.com>  <[EMAIL PROTECTED]>
 
   cc: 
  
08/05/2003 08:14   Subject: Re: [squid-users] Using Mysql 
as external ACL with Squid 2.5 
AM  STABLE 3???
  
   
  
   
  




I worked mysql with squid 2.4 and not is necesary restart squid.

Today I am looking for an external acl for squid 2.5 stable 3. Do you have
it?

Carlos

Markus wrote:

> Hi, I like to use Mysql as source of the acl's for squid. We want to
block
> several sites, so they cant be viewed. The problem with the standard
acl's
> used by squid is, if you want to add/remove a site from the list, you
need
> to restart squid all the time, wich takes several minutes. In these
> minutes no internet traffic is possible, which is a big problem.
>
> Any solutions?
>
> Thx in advance, Markus
>








Re: [squid-users] Determining total time spent at a particular web site andtotal amount of hits

2003-08-04 Thread Jim_Brouse/PYT

How can I determine for a particular day sites visited for a particular IP
in the order visited and time spent on each?

Jim




   
 
Antony Stone   
 
<[EMAIL PROTECTED]   To: [EMAIL PROTECTED] 
  
ons.co.uk>cc:  
 
  Subject: Re: [squid-users] 
Determining total time spent at a  
08/04/2003 02:14 PMparticular web site and total amount of 
hits 
   
 
   
 




On Monday 04 August 2003 10:06 pm, Jim_Brouse/[EMAIL PROTECTED]
wrote:

> How can I determine the total time spent at a particular domain for a
> particular IP address?

(a) Record the time the address first contacts the domain.
(b) Record the time they last contact the domain.
(c) Subtract (a) from (b) = time spent at the domain.

Both (a) and (b) can be found from access.log

Remember that http is a stateless protocol - you cannot tell when someone
'leaves' a domain, except by noticing that they haven't returned

Antony.

--

Most people have more than the average number of legs.






[squid-users] Determining total time spent at a particular web site and total amount ofhits

2003-08-04 Thread Jim_Brouse/PYT

How can I determine the total time spent at a particular domain for a
particular IP address?






Re: [squid-users] Squid Activity/Usage and Reporting Tools

2003-08-01 Thread Jim_Brouse/PYT

That worked great: grep " http://www.website.net"; access.log | tr -s ' ' |
cut -d' ' -f3 | sort
-n | uniq > /filename


What is the best way to add to this a number next to each IP of the amount
of times a particular site was contacted, and the date of last contact?





Jim Brouse
Internet Administrator
Information Technology Department
Pascua Yaqui Tribe of Arizona
Phone: 520-879-5813
E-mail: [EMAIL PROTECTED]




   
 
Antony Stone   
 
<[EMAIL PROTECTED]   To: [EMAIL PROTECTED] 
  
ons.co.uk>cc:  
 
  Subject: Re: [squid-users] Squid 
Activity/Usage and Reporting Tools   
07/31/2003 02:43 PM
 
   
 
   
 




On Thursday 31 July 2003 10:16 pm, Jim_Brouse/[EMAIL PROTECTED]
wrote:

> I  tried the below script although it did give back a file it only had
one
> entry in it.  What I am interested in is all IP addresses that visited a
> particular domains site and subdomains of that site.

Try a simpler version:

grep -c " http://www.website.net"; access.log

will tell you how many accesses there were to the site

grep " http://www.website.net"; access.log | tr -s ' ' | cut -d' ' -f3

will give you a list of the IPs that visited it

If you want a list showing each IP only once, no matter how many visits it
made:

grep " http://www.website.net"; access.log | tr -s ' ' | cut -d' ' -f3 |
sort
-n | uniq


Antony.

--

How I want a drink, alcoholic of course, after the heavy chapters
involving quantum mechanics.

 - 3.14159265358979






Re: [squid-users] Squid Activity/Usage and Reporting Tools

2003-07-31 Thread Jim_Brouse/PYT

I installed squid through apt-get install squid

If cachemngr.cgi is not there how can I get it there; do I need to
reinstall?


Jim



   

Henrik 

NordstromTo: Jim_Brouse/[EMAIL PROTECTED], [EMAIL 
PROTECTED]  
<[EMAIL PROTECTED]   cc:   

he.org>  Subject: Re: [squid-users] Squid 
Activity/Usage and Reporting Tools   
   

07/31/2003 

02:29 PM   

   

   





On Thursday 31 July 2003 21.48, Jim_Brouse/[EMAIL PROTECTED]
wrote:
> The only cachemgr.cgi located on my harddrive is at the following
> location /usr/share/webmin/webmin-1.090/squid/cachemgr.cgi
>
> Can I use that cachemgr.cgi or is that specific to webmin?

Might be useable, but I do not know.

If unsure, install the one shipped with Squid.

Regards
Henrik

--
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]






Re: [squid-users] Squid Activity/Usage and Reporting Tools

2003-07-31 Thread Jim_Brouse/PYT

I  tried the below script although it did give back a file it only had one
entry in it.  What I am interested in is all IP addresses that visited a
particular domains site and subdomains of that site.


egrep http://www.somesite.com access.log | egrep '192.168.1.[234]' | awk
egrep: access.log: No such file or directory



Jim Brouse
Internet Administrator
Information Technology Department
Pascua Yaqui Tribe of Arizona
Phone: 520-879-5813
E-mail: [EMAIL PROTECTED]




   

"Adam" 

<[EMAIL PROTECTED]   To: <[EMAIL PROTECTED]>   
  
l.net>   cc:   

 Subject: Re: [squid-users] Squid 
Activity/Usage and Reporting Tools   
07/31/2003 

11:11 AM   

Please respond 

to "Adam"  

   

   





Jim_wrote:
> What is the best way to determine how busy squid is, for example if there
> is an Internet slow down.  Some way  to determine if the squid box is
busy,
> if the squid box can not get out to the Internet, or just a particulary
> slow web page?

"How busy squid is" would seem to me to be different that if there is an
internet slow down.  For monitoring squid, use the cachemgr.cgi script.
Info here: http://www.squid-cache.org/Doc/FAQ/FAQ-9.html.  The general info
page has some useful info - if any particular value is not self-evident
then
just search for it using groups.google.com (to just search this mailing
list, go to Advanced and put in mailing.unix.squid-users).

However my problem is often: is it squid or the internet?   Fortunately we
have a few test boxes that can go via the proxy or directly out.  So from
those boxes and the proxy itself we do traceroutes and pings to various
test
sites (e.g. our own offsite servers) so we have an idea of what
normal/expected traffic and return times are.

I use ping to see packet loss and any ups/downs in traffice.  We have 2
T1's
and one often has intermittent problems so this helps to show them:
$ ping -s www.somesite.com 56 100 (this says send 56byte packets a
hundred times - it's ping -t on Win2K).
PING www.somesite.com: 56 data bytes
64 bytes from www.somesite.com (209.157.104.243): icmp_seq=0. time=11. ms
64 bytes from www.somesite.com (209.157.104.243): icmp_seq=1. time=109. ms
64 bytes from www.somesite.com (209.157.104.243): icmp_seq=2. time=128. ms
etc.

traceroute www.somesite.com is also very  handy.

> Also if I have a squid access.log and I want to determine all users IP
> addresses that are accessing www.somesite.com what is the best way to
pull
> out that information.

Short of using one of the reports/tools listed here
http://www.squid-cache.org/Scripts/, why not use something like this:
egrep http://www.somesite.com access.log | egrep '192.168.1.[234]' | awk
'{print $3}' | sort -u > /tmp/gotcha
(Assumes you are using native log format, are not logging fqdn, hence IP is
3rd field.  Substitute 192.168.1.[234] for whatever IP range you are
seeking).

hth

Adam







Re: [squid-users] Squid Activity/Usage and Reporting Tools

2003-07-31 Thread Jim_Brouse/PYT

The only cachemgr.cgi located on my harddrive is at the following location
/usr/share/webmin/webmin-1.090/squid/cachemgr.cgi

Can I use that cachemgr.cgi or is that specific to webmin?


I am using Debian with kernel 2.4.21


Jim



   

"Adam" 

<[EMAIL PROTECTED]   To: <[EMAIL PROTECTED]>   
  
l.net>   cc:   

 Subject: Re: [squid-users] Squid 
Activity/Usage and Reporting Tools   
07/31/2003 

11:11 AM   

Please respond 

to "Adam"  

   

   





Jim_wrote:
> What is the best way to determine how busy squid is, for example if there
> is an Internet slow down.  Some way  to determine if the squid box is
busy,
> if the squid box can not get out to the Internet, or just a particulary
> slow web page?

"How busy squid is" would seem to me to be different that if there is an
internet slow down.  For monitoring squid, use the cachemgr.cgi script.
Info here: http://www.squid-cache.org/Doc/FAQ/FAQ-9.html.  The general info
page has some useful info - if any particular value is not self-evident
then
just search for it using groups.google.com (to just search this mailing
list, go to Advanced and put in mailing.unix.squid-users).

However my problem is often: is it squid or the internet?   Fortunately we
have a few test boxes that can go via the proxy or directly out.  So from
those boxes and the proxy itself we do traceroutes and pings to various
test
sites (e.g. our own offsite servers) so we have an idea of what
normal/expected traffic and return times are.

I use ping to see packet loss and any ups/downs in traffice.  We have 2
T1's
and one often has intermittent problems so this helps to show them:
$ ping -s www.somesite.com 56 100 (this says send 56byte packets a
hundred times - it's ping -t on Win2K).
PING www.somesite.com: 56 data bytes
64 bytes from www.somesite.com (209.157.104.243): icmp_seq=0. time=11. ms
64 bytes from www.somesite.com (209.157.104.243): icmp_seq=1. time=109. ms
64 bytes from www.somesite.com (209.157.104.243): icmp_seq=2. time=128. ms
etc.

traceroute www.somesite.com is also very  handy.

> Also if I have a squid access.log and I want to determine all users IP
> addresses that are accessing www.somesite.com what is the best way to
pull
> out that information.

Short of using one of the reports/tools listed here
http://www.squid-cache.org/Scripts/, why not use something like this:
egrep http://www.somesite.com access.log | egrep '192.168.1.[234]' | awk
'{print $3}' | sort -u > /tmp/gotcha
(Assumes you are using native log format, are not logging fqdn, hence IP is
3rd field.  Substitute 192.168.1.[234] for whatever IP range you are
seeking).

hth

Adam







[squid-users] Squid Activity/Usage and Reporting Tools

2003-07-31 Thread Jim_Brouse/PYT

What is the best way to determine how busy squid is, for example if there
is an Internet slow down.  Some way  to determine if the squid box is busy,
if the squid box can not get out to the Internet, or just a particulary
slow web page?


Also if I have a squid access.log and I want to determine all users IP
addresses that are accessing www.somesite.com what is the best way to pull
out that information.






Jim



[squid-users] Squid Report

2003-07-30 Thread Jim_Brouse/PYT

I am using sarg to create reports for squid and there are some columns that
I have a question about  for example % bytes is this the % of bytes that
each page comprises of for each user?  Also % time does each page have some
percentage depending on the total time spent downloading that page.  Also
there is used time and milliseconds are these the same just that the
milliseconds column is the download time broken down in milliseconds?

Jim
E-mail: [EMAIL PROTECTED]






[squid-users] Squid File Locations for standard Denied message

2003-07-29 Thread Jim_Brouse/PYT
At one time I had located the files that are used to create the different
messages for example when a user receives a denied message.  Can anyone
please tell me this location again.  I am using Debian.


Jim