Re: [squid-users] RE: Store.log filling up
Amos Jeffries wrote: From: Henrik Nordstrom [EMAIL PROTECTED] Date: Tue, 18 Sep 2007 16:57:58 +0200 On mån, 2007-09-17 at 16:30 -0500, [EMAIL PROTECTED] wrote: Could spyware or addware cause the store.log to fill up very quickly? Another tech has had troubles with this in the last couple of days and was asking. He says that they can clear it out and in no time (not sure how long, but under an hour) it is filled up and causing problems. Here is a small post of what was in it. Why does it list all the ? Thanks for any info. 1190033958.390 RELEASE -1 7B1287005AF9902646FDACC9F3EA9C7F ? ? ? ? ?/? ?/? ? ? Looks a bit odd.. the ? is when the information is unknown, but these objects was in memory so the information should have been known I think.. What do access.log say? Regards Henrik He thought he had it figured out, but started getting this problem again so I am sending his other log files. Thanks for any info. -- Scott Mayo System Administrator Bloomfield Schools Squid cache.log 2007/10/04 12:09:23| Starting Squid Cache version 2.4.STABLE7 for i586-mandrake-linux-gnu... Gah! Try using 2.6 Will that actually fix the problem though? I am running 2.4 here also and I do not have the kind of problem that he is. Thanks. -- Scott Mayo System Administrator Bloomfield Schools
[squid-users] RE: Store.log filling up
From: Henrik Nordstrom [EMAIL PROTECTED] Date: Tue, 18 Sep 2007 16:57:58 +0200 On mån, 2007-09-17 at 16:30 -0500, [EMAIL PROTECTED] wrote: Could spyware or addware cause the store.log to fill up very quickly? Another tech has had troubles with this in the last couple of days and was asking. He says that they can clear it out and in no time (not sure how long, but under an hour) it is filled up and causing problems. Here is a small post of what was in it. Why does it list all the ? Thanks for any info. 1190033958.390 RELEASE -1 7B1287005AF9902646FDACC9F3EA9C7F ? ? ? ? ?/? ?/? ? ? Looks a bit odd.. the ? is when the information is unknown, but these objects was in memory so the information should have been known I think.. What do access.log say? Regards Henrik He thought he had it figured out, but started getting this problem again so I am sending his other log files. Thanks for any info. -- Scott Mayo System Administrator Bloomfield Schools Squid cache.log 2007/10/04 12:09:23| Starting Squid Cache version 2.4.STABLE7 for i586-mandrake-linux-gnu... 2007/10/04 12:09:23| Process ID 21644 2007/10/04 12:09:23| With 1024 file descriptors available 2007/10/04 12:09:23| DNS Socket created on FD 4 2007/10/04 12:09:23| Adding nameserver 127.0.0.1 from /etc/resolv.conf 2007/10/04 12:09:23| User-Agent logging is disabled. 2007/10/04 12:09:23| Unlinkd pipe opened on FD 9 2007/10/04 12:09:23| Swap maxSize 1024000 KB, estimated 78769 objects 2007/10/04 12:09:23| Target number of buckets: 3938 2007/10/04 12:09:23| Using 8192 Store buckets 2007/10/04 12:09:23| Max Mem size: 16384 KB 2007/10/04 12:09:23| Max Swap size: 1024000 KB 2007/10/04 12:09:23| Store logging disabled 2007/10/04 12:09:23| Rebuilding storage in /var/spool/squid (DIRTY) 2007/10/04 12:09:23| Using Least Load store dir selection 2007/10/04 12:09:23| Set Current Directory to /var/spool/squid 2007/10/04 12:09:23| Loaded Icons. 2007/10/04 12:09:24| Accepting HTTP connections at 0.0.0.0, port 8080, FD 10. 2007/10/04 12:09:24| Accepting HTCP messages on port 4827, FD 12. 2007/10/04 12:09:24| Accepting SNMP messages on port 3401, FD 13. 2007/10/04 12:09:24| WCCP Disabled. 2007/10/04 12:09:24| Ready to serve requests. 2007/10/04 12:09:24| Store rebuilding is 1.1% complete 2007/10/04 12:09:32| diskHandleWrite: FD 7: disk write error: (28) No space left on device FATAL: Write failure -- check your disk space and cache.log Squid Cache (Version 2.4.STABLE7): Terminated abnormally. CPU Usage: 7.880 seconds = 4.090 user + 3.790 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 399 Memory usage for squid via mallinfo(): total space in arena:8550 KB Ordinary blocks: 7896 KB162 blks Small blocks: 0 KB 0 blks Holding blocks: 176 KB 1 blks Free Small blocks: 0 KB Free Ordinary blocks: 654 KB Total in use:8072 KB 94% Total free: 654 KB 8% 2007/10/04 12:09:35| Starting Squid Cache version 2.4.STABLE7 for i586-mandrake-linux-gnu... 2007/10/04 12:09:35| Process ID 21668 2007/10/04 12:09:35| With 1024 file descriptors available 2007/10/04 12:09:35| DNS Socket created on FD 4 2007/10/04 12:09:35| Adding nameserver 127.0.0.1 from /etc/resolv.conf 2007/10/04 12:09:35| User-Agent logging is disabled. 2007/10/04 12:09:35| Unlinkd pipe opened on FD 9 2007/10/04 12:09:35| Swap maxSize 1024000 KB, estimated 78769 objects 2007/10/04 12:09:35| Target number of buckets: 3938 2007/10/04 12:09:35| Using 8192 Store buckets 2007/10/04 12:09:35| Max Mem size: 16384 KB 2007/10/04 12:09:35| Max Swap size: 1024000 KB 2007/10/04 12:09:35| Store logging disabled 2007/10/04 12:09:35| Rebuilding storage in /var/spool/squid (DIRTY) 2007/10/04 12:09:35| Using Least Load store dir selection 2007/10/04 12:09:35| Set Current Directory to /var/spool/squid 2007/10/04 12:09:35| Loaded Icons. 2007/10/04 12:09:35| Accepting HTTP connections at 0.0.0.0, port 8080, FD 10. 2007/10/04 12:09:35| Accepting HTCP messages on port 4827, FD 12. 2007/10/04 12:09:35| Accepting SNMP messages on port 3401, FD 13. 2007/10/04 12:09:35| WCCP Disabled. 2007/10/04 12:09:35| Ready to serve requests. 2007/10/04 12:09:36| Store rebuilding is 1.1% complete 2007/10/04 12:09:43| diskHandleWrite: FD 7: disk write error: (28) No space left on device FATAL: Write failure -- check your disk space and cache.log Squid Cache (Version 2.4.STABLE7): Terminated abnormally. CPU Usage: 7.810 seconds = 3.990 user + 3.820 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 399 Memory usage for squid via mallinfo(): total space in arena:8554 KB Ordinary blocks: 7855 KB172 blks Small blocks: 0 KB 0 blks Holding blocks: 176
[squid-users] store.log filling up
Could spyware or addware cause the store.log to fill up very quickly? Another tech has had troubles with this in the last couple of days and was asking. He says that they can clear it out and in no time (not sure how long, but under an hour) it is filled up and causing problems. Here is a small post of what was in it. Why does it list all the ? Thanks for any info. 1190033958.390 RELEASE -1 7B1287005AF9902646FDACC9F3EA9C7F ? ? ? ? ?/? ?/? ? ? 1190033958.390 RELEASE -1 2D7DD2E39301864787EE9444068060D2 ? ? ? ? ?/? ?/? ? ? 1190033958.394 RELEASE -1 B4282EA5117EEE9DB891618B5B116E37 ? ? ? ? ?/? ?/? ? ? 1190033958.394 RELEASE -1 ADD64CFEB2777B0FB5604A9DC0874831 ? ? ? ? ?/? ?/? ? ? 1190033958.394 RELEASE -1 D2A6C86243B580FB2FCFFBB66DC91E70 ? ? ? ? ?/? ?/? ? ? 1190033958.394 RELEASE -1 495371655EB836C29B7997D4415D221B ? ? ? ? ?/? ?/? ? ? 1190033958.394 RELEASE -1 31ED7CAC2B3C0D89F1962CDB13854106 ? ? ? ? ?/? ?/? ? ? 1190033958.394 RELEASE -1 684425DB8B67A7E381CA1793C0AF8075 ? ? ? ? ?/? ?/? ? ? 1190033958.394 RELEASE -1 14962B373F9C885B4EA356EF51947776 ? ? ? ? ?/? ?/? ? ? 1190033958.394 RELEASE -1 1AD9E81AC3AFED43417B04634CF227DD ? ? ? ? ?/? ?/? ? ? 1190033958.394 RELEASE -1 6ECBA9BDB5519B28B9271F0BF576BF9B ? ? ? ? ?/? ?/? ? ? 1190033958.394 RELEASE -1 B72E07BD1A279FAB9A08CCCEE6194814 ? ? ? ? ?/? ?/? ? ? 1190033958.394 RELEASE -1 39D1AFCC9BD8FAB2A39155AEFF510FBF ? ? ? ? ?/? ?/? ? ? -- Scott Mayo System Administrator Bloomfield Schools PH: 573-568-5669 FA: 573-568-4565 Gun Control: Belief that violent predators willing to ignore laws against robbery, kidnapping, rape, and murder will obey a law telling them that they cannot do so with a gun.
RE: [squid-users] max_user_ip
-Original Message- From: Scott Mayo [mailto:[EMAIL PROTECTED] Sent: Friday, December 02, 2005 6:11 AM To: squid Subject: [squid-users] max_user_ip If I want to make it to where each user can only be logged onto the internet from one workstation at a time, do I need to add: acl domainusers max_user_ip -s 1 Is there anything else I need to change, like the athenticate_ttl? If so what should I set that to? If I set the authenticate_ttl to something like 5 hours, that just means that squid will keep the authentication for 5 hours when they are still logged onto the internet correct? If they actually close the web browser, they could go directly to another machine or open the browser back up on this machine and get back on, they would not have to wait 5 hours would they? If I read this correctly, then the 5 hours is just alive as along as that one instance of the web browser is open..or until the 5 hours is up. Thanks. -- Scott Mayo I'll quote squid.conf.default here as I think it lays it out pretty clearly: # acl aclname max_user_ip [-s] number # # This will be matched when the user attempts to log in from more # # than number different ip addresses. The authenticate_ip_ttl # # parameter controls the timeout on the ip entries. and # TAG: authenticate_ip_ttl # If you use proxy authentication and the 'max_user_ip' ACL, this # directive controls how long Squid remembers the IP addresses # associated with each user. Use a small value (e.g., 60 seconds) if # your users might change addresses quickly, as is the case with # dialups. You might be safe using a larger value (e.g., 2 hours) in a # corporate LAN environment with relatively static address assignments. and # TAG: authenticate_ttl # The time a user their credentials stay in the logged in user cache # since their last request. When the garbage interval passes, all user # credentials that have passed their TTL are removed from memory. If your authentication mechanism is slow, bump up the authenticate_ttl. If your users hop computers often, keep authenticate_ip_tll low. Chris This is what I had been reading. So from what it says, they will not be able to open a 2nd browser until the authenticate_ttl is up. That kind of makes things tough, if it is set to so many hours, then they cannot open a 2nd browser up for quite a while once the 1st is closed, but if I set it very low, then they could just be opening browsers up all over the place (which is what I am trying to avoid). It looks like it should clear the cache out out as soon as they log off the browser and reset the ttl. I guess that is more what I am wanting to do. I'll go back through the squid.conf to see if I can find a way to do that. Thanks. Scott
RE: [squid-users] max_user_ip
-Original Message- From: Scott Mayo [mailto:[EMAIL PROTECTED] Sent: Friday, December 02, 2005 6:11 AM To: squid Subject: [squid-users] max_user_ip If I want to make it to where each user can only be logged onto the internet from one workstation at a time, do I need to add: acl domainusers max_user_ip -s 1 Is there anything else I need to change, like the athenticate_ttl? If so what should I set that to? If I set the authenticate_ttl to something like 5 hours, that just means that squid will keep the authentication for 5 hours when they are still logged onto the internet correct? If they actually close the web browser, they could go directly to another machine or open the browser back up on this machine and get back on, they would not have to wait 5 hours would they? If I read this correctly, then the 5 hours is just alive as along as that one instance of the web browser is open..or until the 5 hours is up. Thanks. -- Scott Mayo I'll quote squid.conf.default here as I think it lays it out pretty clearly: # acl aclname max_user_ip [-s] number # # This will be matched when the user attempts to log in from more # # than number different ip addresses. The authenticate_ip_ttl # # parameter controls the timeout on the ip entries. and # TAG: authenticate_ip_ttl # If you use proxy authentication and the 'max_user_ip' ACL, this # directive controls how long Squid remembers the IP addresses # associated with each user. Use a small value (e.g., 60 seconds) if # your users might change addresses quickly, as is the case with # dialups. You might be safe using a larger value (e.g., 2 hours) in a # corporate LAN environment with relatively static address assignments. and # TAG: authenticate_ttl # The time a user their credentials stay in the logged in user cache # since their last request. When the garbage interval passes, all user # credentials that have passed their TTL are removed from memory. If your authentication mechanism is slow, bump up the authenticate_ttl. If your users hop computers often, keep authenticate_ip_tll low. Chris This is what I had been reading. So from what it says, they will not be able to open a 2nd browser until the authenticate_ttl is up. authenticate_ip_ttl, not authenticate_ttl. They are different. That kind of makes things tough, if it is set to so many hours, then they cannot open a 2nd browser up for quite a while once the 1st is closed, but if I set it very low, then they could just be opening browsers up all over the place (which is what I am trying to avoid). So set it somewhere in between. If you set authenticate_ip_ttl for 5 minutes, then one login being shared on multiple computers would cause a fair bit of disruption: one computer would have exclusive access for 5 minutes, the others would be denied. After 5 minutes access would be up-for-grabs and who ever got it would have exclusive access for 5 minutes. It looks like it should clear the cache out out as soon as they log off the browser and reset the ttl. I guess that is more what I am wanting to do. I'll go back through the squid.conf to see if I can find a way to do that. HTTP is a stateless protocol. There is no method of saying Thanks, I'm done browsing now other than session cookies. Using a cookie based authentication method is possible, but not trivial. Perhaps it is what you are looking for. It's a good deal more work but it's more flexible. Thanks. Scott Chris Thanks for the information. That is what I was needing to hear I guess. I don't want students to be able to share passwords and be on the internet at the same time, but I also, I run into the trouble, that a user may log in and then move to a different computer within 30 seconds to a minute. With what I was reading in the squid.conf.default, I saw no way to handle this, which it looks like I cannot from what you say without some sort of 'session cookie'. Thanks again, I will see what I can find on this. Scott
