[squid-users] Re: Any Way To Check If Windows Updates Are Cached?
Hello again Helumt, I have been playing with the wsusoffline, learning more about it. What I have discovered is that it only will bring a system up to a 'patched' level - critical security updates only. Important updates are not included. It is STILL a vast improvement over what I have done in the past (download EVERYTHING - EVERY TIME). So for what it is worth, some how being able to incorporate a WU cache/store would be very helpful. I know caching is not a great option due to the overwriting issues. My solution is to use a 'Large' Cache, and to use the *cache_replacement_policy heap LFUDA* Hopefully this will help keep whatever Squid can get it's hands on in the cache as long as possible. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Any-Way-To-Check-If-Windows-Updates-Are-Cached-tp4661935p4662033.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Re: Any Way To Check If Windows Updates Are Cached?
Hallo, HillTopsGM, Du meintest am 07.09.13: I have been playing with the wsusoffline, learning more about it. What I have discovered is that it only will bring a system up to a 'patched' level - critical security updates only. Please take a look at http://www.wsusoffline.net/ It's a better place for talking about wsusoffline. Viele Gruesse! Helmut
Re: [squid-users] Re: Any Way To Check If Windows Updates Are Cached?
On 09/04/2013 06:30 PM, HillTopsGM wrote: Hey Eliezer Croitoru-2, You mentioned: If you have a local windows network and server you can just add WSUS service that will build a updates store which is better for many networks. Is that an actual part of the windows server (WSUS) or is it refering to what Helmut was referring to earlier http://www.wsusoffline.net/ http://www.wsusoffline.net/ ? I am referring to the windows server (WSUS) since it's a service that can help a network and is not taking to much resources as far as I can tell. the wsus offline tool is another approach to another problem you are referring. if you dont want to update manually each node on the network just learn a bit how to configure windows updates. There is no need to update all MS updates in all environments.. Unless it's a business that has a lot of weight and history there is no real need to update and update and update.. There should be an update policy for the network.. squid is a nice tool but the windows update solution it does was meant for a more ISP like environment rather then SMB or ENTERPRISE class networks. if you have a network less then 10 machines just update the network nodes every month since there wont be too much of an updates for that unless there is another windows update cycle that I do not know about. for a network greater then 20 machines I do suggest to use WSUS auto services.. you can take couple minutes to read about microsoft solution for the problem at: http://technet.microsoft.com/en-us/windowsserver/bb332157.aspx About the patterns that you were writing I would say something like: OK the guy that implemented these refresh_pattern did not like his client if he used squid 2.X and 3.1, 3.2. The basics of caching is *do not harm the client while testing*. I have seen what happens if a client sees a page that he already updated on his server and he just tries to understand why at home he has one page and on the server another.. squid tries to make sure that the CIA is being verified... if you can share the access logs from the proxy I can try to identify something about the url but I am not promising anything. By the way if you do have a working printer driver which dosn't have any problems I do not thing you should run and update it since windows guys think you should... There might be a security issue but if you firewall the place correctly and intercept traffic you would be able to find pretty fast if some rouge process\client does something in your network. If you do suspect that there is something going on SNORT is a nice tool. Anyway if wsusoffline is the tool for you I think you have found the right tool for you. Eliezer Regarding: #start range_offset_limit -1 maximum_object_size 2 GB # or any other size that you think worth and make sense. quick_abort_min -1 #end That is basically right out of the FAQ, and I have done that. Here is what I noticed: There was one particular update (it was a samsung printer driver - ok not really a windows update per se, but it was one I could identify easily) that appeared on all machines. I updated one machine choosing that update only. When I went to the next machine to do the same, it appeared to take just as long if not longer to download. It is not very scientific, but it leaves me wondering what to do next. I did see this added to a particular squid.conf file . . . I am not sure, but does anyone think this would help: # compressed refresh_pattern -i \.gz$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.cab$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.bzip2$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.bz2$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.gz2$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.tgz$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.tar.gz$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.zip$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.rar$ 1008000 90% override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.tar$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.ace$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.7z$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload # documents refresh_pattern -i \.xls$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.doc$ 10080 90% 99 override-expire
Re: [squid-users] Re: Any Way To Check If Windows Updates Are Cached?
Hallo, Amos, Du meintest am 06.09.13: No - thanks to Torsten Wittrock. He has made wsusoffline. [...] Would anyone care to update the WindowsUpdate wiki page to write up a nice configuration example for using that tool with Squid? Hmmm - is there any need? One of the mailing list FAQs is whether there is any better way than the current wiki WindowsUpdate page method to store windows updates. People mumble about WSUS but nothing has been written to say how to integrate it yet - so it keeps popping up as either a direct question or as something like the project you have just spent time on. Hmmm - I'll take a look at the squid FAQs. But I'm sure my gerlish is no good language to write an understandable answer ... Viele Gruesse! Helmut
Re: [squid-users] Re: Any Way To Check If Windows Updates Are Cached?
Hallo, Amos, Du meintest am 06.09.13: No - thanks to Torsten Wittrock. He has made wsusoffline. One of the mailing list FAQs is whether there is any better way than the current wiki WindowsUpdate page method to store windows updates. Take a look at http://helmut.hullen.de/Rechnerraum/wupdate.html Ok - it's in german, translating is recommended. Viele Gruesse! Helmut
[squid-users] Re: Any Way To Check If Windows Updates Are Cached?
Helmut, you are the *BEST!!! * Thank you, Thank you, Thank you. I am completely amazed as to how well *WSUS Offline Update* works. Now I can really tweak the Proxy to be . . . well, a proxy! Again, Thank You for the suggestion. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Any-Way-To-Check-If-Windows-Updates-Are-Cached-tp4661935p4661992.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Re: Any Way To Check If Windows Updates Are Cached?
Hallo, HillTopsGM, Du meintest am 04.09.13: Helmut, you are the *BEST!!! No - thanks to Torsten Wittrock. He has made wsusoffline. Thank you, Thank you, Thank you. I am completely amazed as to how well *WSUS Offline Update* works. Viele Gruesse! Helmut
Re: [squid-users] Re: Any Way To Check If Windows Updates Are Cached?
On 5/09/2013 6:57 p.m., Helmut Hullen wrote: Hallo, HillTopsGM, Du meintest am 04.09.13: Helmut, you are the *BEST!!! No - thanks to Torsten Wittrock. He has made wsusoffline. Thank you, Thank you, Thank you. I am completely amazed as to how well *WSUS Offline Update* works. Viele Gruesse! Helmut Lol. Would anyone care to update the WindowsUpdate wiki page to write up a nice configuration example for using that tool with Squid? Amos
Re: [squid-users] Re: Any Way To Check If Windows Updates Are Cached?
Hallo, Amos, Du meintest am 05.09.13: [...] No - thanks to Torsten Wittrock. He has made wsusoffline. [...] Lol. Would anyone care to update the WindowsUpdate wiki page to write up a nice configuration example for using that tool with Squid? Hmmm - is there any need? I've just taken a look into one of the wsusoffline directories: 52 patch files, sizes from 1 MByte to 45 MByte. Totally about 750 MByte. That's no job for squid. Viele Gruesse! Helmut
Re: [squid-users] Re: Any Way To Check If Windows Updates Are Cached?
On 5/09/2013 8:48 p.m., Helmut Hullen wrote: Hallo, Amos, Du meintest am 05.09.13: [...] No - thanks to Torsten Wittrock. He has made wsusoffline. [...] Lol. Would anyone care to update the WindowsUpdate wiki page to write up a nice configuration example for using that tool with Squid? Hmmm - is there any need? One of the mialing list FAQs is whether there is any better way than the current wiki WindowsUpdate page method to store windows updates. People mumble about WSUS but nothing has been written to say how to integrate it yet - so it keeps popping up as either a direct question or as something like the project you have just spent time on. I've just taken a look into one of the wsusoffline directories: 52 patch files, sizes from 1 MByte to 45 MByte. Totally about 750 MByte. That's no job for squid. But a how-to on getting Squid to use that software as a peer or such to fetch from would be a nice rounding out of the WU documentation. Amso
[squid-users] Re: Any Way To Check If Windows Updates Are Cached?
Hi Helmut Hullen, Thanks for this tip - I know you have mentioned it before, but what I am trying to avoid is on an on going basis (every week) when there is an update, having all 12 computers download the same file. This is a great tool if you are always doing fresh installs - that's fine - but it doesn't help me day to day. The other thing is that it doesn't look like the tool is updated as frequently as windows updates come out - in other words, it doesn't appear to incrementally update itself. Am I correct in assuming this? This is why I'd really prefer to have the proxy work properly - just set it up and forget it. That's the dream. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Any-Way-To-Check-If-Windows-Updates-Are-Cached-tp4661935p4661974.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Re: Any Way To Check If Windows Updates Are Cached?
Hey Eliezer Croitoru-2, You mentioned: If you have a local windows network and server you can just add WSUS service that will build a updates store which is better for many networks. Is that an actual part of the windows server (WSUS) or is it refering to what Helmut was referring to earlier http://www.wsusoffline.net/ http://www.wsusoffline.net/ ? Regarding: #start range_offset_limit -1 maximum_object_size 2 GB # or any other size that you think worth and make sense. quick_abort_min -1 #end That is basically right out of the FAQ, and I have done that. Here is what I noticed: There was one particular update (it was a samsung printer driver - ok not really a windows update per se, but it was one I could identify easily) that appeared on all machines. I updated one machine choosing that update only. When I went to the next machine to do the same, it appeared to take just as long if not longer to download. It is not very scientific, but it leaves me wondering what to do next. I did see this added to a particular squid.conf file . . . I am not sure, but does anyone think this would help: # compressed refresh_pattern -i \.gz$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.cab$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.bzip2$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.bz2$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.gz2$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.tgz$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.tar.gz$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.zip$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.rar$ 1008000 90% override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.tar$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.ace$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.7z$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload # documents refresh_pattern -i \.xls$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.doc$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.xlsx$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.docx$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.pdf$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.ppt$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.pptx$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.rtf\?$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload # multimedia refresh_pattern -i \.mid$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.wav$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.viv$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.mpg$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.mov$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.avi$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.asf$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.qt$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.rm$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.rmvb$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.mpeg$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.wmp$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.3gp$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.mp3$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i \.mp4$ 10080 90% 99 override-expire override-lastmod reload-into-ims ignore-reload # images refresh_pattern -i
Re: [squid-users] Re: Any Way To Check If Windows Updates Are Cached?
Hallo, HillTopsGM, Du meintest am 04.09.13: [wsusoffline] Thanks for this tip - I know you have mentioned it before, but what I am trying to avoid is on an on going basis (every week) when there is an update, having all 12 computers download the same file. This is a great tool if you are always doing fresh installs - that's fine - but it doesn't help me day to day. But surely it helps! It's a data base for all desired windows versions, it's completed/refreshed every time you want. The other thing is that it doesn't look like the tool is updated as frequently as windows updates come out - in other words, it doesn't appear to incrementally update itself. Updateing is a cron job. Only not yet existing files are downloaded during such a job, and they stay in the directory as long as Windows looks for them - that's another way than staying in the squid cache. Am I correct in assuming this? No. Just take a try, for about some weeks. Microsoft has a fixed patch day. This is why I'd really prefer to have the proxy work properly - just set it up and forget it. That's the dream. The squid cache deletes old files, because it's a cache. By the way: my wsusoffline directory contains actually the updates for Windows XP (32 bit), Windows 7 (32 bit and 64 bit), that's nearly 7 Gbyte. I wouldn't fill a cache with so much nearly static files. Viele Gruesse! Helmut
[squid-users] Re: Any Way To Check If Windows Updates Are Cached?
Hi Helmut, You have my attention now! Helmut Hullen wrote Hallo, HillTopsGM, Du meintest am 04.09.13: [wsusoffline] Thanks for this tip - I know you have mentioned it before, but what I am trying to avoid is on an on going basis (every week) when there is an update, having all 12 computers download the same file. This is a great tool if you are always doing fresh installs - that's fine - but it doesn't help me day to day. But surely it helps! It's a data base for all desired windows versions, it's completed/refreshed every time you want. it's completed/refreshed every time you want.? I was looking into it more and so can you confirm this for me; If I run the updategnerator.exe file that will ONLY add the files I don't have right at the moment? If that is so, then anytime windows notifies me that there are updates, I'd simply have to run this updategnerator.exe file to get the new ones; and then go to all the other machines and run the updateinstaller.exe file. Is that right? Helmut Hullen wrote Updateing is a cron job. Only not yet existing files are downloaded during such a job, and they stay in the directory as long as Windows looks for them - that's another way than staying in the squid cache. . . . when you say it is a cron job, are you saying that it is part of the *wsusoffline* program itself? These updates that it collects come directly from Microsoft? If this is the case, this would be tremendously helpful! Oh, and what happens when http://www.wsusoffline.net/ http://www.wsusoffline.net/ comes up with a new 'version', do you have to start all over again? Thanks for you help! -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Any-Way-To-Check-If-Windows-Updates-Are-Cached-tp4661935p4661981.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Re: Any Way To Check If Windows Updates Are Cached?
Hallo, HillTopsGM, Du meintest am 04.09.13: it's completed/refreshed every time you want.? I was looking into it more and so can you confirm this for me; If I run the updategnerator.exe file that will ONLY add the files I don't have right at the moment? Surely. wget checks if the file already exists. If that is so, then anytime windows notifies me that there are updates, I'd simply have to run this updategnerator.exe file to get the new ones; and then go to all the other machines and run the updateinstaller.exe file. Is that right? That's right. Helmut Hullen wrote Updateing is a cron job. Only not yet existing files are downloaded during such a job, and they stay in the directory as long as Windows looks for them - that's another way than staying in the squid cache. .. . . when you say it is a cron job, are you saying that it is part of the *wsusoffline* program itself? No - writing a cronjob is the administrator's job. But that's a very simple job. These updates that it collects come directly from Microsoft? Yes. If this is the case, this would be tremendously helpful! Oh, and what happens when http://www.wsusoffline.net/ http://www.wsusoffline.net/ comes up with a new 'version', do you have to start all over again? That depends! Windows: you're told that there is a newer version. Linux: the administrator has to watch the wsusoffline website. Installing the program: under Linux just copy it into your desired directory; it overwrites only the wsusoffline binaries/scripts. But that's a wsusoffline problem (if it is a problem), no squid problem. Viele Gruesse! Helmut