I am trying to separate logs so that in the log entries define why it was
blocked. For example, I have created the following log formats:
logformat MyAllowSuccessLog local_time="[%tl]" action=ALLOW status=SUCCESS **
orig_src_ip=%{X-Forwarded-For}>h proxy_src_ip=%>a proxy_src_port=%>p dst_ip=%Hs
On 05/23/2017 12:34 PM, Garbacik, Joe wrote:
> I am trying to separate logs so that in the log entries define why it
> was blocked. For example, I have created [one custom log format for each
> blocking rule]. If there a better way to accomplish this?
Yes, please see this very recent discussion:
Hi,
I'm using squid 3 and I want to send my access log to syslog, in my case it
is /dev/log
my conf entry is:
access_log syslog:local5.info squid
but it seems squid is not sending the logs, at least I'm not receiving
nothing that seems to be coming from squid
Any way I can specify the syslog soc
is there a simple way to log request made to https sites. I just want to
see sites visited without having to set up tunneling and all this complex
stuff i'm reading about.
Hoping there's a simple way, and yes, i'm a newb but smart enough to have
your awesome program running; hehe
Thanx
_
I'm hoping this is a simple question, I've gotten/seen differing answers and
I'd just like a final answer.
With squid setup as a transparent proxy via wccp will there be any log entries
for https sites, even just the ip? Just the initial get request is what I'd
expect.
( I have no interest in
Hey,
I have kept squid between a proxy and a server. Requests and response pass
from proxy to squid to server and back.
Does squid has any other logs except cache.log and access.log? are there
any ways to improve squid logging or enable any debug logs?
Thanks
Aashima
___
Is it possible to configure Squid to log the details of the PROXY
protocol when using it? We're running Squid 3.5.20 in AWS behind a TCP
load balancer, which supports forwarding the PROXY protocol header. I'd
like to be able to include the client IP as provided in the PROXY
protocol header, but
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
What is your syslog.conf settings?
10.11.15 22:34, Avraham Serour пишет:
> Hi,
>
> I'm using squid 3 and I want to send my access log to syslog, in my
case it
> is /dev/log
> my conf entry is:
> access_log syslog:local5.info squid
>
> but it seems
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
10.11.15 22:34, Avraham Serour пишет:
> Hi,
>
> I'm using squid 3 and I want to send my access log to syslog, in my
case it
> is /dev/log
> my conf entry is:
> access_log syslog:local5.info squid
>
> but it seems squid is not sending the logs, at
Hi Avraham,
I think it wouldnt be a good idea to just create a symlink because squid (or
the user under which squid runs) then must have access to the syslog,
and if your squid instance get compromised the the syslog is open to read for
these one.
Best Regards
Sebastian
oc/config/access_log/).
You could try ( I didn’t do it before) to use syslog as module and insert it in
your squid.conf
Best Regards
Sebastian
Von: Avraham Serour [mailto:tovm...@gmail.com]
Gesendet: Mittwoch, 11. November 2015 11:48
An: Sebastian Kirschner
Betreff: Re: [squid-users] logging
ments on squid page (
> http://www.squid-cache.org/Doc/config/access_log/).
>
> You could try ( I didn’t do it before) to use syslog as module and insert
> it in your squid.conf
>
> Best Regards
> Sebastian
>
>
> Von: Avraham Serour [mailto:tovm...@gmail.com]
> Gesen
Also its a bit Off-Topic,
I think it's a good idea that another user grep the information out of the
access.log
instead of let the access.log direct "write" in the syslog.
In my eyes its more secure.
Best Regards
Sebastian
___
squid-users mailing li
On 11/11/2015 9:11 p.m., Sebastian Kirschner wrote:
> Hi Avraham,
>
> I think it wouldnt be a good idea to just create a symlink because squid (or
> the user under which squid runs) then must have access to the syslog,
> and if your squid instance get compromised the the syslog is open to read fo
Em 09/12/15 13:11, George Hollingshead escreveu:
is there a simple way to log request made to https sites. I just want
to see sites visited without having to set up tunneling and all this
complex stuff i'm reading about.
Hoping there's a simple way, and yes, i'm a newb but smart enough to
ha
On 10/12/2015 7:25 a.m., Leonardo Rodrigues wrote:
> Em 09/12/15 13:11, George Hollingshead escreveu:
>> is there a simple way to log request made to https sites. I just want
>> to see sites visited without having to set up tunneling and all this
>> complex stuff i'm reading about.
>>
>> Hoping th
On 2016-03-24 13:41, Markey, Bruce wrote:
I'm hoping this is a simple question, I've gotten/seen differing
answers and I'd just like a final answer.
With squid setup as a transparent proxy via wccp will there be any log
entries for https sites, even just the ip? Just the initial get
request is
id-cache.org] On Behalf
Of James Lay
Sent: Thursday, March 24, 2016 4:14 PM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Logging of https
On 2016-03-24 13:41, Markey, Bruce wrote:
> I'm hoping this is a simple question, I've gotten/seen differing
> answers an
Box 1328, Lancaster, PA 17608-1328
-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org]
On Behalf Of James Lay
Sent: Thursday, March 24, 2016 4:14 PM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Logging of https
On 2016-03-24 13:41, Mark
word=LNP1
> 54 wccp2_service_info 70 protocol=tcp flags=dst_ip_hash priority=240
> ports=443
> 55
>
> Bruce Markey | Network Security Analyst
> STEINMAN COMMUNICATIONS
> 717.291.8758 (o) | bmar...@steinmancommunications.com
> 8 West King St | PO Box 1328, Lancaster,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Read squid.cache.documented carefully again:
# LOGFILE OPTIONS
#
-
# TAG: logformat
#Usage:
#
#logformat
#
#Defines an access log format.
#
#The is a
On 26.04.16 15:20, Aashima Madaan wrote:
I have kept squid between a proxy and a server. Requests and response pass
from proxy to squid to server and back.
between? Squid is a proxy, do you connect one proxy through another proxy?
Why?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.
On 1/03/2015 4:55 a.m., Markus Moeller wrote:
> Hi,
>
> I wonder about the total size variables st for squid logs
>
> # # >st Received request size including HTTP headers. In the
> # case of chunked requests the chunked encoding metadata
> # are not included
>
> I have set the l
Oh pretty old bug.
Thank you
Markus
"Amos Jeffries" wrote in message news:54f26815.4020...@treenet.co.nz...
On 1/03/2015 4:55 a.m., Markus Moeller wrote:
Hi,
I wonder about the total size variables st for squid logs
# st Received request size including HTTP headers. In the
# cas
Hello,
I need to log failed Proxy-authentication attempts. The log information
should contain timestamp, username and client IP address.
407-records in the access.log file do not contain username if
NTLM-authentication is used.
I was wondering if it is possible to set up such a configuration?
Kin
On 16/01/18 05:26, Bruce R wrote:
Is it possible to configure Squid to log the details of the PROXY
protocol when using it? We're running Squid 3.5.20 in AWS behind a TCP
load balancer, which supports forwarding the PROXY protocol header. I'd
like to be able to include the client IP as provided
On 31/01/2023 4:55 pm, Andrey K wrote:
Hello,
I need to log failed Proxy-authentication attempts. The log
information should contain timestamp, username and client IP address.
407-records in the access.log file do not contain username if
NTLM-authentication is used.
I was wondering if it is p
Hello Amos,
Thank you for the information.
I turned on squid debug_options 84,9 and see in the cashe.log that in the
first NTLM_NEGOTIATE request (YR) there is no username:
TlRMTVNTUAABBoIIAAA=
4e 54 4c 4d 53 53 50 00 01 00 00 00 06 82 08 00
|NTLMSSP.|
Amos,
I understood: the helper.cc does not parse the KK-request and does not know
about the username. He can only get the username information from the reply
of the external helper. But since the external helper returns only an error
without a username, this information is missing from the logs.
On 31/01/2023 6:13 pm, Andrey K wrote:
Amos,
I understood: the helper.cc does not parse the KK-request and does not
know about the username. He can only get the username information from
the reply of the external helper. But since the external helper
returns only an error without a username,
Hello Amos,
Thank you for the idea to write a wrapper script.
As NTLM-helper returns "NA NT_STATUS_LOGON_FAILURE" during authentication
failed, I think it is also required to patch the squid sources to copy the
value of the user attribute, returned by the wrapper,
to auth_user_request->user()->us
On 31/01/2023 9:16 pm, Andrey K wrote:
Hello Amos,
Thank you for the idea to write a wrapper script.
As NTLM-helper returns "NA NT_STATUS_LOGON_FAILURE" during
authentication failed,
Oh. Your script should convert that old syntax to the current one:
ERR token=NT_STATUS_LOGON_FAILURE user=
Hello Amos,
You helped me very much.
Kind regards
Ankor
вт, 31 янв. 2023 г. в 12:37, Amos Jeffries :
> On 31/01/2023 9:16 pm, Andrey K wrote:
> > Hello Amos,
> >
> > Thank you for the idea to write a wrapper script.
> >
> > As NTLM-helper returns "NA NT_STATUS_LOGON_FAILURE" during
> > auth
So I have squid (latest) running in a a jail, and I am able to use it
communicate with it via the browser. But I am trying to set it up so that I can
use a proxy.pac file. I have the proxy.pac configured. Firefox is being used as
my testbed. When I switch over the pac file I get nothing in the l
Hi,
I am attempting to log ICAP headers in the access log. Specifically, I
modify my logformat directive to include something like
{x-icap-info}icap::>h for a header x-icap-info that is available in the icap
request headers.
From the logformat documentation
(http://www.squid-cache.org/Doc/config
I do know how to set-up delay pools, but how can I verify that they're
working? Are there any logs or statictics?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de Hindenburgdamm
On 03.06.16 22:51, Andrew Meyer wrote:
So I have squid (latest) running in a a jail, and I am able to use it
communicate with it via the browser. But I am trying to set it up so that
I can use a proxy.pac file. I have the proxy.pac configured. Firefox is
being used as my testbed. When I switc
Ok, so I made some changes to the proxy.pac file and it looks like this now.
function FindProxyForURL(url, host) { //Don't proxy connections to the UTM
web interface if (shExpMatch(url, "https://borg.local*";)) return "DIRECT";
if (shExpMatch(url, "https://"; + dnsResolve(host) + "*")) r
On 13/04/19 9:21 am, johnr wrote:
> Hi,
>
> I am attempting to log ICAP headers in the access log. Specifically, I
> modify my logformat directive to include something like
> {x-icap-info}icap::>h for a header x-icap-info that is available in the icap
> request headers.
>
> From the logformat do
On 4/12/19 3:21 PM, johnr wrote:
> I am attempting to log ICAP headers in the access log. Specifically, I
> modify my logformat directive to include something like
> {x-icap-info}icap::>h for a header x-icap-info that is available in the icap
> request headers.
I have not tested this, but I doub
Hey,
I am running Squid inside a Docker container, and I am using an external
helper, I am trying to get the logs from the external helper to go to
Docker logs (stdout).
Currently, I am writing the logs to a file, which works, but I would like
to get them to stdout instead, however, Squid redirec
Hi Squid Community,
we recently updated one of our stage 1 proxies to Ubuntu 22.04 with
Squid 5.8. The setup is like so:
clients <-> loadbalancer <-> stage 1 proxies <-> stage 2 proxies <-> internet
Now the cache.log on the stage 1 proxy is polluted with a lot of
messages like: TCP connection to
On 08/12/17 01:19, Ralf Hildebrandt wrote:
I do know how to set-up delay pools, but how can I verify that they're
working? Are there any logs or statictics?
The cache manager report "delay" lists details of the pools.
The 'active_requests' listing also shows for each request which pool(s)
it
On 12/07/2017 07:26 AM, Amos Jeffries wrote:
> On 08/12/17 01:19, Ralf Hildebrandt wrote:
>> I do know how to set-up delay pools, but how can I verify that they're
>> working? Are there any logs or statictics?
> The cache manager report "delay" lists details of the pools.
> The 'active_requests' l
Is there a way to log which ACL caused a block with http_access? This
information is present for deny_info to use, but I cannot see a entry I
can add to logformat to present such a thing in a custom log format (if
using an external acl helper, you can spoof something up with the et and
ea formats).
On 28/12/21 18:32, roee klinger wrote:
Hey,
I am running Squid inside a Docker container, and I am using an external
helper, I am trying to get the logs from the external helper to go to
Docker logs (stdout).
Currently, I am writing the logs to a file, which works, but I would
like to get t
>
> stdout of the helper is the channel to respond to Squid requests. Do not
> send other information there.
Helper debug info etc should go to the helper stderr which Squid will
> deliver to cache.log.
Thank you, Amos.
I am glad there is a built-in way to handle this.
However, I tried puttin
On 28/12/21 19:01, roee klinger wrote:
stdout of the helper is the channel to respond to Squid requests. Do not
send other information there.
Helper debug info etc should go to the helper stderr which Squid will
deliver to cache.log.
Thank you, Amos.
I am glad there is a buil
On 12/28/21 12:32 AM, roee klinger wrote:
> I am running Squid inside a Docker container, and I am using an external
> helper, I am trying to get the logs from the external helper to go to
> Docker logs (stdout).
>
> Currently, I am writing the logs to a file, which works, but I would
> like to ge
On 3/30/23 07:58, Waldemar Brodkorb wrote:
we recently updated one of our stage 1 proxies to Ubuntu 22.04 with
Squid 5.8. The setup is like so:
clients <-> loadbalancer <-> stage 1 proxies <-> stage 2 proxies <-> internet
Now the cache.log on the stage 1 proxy is polluted with a lot of
messages
Hi Alex,
Alex Rousskov wrote,
Thanks for your detailed answer.
> On 3/30/23 07:58, Waldemar Brodkorb wrote:
>
> > we recently updated one of our stage 1 proxies to Ubuntu 22.04 with
> > Squid 5.8. The setup is like so:
> > clients <-> loadbalancer <-> stage 1 proxies <-> stage 2 proxies <->
> >
On 4/6/23 06:41, Waldemar Brodkorb wrote:
There is still one assertion which happens sometimes:
cache.log:2023/04/06 07:24:48 kid1| assertion failed: ../src/base/CbcPointer.h:181:
"EX"
Have you ever seen this in the wild? What does it mean?
This low-level assertion (where "EX" is usually spe
Hi Alex,
Alex Rousskov wrote,
> On 4/6/23 06:41, Waldemar Brodkorb wrote:
>
> > There is still one assertion which happens sometimes:
> > cache.log:2023/04/06 07:24:48 kid1| assertion failed:
> > ../src/base/CbcPointer.h:181: "EX"
> >
> > Have you ever seen this in the wild? What does it mean?
On 4/14/23 05:29, Waldemar Brodkorb wrote:
On 4/6/23 06:41, Waldemar Brodkorb wrote:
There is still one assertion which happens sometimes:
cache.log:2023/04/06 07:24:48 kid1| assertion failed: ../src/base/CbcPointer.h:181:
"EX"
Have you ever seen this in the wild? What does it mean?
This lo
Hi Alex,
Alex Rousskov wrote,
> On 4/14/23 05:29, Waldemar Brodkorb wrote:
> > > On 4/6/23 06:41, Waldemar Brodkorb wrote:
> > >
> > > > There is still one assertion which happens sometimes:
> > > > cache.log:2023/04/06 07:24:48 kid1| assertion failed:
> > > > ../src/base/CbcPointer.h:181: "EX"
On 4/25/23 03:07, Waldemar Brodkorb wrote:
Alex Rousskov wrote,
On 4/14/23 05:29, Waldemar Brodkorb wrote:
On 4/6/23 06:41, Waldemar Brodkorb wrote:
There is still one assertion which happens sometimes:
cache.log:2023/04/06 07:24:48 kid1| assertion failed: ../src/base/CbcPointer.h:181:
"EX"
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Usually for this task uses external url rewriter which has own block
log. For example, ufdbguard/squidguard/dansguardian etc.
Also you can use DB-based ACL's to this task. Which is better than
manual maintained huge plain-text inclusions in squid.
On 26/04/2016 3:51 a.m., Stephen Borrill wrote:
> Is there a way to log which ACL caused a block with http_access? This
> information is present for deny_info to use, but I cannot see a entry I
> can add to logformat to present such a thing in a custom log format (if
> using an external acl helper,
I've searched the documentation and mailing list archives w/o success,
and am not competent to read the source, so asking here: what is
logged as the 'remotehost' in Squid logs when a request that has been
encapsulated, as in from a machine on a local network behind a router
implementing NAT, or fr
Em 24/06/15 15:28, Henry S. Thompson escreveu:
I've searched the documentation and mailing list archives w/o success,
and am not competent to read the source, so asking here: what is
logged as the 'remotehost' in Squid logs when a request that has been
encapsulated, as in from a machine on a loca
Leonardo Rodrigues writes:
> Em 24/06/15 15:28, Henry S. Thompson escreveu:
>> I've searched the documentation and mailing list archives w/o success,
>> and am not competent to read the source, so asking here: what is
>> logged as the 'remotehost' in Squid logs when a request that has been
>> enca
On Friday 26 Jun 2015 at 09:51, Henry S. Thompson wrote:
> > logs will show the IP address that reached squid, ie. the source
> > address of the connection. If that was NATted, squid will never know
> > (and thus is not able to log) the original address before the NAT.
>
> That's what I assum
Antony Stone writes:
> On Friday 26 Jun 2015 at 09:51, Henry S. Thompson wrote:
>
>> > logs will show the IP address that reached squid, ie. the source
>> > address of the connection. If that was NATted, squid will never know
>> > (and thus is not able to log) the original address before the N
On Friday 26 Jun 2015 at 10:42, Henry S. Thompson wrote:
> Antony Stone writes:
> >
> > It's entirely plausible (I'd even say common) for VPN clients to get
> > 192.168 addresses; also if there's a NATting router in the path
> > and Squid is logging its address, that could easily be 192.168..
Antony Stone writes:
> Imagine the following setup:
>
> Organisation has a bunch of servers (maybe at their office in a
> server room, maybe in a data centre, doesn't matter which), some of
> which have public IPs, but all of which have private IPs on an
> internal subnet (for system management pu
65 matches
Mail list logo
