On 1/16/19 2:22 PM, elie...@ngtech.co.il wrote: > The use case of logging certificate generation [...] is security "auditing".
I doubt proper security auditing should rely on the log of _second-level cache_ operations. If you do want to add logging, can you detail your specific needs a little? Perhaps give a couple of specific usage examples that are poorly addressed by current access.log information _and_ should not be addressed by adding more access.log fields. Thank you, Alex. > -----Original Message----- > From: squid-dev <squid-dev-boun...@lists.squid-cache.org> On Behalf Of Alex > Rousskov > Sent: Sunday, December 30, 2018 19:08 > To: squid-dev@lists.squid-cache.org > Subject: Re: [squid-dev] Securtiy_file_gen in a server format development > > On 12/29/18 11:45 PM, Eliezer Croitoru wrote: > >> From what I understood until now it seems that the current ssl_db >> directory structure is simple enough that it might be possible to share >> it across a NFS store. > > I would expect NFS store to work in environments that support file > locking over NFS. For example, NFS flock(2) does not work with Linux > kernels up to v2.6.11. For the list of environment-specific file locking > system calls used by the certificate generator, see Ssl::Lock::lock(). > > >> Since squid is being used in couple locations as a security software it >> would be good for security admins to be able to have some history logs. > > The generated certificate database is just an optimization/cache. > Logging certificate cache operations would probably be as useful/useless > as store.log is for the HTTP cache. It would be good to discuss and > target some specific use cases before designing where and how to log > certificate operations. > > Alex. > > _______________________________________________ > squid-dev mailing list > squid-dev@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-dev > > _______________________________________________ > squid-dev mailing list > squid-dev@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-dev > _______________________________________________ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev