Fisrt time her. Greetings everyone !;
I´ve compiled squidGuard with all netdirect patches. Intersted specially in the
"log verbose"
option.
I intend to eliminate squid logs entirely but for that, I need squidGuard logs
to produce the
output I want.
squidGuard has been compiled with the dbhome and log path where I wanted them,
all file permissions
are correctly set to the squid user and squidGuard is working fine,
blocking/redirecting and
letting pass propely. The problems lies in the way the logs are written.
I have the following config file (actually is a bit longer but these excerpts
will do):
=================
src datacenter {
log verbose datacenter
userlist datacenter-userlist-src
}
src sugep {
log verbose sugep
userlist sugep-userlist-src
}
dest permitidos {
domainlist permitidos-domainlist-dst
expressionlist permitidos-expressionlist-dst
}
dest porn {
domainlist porn/domains
urllist porn/urls
expressionlist porn/expressions
}
acl {
datacenter {
pass all
}
sugep {
pass permitidos !porn all
redirect
http://proxy/perl/blocked?clientaddr=%a&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
}
default {
log padrao
pass permitidos none
redirect
http://192.168.64.253/perl/blocked?clientaddr=%a&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
}
}
=================
With this configuration, squidGuard is logging as this:
1) src datacenter - although log verbose is set, NOTHING gets logged to
datacenter file. (I
expected all entries for datacenter, either src or acl to be in its file)
2) src sugep - although log verbose is set, only what passes by permitidos and
is denied by !porn,
gets logged in the sugep file (again, sugep src or acl logs expected here)
3) acl default - only what is !permitidos is logged to padrao file. I expected
that unmatched
sources would get logged here, but they dont.
if I change the default { log padrao to log verbose padrao, I get the following
behavior:
4) src datacenter - although log verbose is set, NOTHING gets logged to
datacenter file.
5) src sugep - although log verbose is set, only what passes by permitidos and
is denied by !porn,
gets logged in the sugep file
6) acl default - padrao file gets log entries for:
a) every log entry for src datacenter (they will all match *all*)
b) log entries that matches *all* for src sugep
c) whatever is !permitidos and all unmatched sources
The only way I can get the log entries to go to their respective SRCes is if I
completly remove the
log option from default acl. This way, each src log file gets all the entries
that belongs to each
of them. But then, i wont get the unmatched sources to be logged by the default
acl, and I need
them to be logged also !.
thus, taking away the log option from default, I get:
7) src datacenter - EVERYTHING gets logged to datacenter file.
8) src sugep - EVERYTHING gets logged to sugep file
9) acl default - NOTHING gets logged
I need is for 7), 8) and 6)c to happen. I think everyone would agree that
having the logs set out
this way, it will be much better to process and analyse them.
Would anyone have a hint on where in the code should I try to hack to get the
behavior I need?
The code involves YACC and lex, which I am totally unfamiliar with. Would any
one have a top-to-
bottom C source code of squidGuard?
Thanks in advance and forgive my long question.
--
//| //||
// | // ||
-//--//---|| ARIO LOBO
// // ||
---------------------------------
[EMAIL PROTECTED]
http://www.ipad.com.br
