Rick, I was looking at the normal squid log - yes, I have "emulate_httpd_log" activated. I was having squidGuard log these porn attempts but I didn't really find that useful (well, not yet, anyway). webtrends is the log analysis tool used here, and the common log format seems to emulate our current logging format (we're currently using Netscape proxy server).
My original predicament was trying to create a "403 Forbidden error", even though the squid log file *appeared* to be showing that the site in question was actually reached (hence "DIRECT"). I soon discovered that I was looking in the wrong place in the log file (much like in the first "Indiana Jones" movie, when the bad guys were "looking in the wrong place" for the ark). I should have looked at the status number in the log file and once I played with CGI::pm, the status "403" was showing up in the log file. While I'm not out of the woods yet, I'm seeing the light at the end of the tunnel. Using squidGuard is really great. Thank you for the kind and supportive responses. :) Chris Rick Matthews wrote: > > Chris, > > I'm glad you are getting things figured out. > > > 1. I was looking at the wrong portion of the log output > > (I should have looked at the "status" portion, which is > > the output directly after the "method URL" part (in the > > common log file format, that is). > > You didn't respond to my question about which log file you were viewing. > You did mention "common log file format", so I'll guess that you are > looking at the /squid/access.log, and that your squid.conf file contains > "emulate_httpd_log on". > > I've never used the emulate_httpd_log switch. There is a list of Squid > log file analysis tools here: <http://www.squid-cache.org/Scripts/>. You > didn't mention what you are trying to accomplish, but I've found > Calamaris to be very useful. Anytime you ask something to act like > something else you run the risk of losing information in the > translation. You might want to see if the native log file format will > meet your needs. > > You'll get help for some Squid issues here, but keep in mind, this is a > squidGuard mailing list, not Squid. > > Rick > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chris > Lundell > Sent: Tuesday, December 04, 2001 8:37 AM > To: Rick Matthews > Cc: Squidguard Mailing List > Subject: Re: help on redirects > > Hello Rick, > > Thanks for writing back - I *think* I figured things out: > > 1. I was looking at the wrong portion of the log output (I should have > looked at > the "status" portion, which is the output directly after the "method > URL" part > (in the common log file format, that is). > 2. I ended up using CGI.pm in my script and modifed the header status > using the > "redirect" method with the "-status" argument (i.e., > "$query->redirect( -status > => "403 Forbidden" )";). > > This is all based on the assumption that > > 192.168.100.15 clundell - [04/Dec/2001:09:22:28 -0500] "GET > http://www.porn.com/ > HTTP/1.0" 403 584 TCP_CLIENT_REFRESH_MISS:DIRECT > > will be logged as a "denied" hit and not a hit which was allowed > (because of > "DIRECT" at the end). > > Is this a correct assumption? Thanks again for writing ;). > > Chris > > Rick Matthews wrote: > > > > Hi, I'd be glad to help with your questions but it's not clear to me > > what you are asking. > > > > > 1. How can a redirection (in this case, a CGI script) > > > specifically state a 403 error and not simply a redirection > > > (even though squidGuard acts as a redirection)? > > > > Are you asking *how* to go about getting your redirection to do this? > Or > > are you asking *why* is your redirection doing this? Please post your > > squidGuard.conf so we can see what you are trying to do. > > > > > The log > > > file indicates that the forbidden url was actually reached, > > > when actually it was simply redirected. > > > > Which log is showing that the forbidden url was reached? > > > > > 2. Is it possible not to log these attempts? > > > > Are we still talking about the attempt you mentioned above that was > > successful? Do you not want to log the *successful* ones or the > > *unsuccessful* ones? > > > > Is it possible to not log them *where* (which log file)? > > > > I'll be watching for your reply with answers to these questions. We'll > > have you cooking in no time! > > > > Rick > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of Chris > Lundell > > Sent: Monday, December 03, 2001 1:26 PM > > To: [EMAIL PROTECTED] > > Subject: help on redirects > > > > Hello, > > > > I'm just about finished configuring squidGuard and I have a stumbling > > block: > > > > 1. How can a redirection (in this case, a CGI script) > specifically state > > a 403 > > error and not simply a redirection (even though squidGuard acts as a > > redirection)? The log file indicates that the forbidden url was > > actually > > reached, when actually it was simply redirected. > > 2. Is it possible not to log these attempts? > > > > Thank you, > > Chris > > -- > Chris -- Chris
