[squid-users] https log message formatting help
daveh
timor at iinet.net.au
Mon Apr 10 01:36:55 UTC 2017
Thanks for the reply.
Im parsing squid logs to send to a SIEM to identify IOCs. The SIEM agent
requires a URL to be formatted with http|https://<URI>
It knows then that it can break the string out into various components such
as request URL authority, host etc
Your comment on logging https connections is not what I have found. I would
expect that typing https://something.net will return that extact string in
the log. Every https connection is logged as a CONNECT with the FQDN
appended the :443. Is there something in the config to force this to happen?
DOesnt seem to be a way of doing it with log formatting
Im simply rewriting to strip the 443 port and prepending https://. Doesn't
matter to me if CONNECT != HTTPS I simply need my url to be properly formed
in the logs
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/https-log-message-formatting-help-tp4681994p4682037.html
Sent from the Squid - Users mailing list archive at Nabble.com.
More information about the squid-users
mailing list