[squid-users] TUNNEL logging

[senor]

Thanks. That's the answer I expected.

The problem is only customer expectation. When there is a mix of bumped 
and tunneled traffic the logging is not consistent but the helpers 
provide what's needed as you mentioned. I understand why it is the way 
it is and will simply explain this to the customer.

Thanks for the weekend response.

Senor

On 6/23/2018 17:09, Alex Rousskov wrote:
> On 06/23/2018 04:38 PM, senor wrote:
>> Hi all,
>>
>> I've noticed that a tunneled 443 request is not logged to access.log
>> until the client or server terminate which can be a long time.
> Yes, CONNECT tunnels are logged when the tunnel is over (i.e., Squid is
> done talking to the client and server). This log-at-the-end approach is
> similar to other transactions (which may also take a very long time).
>
>
>> Is it  possible to get squid to log the CONNECT at tunnel initiation?
> It is possible to be notified about CONNECT requests via eCAP and ICAP
> interfaces as well as via external ACL helpers.
>
> It is not possible to log the CONNECT request/response before the tunnel
> is over. One could, in principle, separate CONNECT request/response
> messages from the established tunnel, and log each "phase" of the tunnel
> transaction separately, but I am not sure that is a good idea -- it is
> not clear to me why a CONNECT tunnel should be treated differently from
> any other HTTP transaction where the both client and server may send
> request and response body bytes concurrently (and for a long time).
>
>
> What problem are you trying to solve?
>
>
> Alex.