[squid-users] Squid access.log
rousskov at measurement-factory.com
Thu Jan 16 14:08:06 UTC 2020
On 1/16/20 3:06 AM, Kornexl, Anton wrote:
> I see many requests with CONNECT https:443 in my access.log
> How are these entries triggered?
These records are logged when your Squid is done with an HTTP CONNECT
tunnel or after Squid intercepts a TLS connection. In very broad terms,
they are a sign that your Squid participates in HTTPS transactions.
Normally, there should be more than "https:443" in those CONNECT records.
> They produce errors in some accounting scripts
Consider either fixing the scripts or, if losing information about
CONNECT tunnels is acceptable to your accounting, filtering CONNECT
records out before giving the logs to the scripts.
You can also configure Squid to stop logging CONNECT transactions (using
access_log ACLs), but I do not recommend hiding the truth that may be
critical in a triage.
More information about the squid-users