<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#464646" bgcolor="#FFFFFF">
<font face="monospace">Thank Alex<br>
<br>
This will fix the issue!<br>
</font><br>
<div class="moz-cite-prefix">Le 31/01/2024 à 17:43, Alex Rousskov a
écrit :<br>
</div>
<blockquote type="cite"
cite="mid:ed5c55f2-0be1-4087-a6fd-175eea58a570@measurement-factory.com">On
2024-01-31 09:23, David Touzeau wrote:
<br>
<br>
<blockquote type="cite">Hi %note is used by our external_acls and
for log other tokens
<br>
And we use also Group as token.
<br>
it can disabled by direcly removing source kerberos code before
compiling but i would like to know if there is another way
<br>
</blockquote>
<br>
In most cases, one does not have to (and does not really want to)
log _all_ transaction annotations. It is possible to specify
annotations that should be logged by using the annotation name as
a %note parameter.
<br>
<br>
For example, to just log annotation named foo, use %note{foo}
instead of %note.
<br>
<br>
In many cases, folks that log multiple annotations, prepend the
annotation name so that it is easier (especially for humans) to
extract the right annotation from the access log record:
<br>
<br>
... foo=%note{foo} bar=%note{bar} ...
<br>
<br>
<br>
HTH,
<br>
<br>
Alex.
<br>
<br>
<br>
<blockquote type="cite">Le 31/01/2024 à 14:36, Andrey K a écrit :
<br>
<blockquote type="cite">Hello, David,
<br>
<br>
> Anyway to remove these entries from the log ?
<br>
I think you should correct logformat directive in your squid
configuration to disable annotations logging (%note):
<a class="moz-txt-link-freetext" href="http://www.squid-cache.org/Doc/config/logformat/">http://www.squid-cache.org/Doc/config/logformat/</a>
<br>
<br>
Kind regards,
<br>
Ankor.
<br>
<br>
<br>
<br>
<br>
<br>
ср, 31 янв. 2024 г. в 15:51, David Touzeau
<a class="moz-txt-link-rfc2396E" href="mailto:david@articatech.com"><david@articatech.com></a>:
<br>
<br>
Anyway to remove these entries from the log ?
<br>
<br>
Le 31/01/2024 à 10:01, Andrey K a écrit :
<br>
<blockquote type="cite"> Hello, David,
<br>
<br>
group values in your logs are BASE64-encoded binary
AD-groups SIDs.
<br>
You can try to decode them by a simple perl script
sid-reader.pl
<br>
<a class="moz-txt-link-rfc2396E" href="http://sid-reader.pl"><http://sid-reader.pl></a> (see below):
<br>
<br>
echo AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShhgBAA== | base64
-d | perl
<br>
sid-reader.pl <a class="moz-txt-link-rfc2396E" href="http://sid-reader.pl"><http://sid-reader.pl></a>
<br>
<br>
And finally convert SID to a group name:
<br>
wbinfo -s S-01-5-21-407062282-1694779757-312552118-71814
<br>
<br>
Kind regards,
<br>
Ankor
<br>
<br>
<br>
*sid-reader.pl <a class="moz-txt-link-rfc2396E" href="http://sid-reader.pl"><http://sid-reader.pl></a>:*
<br>
#!/usr/bin/perl
<br>
#<a class="moz-txt-link-freetext" href="https://lists.samba.org/archive/linux/2005-September/014301.html">https://lists.samba.org/archive/linux/2005-September/014301.html</a>
<br>
<br>
my $binary_sid;
<br>
my @parts;
<br>
while(<>){
<br>
push @parts, $_;
<br>
}
<br>
$binary_sid = join('', @parts);
<br>
<br>
my($sid_rev, $num_auths, $id1, $id2, @ids) =
<br>
unpack("H2 H2 n N V*", $binary_sid);
<br>
my $sid_string = join("-", "S", $sid_rev,
($id1<<32)+$id2, @ids);
<br>
print "$sid_string\n";
<br>
<br>
<br>
вт, 30 янв. 2024 г. в 18:49, David Touzeau
<a class="moz-txt-link-rfc2396E" href="mailto:david@articatech.com"><david@articatech.com></a>:
<br>
<br>
<br>
Hi when using Kerberos with Squid when in access log
a long
<br>
Group tags:
<br>
<br>
I would like to know how to disable Squid to grab
groups
<br>
suring authentication verification and in other way,
how to
<br>
decode Group value
<br>
<br>
example of an access.log
<br>
<br>
|1706629424.779 130984 10.1.12.120 TCP_TUNNEL/500
5443
<br>
CONNECT eu-mobile.events.data.microsoft.com:443
<br>
<a class="moz-txt-link-rfc2396E" href="http://eu-mobile.events.data.microsoft.com:443"><http://eu-mobile.events.data.microsoft.com:443></a>
leblud
<br>
HIER_DIRECT/13.69.239.72:443
<a class="moz-txt-link-rfc2396E" href="http://13.69.239.72:443"><http://13.69.239.72:443></a> -
<br>
mac="00:00:00:00:00:00"
<br>
user:%20leblud%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESBsMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESBaAAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESj34AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESQbcAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESlPQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESNZUAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES/MMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESh5wAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESuc4AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESl8QAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES0AUBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESGnsAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESihgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESnsEAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES8QYBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESNtcAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESX+0AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES8KMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShxUBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShMcAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES0XgAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESMwIBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESQSUBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESAQIAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESufYAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESNAkBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESccMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEStdYAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESFXkAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESb6EAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESFcAAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESluoAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESaLkAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESxY8AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES2cEAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESJ5wAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEST/MAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESLaEAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESlvQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESPLkAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShxgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES98IAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShPgAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESaHsAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESmegAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESiRgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES/tgAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES5IEAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESN9cAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESbQEBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESjZwAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESmsQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESvtIAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESGAEBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESePYAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESfp0AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESuj0AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESA8gAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES7p8AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESQuAAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESZ50AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESJ8AAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESdu0AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESjPYAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESgSUBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESs9YAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESCBQBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESjBgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES4gIBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESVaUAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES730AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESiBgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESGQgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESttYAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES8P0AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES3g0BAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES2sMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESaQ0BAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESuvsAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESKNEAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShscAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESDTsAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES6HsAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESZ3sAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESTvMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES3HgAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESJdkAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES5YcAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES6AUBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESd/YAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESUsQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESz3gAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES2+0AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShhgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESMLEAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESP+AAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESk/QAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESTfoAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESixgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShccAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESVwoAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESQuwAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESA9AAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESQcMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES0QUBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESQOAAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESu5wAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESYcIAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESE9MAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES7oQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES9YQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES9oQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESd5EAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES84QAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES8oQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES74QAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESgHsAAA==%0D%0Agroup:%20AQEAAAAAABIBAAAA%0D%0Aaccessrule:%20final_allow%0D%0Afirst:%20ERROR%0D%0Awebfilter:%20pass%0D%0Aexterr:%20invalid_code_431%0D%0A
ua="-" exterr="-|-"|
<br>
<br>
-- David Touzeau - Artica Tech France
<br>
Development team, level 3 support
<br>
----------------------------------
<br>
P: +33 6 58 44 69 46
<br>
www:<a class="moz-txt-link-freetext" href="https://wiki.articatech.com">https://wiki.articatech.com</a>
<br>
www:<a class="moz-txt-link-freetext" href="http://articatech.net">http://articatech.net</a> <br>
_______________________________________________
<br>
squid-users mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<br>
<a class="moz-txt-link-freetext" href="https://lists.squid-cache.org/listinfo/squid-users">https://lists.squid-cache.org/listinfo/squid-users</a>
<br>
<br>
</blockquote>
<br>
-- David Touzeau - Artica Tech France
<br>
Development team, level 3 support
<br>
----------------------------------
<br>
P: +33 6 58 44 69 46
<br>
www:<a class="moz-txt-link-freetext" href="https://wiki.articatech.com">https://wiki.articatech.com</a>
<br>
www:<a class="moz-txt-link-freetext" href="http://articatech.net">http://articatech.net</a> <br>
</blockquote>
<br>
-- <br>
David Touzeau - Artica Tech France
<br>
Development team, level 3 support
<br>
----------------------------------
<br>
P: +33 6 58 44 69 46
<br>
www:<a class="moz-txt-link-freetext" href="https://wiki.articatech.com">https://wiki.articatech.com</a>
<br>
www:<a class="moz-txt-link-freetext" href="http://articatech.net">http://articatech.net</a> <br>
<br>
_______________________________________________
<br>
squid-users mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<br>
<a class="moz-txt-link-freetext" href="https://lists.squid-cache.org/listinfo/squid-users">https://lists.squid-cache.org/listinfo/squid-users</a>
<br>
</blockquote>
<br>
_______________________________________________
<br>
squid-users mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<br>
<a class="moz-txt-link-freetext" href="https://lists.squid-cache.org/listinfo/squid-users">https://lists.squid-cache.org/listinfo/squid-users</a>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
David Touzeau - Artica Tech France
Development team, level 3 support
----------------------------------
P: +33 6 58 44 69 46
www: <a class="moz-txt-link-freetext" href="https://wiki.articatech.com">https://wiki.articatech.com</a>
www: <a class="moz-txt-link-freetext" href="http://articatech.net">http://articatech.net</a> </pre>
</body>
</html>