[squid-users] Tagged ACLs?

Dijxie dijxie at gmail.com
Sat May 20 19:37:53 UTC 2017


W dniu 20.05.2017 o 18:07, Ralf Hildebrandt pisze:
> Currently we're using a few blacklists (from abuse.ch) as ACLs on our
> squid installation.
>
> This is working well, but we want to create statistics on how many
> clients were "caught" trying to access blocked sites.
>
> Currently, we're grepping the log for TCP_DENIED in conjunction with the
> patterns from the ACLs. This is working somewhat OK, but if access was
> blocked using a pettern that was in use when the client tried to
> access and was subsequently removed (prior to the time of the log
> analysis process), it won't be found...
>
> Is there any way around this? Like "tagging" rejects or logging the
> ACL that caused the rejection? (Using squid-5 HEAD here)
>
Hi,

Try that:
http://www.squid-cache.org/Doc/config/logformat/
"Access Control related format codes" => "et" can be the thing you are 
looking for.

-- 
Pozdrawiam, Remik

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170520/15c139a3/attachment.html>


More information about the squid-users mailing list