[squid-users] Logging

Garbacik, Joe Joseph.Garbacik at netapp.com
Tue May 23 18:34:00 UTC 2017


I am trying to separate logs so that in the log entries define why it was blocked. For example, I have created the following log formats:

logformat MyAllowSuccessLog  local_time="[%tl]" action=ALLOW status=SUCCESS ** orig_src_ip=%{X-Forwarded-For}>h proxy_src_ip=%>a proxy_src_port=%>p dst_ip=%<a dst_host=%<A dst_port=%<p ident_username=%[ui username=%[un request_method=%rm request="%rm %ru HTTP/%rv" status_code=%>Hs referer="%{Referer}>h" user_agent="%{User-Agent}>h" protocol_version=%rv squid_status=%Ss squid_hierarchy_status=%Sh ** dns_response_time=%dt response_time=%tr mime_type=%mt **  total_request_size=%>st total_reply_size=%<st **

logformat MyAllowFailureLog  local_time="[%tl]" action=ALLOW status=FAILURE ** orig_src_ip=%{X-Forwarded-For}>h proxy_src_ip=%>a proxy_src_port
=%>p dst_ip=%<a dst_host=%<A dst_port=%<p ident_username=%[ui username=%[un request_method=%rm request="%rm %ru HTTP/%rv" status_code=%>Hs referer="%{Referer}>h" user_agent="%{User-Agent}>h" protocol_version=%rv squid_status=%Ss squid_hierarchy_status=%Sh ** dns_response_time=%dt response_time=%tr mime_type=%mt **  total_request_size=%>st total_reply_size=%<st **

logformat MyDenyPortLog  local_time="[%tl]" action=DENY status=DENIED reason=PORT ** orig_src_ip=%{X-Forwarded-For}>h proxy_src_ip=%>a proxy_src_port=%>p dst_ip=%<a dst_host=%<A dst_port=%<p ident_username=%[ui username=%[un request_method=%rm request="%rm %ru HTTP/%rv" status_code=%>Hs referer="%{Referer}>h" user_agent="%{User-Agent}>h" protocol_version=%rv squid_status=%Ss squid_hierarchy_status=%Sh ** dns_response_time=%dt response_time=%tr mime_type=%mt **  total_request_size=%>st total_reply_size=%<st **

logformat MyDenyProtocolLog  local_time="[%tl]" action=DENY status=DENIED reason=PROTOCOL ** orig_src_ip=%{X-Forwarded-For}>h proxy_src_ip=%>a proxy_src_port=%>p dst_ip=%<a dst_host=%<A dst_port=%<p ident_username=%[ui username=%[un request_method=%rm request="%rm %ru HTTP/%rv" status_code=%>Hs referer="%{Referer}>h" user_agent="%{User-Agent}>h" protocol_version=%rv squid_status=%Ss squid_hierarchy_status=%Sh ** dns_response_time=%dt response_time=%tr mime_type=%mt **  total_request_size=%>st total_reply_size=%<st **

acl success_codes http_status 100-199 # informational
acl success_codes http_status 200-299 # successful transactions
acl success_codes http_status 300-399 # redirection

Then in my access rules, I am doing the following:
# - Block to Unsafe Ports
http_access deny !Safe_ports
deny_info ERR_BLOCKED_PORT.html !Safe_ports
access_log /var/log/squid/access_denied.log MyDenyPortLog !Safe_ports

http_access allow 
http_access allow ApprovedDestinations
access_log /var/log/squid/access_haproxy.log MyAllowSuccessLog  success  ApprovedDestinations
access_log /var/log/squid/access_haproxy.log MyAllowFailureLog !success ApprovedDestinations

If there a better way to accomplish this? Can I add a string like an acl when it matches so I can log on which http_access rule was matched?




More information about the squid-users mailing list