[squid-users] Odd log entries
Alex Rousskov
rousskov at measurement-factory.com
Wed Sep 30 13:42:21 UTC 2020
On 9/30/20 5:29 AM, Ralf Hildebrandt wrote:
> I got quite a lot of those, dunno if they are from 5.0.2 oder 6.HEAD,
> though (mixed log):
> 1601367473.708 0 172.29.138.187 TCP_DENIED/403 3900 CONNECT:35415 - HIER_NONE/- text/html accessRule=notsslports -
> 1601368555.365 2 172.29.130.245 TCP_DENIED/403 3839 CONNECT:31481 - HIER_NONE/- text/html accessRule=notsslports -
> 1601383160.341 435 10.47.52.135 TCP_DENIED/403 4057 CONNECT:5001 - HIER_NONE/- text/html accessRule=notsslports -
> CONNECT, yes, but why is the host missing?
I am even more concerned about the lack of a space character after
"CONNECT". What is your custom logformat definition?
If the problem applies to all denied transactions, then you can probably
tell whether this is v5 or master/v6 problem by sending a manual
to-be-denied request to one or both of the Squid instances in question
and looking for your client address/timestamp in the access log.
Long-term, if you are going to continue mixing access records from
different Squid instances, then I would recommend adding a instance (and
worker) IDs to each access log record.
FWIW, I cannot reproduce this problem using a maser/v6-based branch with
default logformat and CONNECT requests to banned ports, but perhaps the
problem is specific to some CONNECT transactions or some listening port
configurations.
Cheers,
Alex.
More information about the squid-users
mailing list