[squid-users] Long Group TAG in access.log when using kerberos

David Touzeau david at articatech.com
Wed Jan 31 19:47:09 UTC 2024 

Thank Alex

This will fix the issue!

Le 31/01/2024 à 17:43, Alex Rousskov a écrit :
> On 2024-01-31 09:23, David Touzeau wrote:
>
>> Hi %note is used by our external_acls and for log other tokens
>> And we use also Group as token.
>> it can disabled by direcly removing source kerberos code before 
>> compiling but i would like to know if there is another way
>
> In most cases, one does not have to (and does not really want to) log 
> _all_ transaction annotations. It is possible to specify annotations 
> that should be logged by using the annotation name as a %note parameter.
>
> For example, to just log annotation named foo, use %note{foo} instead 
> of %note.
>
> In many cases, folks that log multiple annotations, prepend the 
> annotation name so that it is easier (especially for humans) to 
> extract the right annotation from the access log record:
>
>     ... foo=%note{foo} bar=%note{bar} ...
>
>
> HTH,
>
> Alex.
>
>
>> Le 31/01/2024 à 14:36, Andrey K a écrit :
>>> Hello, David,
>>>
>>> > Anyway to remove these entries from the log ?
>>> I think you should correct logformat directive in your squid 
>>> configuration to disable annotations logging (%note): 
>>> http://www.squid-cache.org/Doc/config/logformat/
>>>
>>> Kind regards,
>>>       Ankor.
>>>
>>>
>>>
>>>
>>>
>>> ср, 31 янв. 2024 г. в 15:51, David Touzeau <david at articatech.com>:
>>>
>>>     Anyway to remove these entries from the log ?
>>>
>>>     Le 31/01/2024 à 10:01, Andrey K a écrit :
>>>>     Hello, David,
>>>>
>>>>     group values in your logs are BASE64-encoded binary AD-groups 
>>>> SIDs.
>>>>     You can try to decode them by a simple perl script sid-reader.pl
>>>> <http://sid-reader.pl> (see below):
>>>>
>>>>     echo AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShhgBAA==  | base64 -d | perl
>>>>     sid-reader.pl <http://sid-reader.pl>
>>>>
>>>>     And finally convert SID to a group name:
>>>>     wbinfo -s S-01-5-21-407062282-1694779757-312552118-71814
>>>>
>>>>     Kind regards,
>>>>           Ankor
>>>>
>>>>
>>>>     *sid-reader.pl <http://sid-reader.pl>:*
>>>>     #!/usr/bin/perl
>>>> #https://lists.samba.org/archive/linux/2005-September/014301.html
>>>>
>>>>     my $binary_sid;
>>>>     my @parts;
>>>>     while(<>){
>>>>       push @parts, $_;
>>>>     }
>>>>       $binary_sid = join('', @parts);
>>>>
>>>>       my($sid_rev, $num_auths, $id1, $id2, @ids) =
>>>>                     unpack("H2 H2 n N V*", $binary_sid);
>>>>       my $sid_string = join("-", "S", $sid_rev, ($id1<<32)+$id2, 
>>>> @ids);
>>>>       print "$sid_string\n";
>>>>
>>>>
>>>>     вт, 30 янв. 2024 г. в 18:49, David Touzeau <david at articatech.com>:
>>>>
>>>>
>>>>         Hi when using Kerberos with Squid when in access log a long
>>>>         Group tags:
>>>>
>>>>         I would like to know how to disable Squid to grab groups
>>>>         suring authentication verification and in other way, how to
>>>>         decode Group value
>>>>
>>>>         example of an access.log
>>>>
>>>>         |1706629424.779 130984 10.1.12.120 TCP_TUNNEL/500 5443
>>>>         CONNECT eu-mobile.events.data.microsoft.com:443
>>>> <http://eu-mobile.events.data.microsoft.com:443> leblud
>>>>         HIER_DIRECT/13.69.239.72:443 <http://13.69.239.72:443> -
>>>>         mac="00:00:00:00:00:00"
>>>> user:%20leblud%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESBsMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESBaAAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESj34AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESQbcAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESlPQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESNZUAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES/MMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESh5wAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESuc4AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESl8QAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES0AUBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESGnsAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESihgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESnsEAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES8QYBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESNtcAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESX+0AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES8KMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShxUBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShMcAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES0XgAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESMwIBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESQSUBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESAQIAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESufYAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESNAkBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESccMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEStdYAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESFXkAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESb6EAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESFcAAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESluoAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESaLkAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESxY8AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES2cEAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESJ5wAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEST/MAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESLaEAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESlvQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESPLkAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShxgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES98IAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShPgAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESaHsAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESmegAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESiRgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES/tgAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES5IEAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESN9cAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESbQEBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESjZwAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESmsQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESvtIAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESGAEBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESePYAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESfp0AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESuj0AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESA8gAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES7p8AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESQuAAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESZ50AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESJ8AAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESdu0AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESjPYAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESgSUBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESs9YAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESCBQBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESjBgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES4gIBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESVaUAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES730AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESiBgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESGQgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESttYAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES8P0AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES3g0BAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES2sMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESaQ0BAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESuvsAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESKNEAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShscAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESDTsAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES6HsAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESZ3sAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESTvMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES3HgAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESJdkAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES5YcAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES6AUBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESd/YAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESUsQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESz3gAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES2+0AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShhgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESMLEAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESP+AAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESk/QAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESTfoAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESixgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShccAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESVwoAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESQuwAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESA9AAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESQcMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES0QUBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESQOAAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESu5wAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESYcIAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESE9MAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES7oQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES9YQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES9oQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESd5EAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES84QAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES8oQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES74QAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESgHsAAA==%0D%0Agroup:%20AQEAAAAAABIBAAAA%0D%0Aaccessrule:%20final_allow%0D%0Afirst:%20ERROR%0D%0Awebfilter:%20pass%0D%0Aexterr:%20invalid_code_431%0D%0A 
>>>> ua="-" exterr="-|-"|
>>>>
>>>>         --         David Touzeau - Artica Tech France
>>>>         Development team, level 3 support
>>>>         ----------------------------------
>>>>         P: +33 6 58 44 69 46
>>>>         www:https://wiki.articatech.com
>>>>         www:http://articatech.net
>>>>         _______________________________________________
>>>>         squid-users mailing list
>>>> squid-users at lists.squid-cache.org
>>>> https://lists.squid-cache.org/listinfo/squid-users
>>>>
>>>
>>>     --     David Touzeau - Artica Tech France
>>>     Development team, level 3 support
>>>     ----------------------------------
>>>     P: +33 6 58 44 69 46
>>>     www:https://wiki.articatech.com
>>>     www:http://articatech.net
>>
>> -- 
>> David Touzeau - Artica Tech France
>> Development team, level 3 support
>> ----------------------------------
>> P: +33 6 58 44 69 46
>> www:https://wiki.articatech.com
>> www:http://articatech.net
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> https://lists.squid-cache.org/listinfo/squid-users
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users

-- 
David Touzeau - Artica Tech France
Development team, level 3 support
----------------------------------
P: +33 6 58 44 69 46
www:https://wiki.articatech.com
www:http://articatech.net  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20240131/420f8591/attachment-0001.htm>

More information about the squid-users mailing list