Hi, you can use the owner-match for that, although i'm not sure how good that one works. I just tried that and it seems to work: iptables -A OUTPUT -m owner --cmd-owner squid -j LOG --log-prefix "SQUID: " After surfing a bit i saw a shitload of Squid-data in my logs, like: Feb 8 17:19:56 castor kernel: SQUID: IN= OUT=ppp0 SRC=217.82.6.66 DST=137.226.77.40 LEN=658 TOS=0x00 PREC=0x00 TTL=64 ID=6144 DF PROTO=TCP SPT=39376 DPT=80 WINDOW=5808 RES=0x00 ACK PSH URGP=0 Feb 8 17:19:56 castor kernel: SQUID: IN= OUT=ppp0 SRC=217.82.6.66 DST=137.226.77.40 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=65535 DF PROTO=TCP SPT=39376 DPT=80 WINDOW=8640 RES=0x00 ACK URGP=0 Feb 8 17:19:56 castor kernel: SQUID: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=1610 TOS=0x02 PREC=0x00 TTL=64 ID=63291 DF PROTO=TCP SPT=3128 DPT=39375 WINDOW=32767 RES=0x00 ACK PSH URGP=0 Maybe it works even more reliable if you use the PIDs instead of "cmd-owner" since on Debian squid runs under two users, root and proxy. After starting squid forks a new instance with less priviledges i think... (i runs on port 3128 anyways, why should it run as root in the first place? *shrug*) Hope that helps, Alex. (another one) -- "Mr Data, when I said 'Fire at Will', I didn't mean for you to be so literal." Instructions for use of this post: Insert tounge in cheek. Read as normal.
Attachment:
pgp00317.pgp
Description: PGP signature
