This gets me close but I do need to somehow log the IP. I tried to figure out a pattern in the access.log that would allow me to grab only 407 status codes and then the next log entry for the IP address if successful (most have been 200) but as this thing gets hit, not sure how well that would work since all entries will be mixed up. I'm sure some creative programming can overcome this. I was trying to find detailed information on helpers and wrappers and I can't find a thing. Is there a tutorial for this that explains, for example, what you did below? -----Original Message----- From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] Sent: Monday, March 26, 2007 2:10 AM To: Korell, Doug Cc: squid-users@xxxxxxxxxxxxxxx Subject: Re: Logging only authentications ons 2007-03-21 klockan 16:31 -0700 skrev Korell, Doug: > I am using Squid for one purpose only, to force PC's with generic > Windows logins to authenticate using AD credentials when accessing the > Internet. I have Squid configured and it's working fine, except the > access.log of course logs all website hits (which we also have > Websense doing). At first I didn't think this would be a big deal but > in testing, if I hit just the mainpage for a site like cnn.com, it logs 150 entries. Hmm.. thinking. HTTP is stateless so there is not really a "login" only "this request was authorized". But I suppose it should be possible to rate-limit the access log somehow. At first I thought maybe this can be done with the session helper, which can be used in many other such situations. However, the access.log acls is "fast" and do not support external lookups such as helpers.. so I guess something need to be coded to support this. > So, is there some way I can log only LDAP authentications and if they > were successful or unsuccessful? You can do this in the auth helper interface, but unfortunately will only tell you the login name and timestamp, not from which station or any other details. Most easily done as a wrapper around the actual auth helper. #!/usr/bin/perl $|=1; use IPC::Open2; my ($in, $out, $logfile); my $logfilename = shift @ARGV; open($logfile, ">>$logfilename") || die; select $logfile; $|=1; open2($out,$in,@ARGV) || die; while(<STDIN>) { my ($login, $password) = split; print $in $_; $ans = <$out>; print $logfile time(). " $login $ans\n"; print $ans; } Used in front of the auth helper in squid.conf together with a log file name. auth_param basic /usr/local/squid/libexec/logauth.pl /usr/local/squid/var/logs/auth.log /usr/local/squid/libexec/squid_ldap_auth -b ... Regards Henrik Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
