Search squid archive

Log Issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all. Long time reading, first time writing.
Having a strange issue with the logging. Using SquidNT 2.6 on Win2k3 server= . Logging to Native format. Testing kraken and squint for reports. Squid is=  set to log FQDN's of the PCs. On some machines, Squid logs part of the FQD= N and then appends the visited link AS the FQDN of the PC. There is no rhyme or reason. Doesn't do it for the same machine all the time or for every machine. Doesn't appear to be on any particular link either. Included below = is an excerpt of the log.
My machines are NOT in the adley.edu domain. It's actually the postalproducts domain. The copy is the correct way it logs. The second is the wrong..

As you can see from the correct vs incorrect, the same machine is affected..

-------------------------------------------------CORRECT LOGS--------------=
-----------------------------------
1231966930.825    219 icm1362.postalproducts.com TCP_MISS/200 2835 CONNECT =
webtrends.chase.com:443 - DIRECT/159.53.64.173 -
1231966931.653   1250 icm1362.postalproducts.com TCP_MISS/200 19963 CONNECT=
 mfasa.chase.com:443 - DIRECT/159.53.60.148 -
1231966931.731    140 icm1362.postalproducts.com TCP_MISS/200 622 CONNECT m=
fasa.chase.com:443 - DIRECT/159.53.60.148 -
1231966934.310   5016 icm1338.postalproducts.com TCP_MISS/200 154743 CONNEC=
T www.abfs.com:443 - DIRECT/159.204.50.123 -
1231966935.544    453 icm1362.postalproducts.com TCP_MISS/200 12875 CONNECT=
 mfasa.chase.com:443 - DIRECT/159.53.60.148 -
1231966937.138   1594 icm1362.postalproducts.com TCP_MISS/200 4040 CONNECT =
chaseonline.chase.com:443 - DIRECT/159.53.60.54 -
1231966937.247    109 icm1362.postalproducts.com TCP_MISS/200 822 CONNECT w=
ebtrends.chase.com:443 - DIRECT/159.53.64.173 - ---------------------------------------------END CORRECT LOGS--------------=
---------------------------------------



------------------------------BEGIN INCORRECTLY REPORTED LOGS -------------=
-----------------------------------------
1231889694.388     94 icm1362.adley.edu TCP_MISS/200 2820 GET http://www.go=
ogle.com/extern_js/f/CgJlbhICdXMrMAo4DSwrMA44AywrMBg4Ayw/EJjyoliR8jA.js - D=
IRECT/74.125.95.99 text/javascript
1231889694.497     78 icm1362.adley.edu TCP_MISS/204 192 GET http://clients=
1.google.com/generate_204 - DIRECT/74.125.95.100 text/html
1231889696.028     78 icm1362.adley.edu TCP_MISS/200 532 GET http://clients=
1.google.com/complete/search? - DIRECT/74.125.95.100 text/javascript
1231889696.341     78 icm1362.adley.edu TCP_MISS/200 521 GET http://clients=
1.google.com/complete/search? - DIRECT/74.125.95.100 text/javascript
1231889696.810     79 icm1362.adley.edu TCP_MISS/200 524 GET http://clients=
1.google.com/complete/search? - DIRECT/74.125.95.100 text/javascript
1231889696.966     78 icm1362.adley.edu TCP_MISS/200 535 GET http://clients=
1.google.com/complete/search? - DIRECT/74.125.95.100 text/javascript
1231889697.106     62 icm1362.adley.edu TCP_MISS/200 542 GET http://clients=
1.google.com/complete/search? - DIRECT/74.125.95.100 text/javascript
1231889697.263     63 icm1362.adley.edu TCP_MISS/200 542 GET http://clients=
1.google.com/complete/search? - DIRECT/74.125.95.100 text/javascript
1231889697.263   3047 icm1362.adley.edu TCP_MISS/200 7425 GET http://www.go=
ogle.com/images/nav_logo4.png - DIRECT/74.125.95.147 image/png
1231889697.591     78 icm1362.adley.edu TCP_MISS/200 543 GET http://clients=
1.google.com/complete/search? - DIRECT/74.125.95.100 text/javascript
1231889699.310    297 icm1362.adley.edu TCP_MISS/200 9612 GET http://www.go=
ogle.com/search? - DIRECT/74.125.95.99 text/html
1231889699.481     62 icm1362.adley.edu TCP_MISS/200 11388 GET http://www.g=
oogle.com/mapdata? - DIRECT/74.125.95.147 image/gif
1231889699.622     31 icm1362.adley.edu TCP_MISS/200 10121 GET http://www.g=
oogle.com/extern_js/f/CgJlbhICdXMrMA44AywrMBY4BCwrMBc4ASwrMBg4AywrMCA4ACwrM=
CE4AywrMCc4ACw/m9o-Fsol5xE.js - DIRECT/74.125.95.147 text/javascript
1231889699.685     32 icm1362.adley.edu TCP_MISS/200 5523 GET http://www.go=
ogle.com/images/swxa.gif - DIRECT/74.125.95.147 image/gif
1231889699.794    203 icm1362.adley.edu TCP_MISS/204 350 GET http://g.micro=
soft.com/_0sfdata/1? - DIRECT/207.68.179.201 -
1231889700.185    313 icm1362.adley.edu TCP_MISS/200 40924 GET http://www.m=
gmgrand.com/ - DIRECT/216.190.168.61 text/html
1231889718.403     47 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_MISS/2= 00 10197 GET http://widgetserver.com/syndication/subscriber/InsertWidget.js=
? joelh DIRECT/63.246.8.185 application/x-javascript
1231889719.060     32 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_HIT/20= 0 91632 GET http://cdn.widgetserver.com/syndication/subscriber/Main.js - NO=
NE/- application/x-javascript
1231889719.231     31 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_MISS/2= 00 3488 GET http://widgetserver.com/syndication/get_widget.js? joelh DIRECT=
/63.246.8.185 application/x-javascript
1231889719.278     31 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_MISS/2= 00 3488 GET http://widgetserver.com/syndication/get_widget.js? joelh DIRECT=
/63.246.8.185 application/x-javascript
1231889719.341      0 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_HIT/20= 0 886 GET http://widgetserver.com/syndication/flash/v8/Helper.swf joelh NON=
E/- application/x-shockwave-flash
1231889719.372      0 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_HIT/20= 0 1911 GET http://cdn.widgetserver.com/syndication/images/indicator.gif joe= lh NONE/- image/gif
1231889719.403     15 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_HIT/20= 0 5209 GET http://pub.widgetbox.com/flash/getwidget.swf - NONE/- applicatio= n/x-shockwave-flash
1231889719.450     62 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_MISS/2= 00 1150 GET http://widgetserver.com/syndication/get_widget.html? joelh DIRE=
CT/63.246.8.185 text/html
1231889719.450     31 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_MISS/2= 00 339 GET http://widgetserver.com/metrics/image.gif? - DIRECT/63.246.8.185=  image/gif
1231889719.513     32 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_MISS/2= 00 11605 GET http://cdn.widgetserver.com/syndication/publisher/Main.js? joe= lh DIRECT/72.21.81.133 application/x-javascript
1231889719.638      0 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_HIT/20= 0 2602 GET http://cdn.widgetserver.com/syndication/flash/wrapper/quantcast.=
swf - NONE/- application/x-shockwave-flash
1231889719.716     78 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_MISS/2= 00 2510 GET http://www.google.com/calendar/embed? joelh DIRECT/74.125.95.10=
3 text/html
1231889719.763  60360 icm1550.postalproducts.com TCP_MISS/200 531 CONNECT s=
erver8.dollarsonthenet.net:443 jerilynn DIRECT/67.106.229.37 -
1231889719.778     47 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_MISS/2= 00 5012 GET http://flash.quantserve.com/quant.swf? - DIRECT/64.94.107.24 ap= plication/x-shockwave-flash
1231889719.841      0 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_HIT/20= 0 4495 GET http://www.google.com/calendar/cac5c66d795867837864147e74321fc1e=
mbedcompiled.css joelh NONE/- text/css
1231889719.856      0 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_HIT/20= 0 49948 GET http://www.google.com/calendar/cac5c66d795867837864147e74321fc1=
embedcompiled__en.js - NONE/- application/x-javascript
1231889719.966      0 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_HIT/20= 0 398 GET http://www.google.com/calendar/images/menu_arrow_open.gif joelh N=
ONE/- image/gif
1231889719.997      0 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_HIT/20= 0 422 GET http://www.google.com/calendar/images/btn_menu6.gif joelh NONE/- = image/gif
1231889719.997      0 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_HIT/20= 0 457 GET http://www.google.com/calendar/images/icon_print.gif - NONE/- ima= ge/gif
1231889720.075     62 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_REFRES= H_HIT/200 5715 GET http://calendar.google.com/googlecalendar/images/combine=
d_v5.gif joelh DIRECT/74.125.95.100 image/gif
1231889720.075     62 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_REFRES= H_HIT/200 2260 GET http://calendar.google.com/googlecalendar/images/bubble_=
combined.png joelh DIRECT/74.125.95.102 image/png
1231889720.638     16 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_MISS/2= 00 356 GET http://flash.quantserve.com/pixel.swf? joelh DIRECT/64.94.107.24=  application/x-shockwave-flash ------------------------------------------------------END WRONG ERROR LOGS-=
------------------------------------------------------------------------

I can see the difference, I just don't understand why it's happening. Any h= elp at all would be greatly appreciated!!

Thanks
Dustin

Dustin Hane
IT Support
Ph: 414-290-1128
Fx: 414-290-1515
500 W Oklahoma Ave
Milwaukee, WI 53207
dustinh@xxxxxxxxxxxxxxxxxx





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux