Search squid archive

Re: squid TPROXY and empty access.log

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jack Daniels wrote:
Hello,
I've a problem to log client request activities when Squid is in TPROXY mode.
In squid.conf I have 'access_log /var/log/squid/access.log squid',
this file is correctly created but results empty.

# ls -la /var/log/squid/

-rw-r----- 1 proxy proxy      0 24 mar 16:09 access.log
-rw-r----- 1 proxy proxy 413659 24 mar 16:09 cache.log
-rw-r----- 1 proxy proxy      0 24 mar 16:09 referer.log
-rw-r--r-- 1 root  proxy      6 24 mar 16:09 squid.pid
-rw-r----- 1 proxy proxy      0 24 mar 16:09 store.log

If I remove 'tproxy' option from http_port in squid.conf it seems work
(access.log is correctly written) but I lose the TPROXY Ip spoofing
feature.

Is this a bug?
There is a way to log client request activities in tproxy mode? I need
this feature to use Sarg in this environment.


Sounds like a bug, but there are a few things below you need to clear up before you can be sure its not them...

Thanks in advance.


Here some details:

# uname -r
2.6.28.8

# squid -v
Squid Cache: Version 3.1.0.6
configure options:  '--enable-linux-tproxy' '--enable-linux-netfilter'



http://wiki.squid-cache.org/Features/Tproxy4

"Obsolete --enable-tproxy option. Remains only for legacy v2.2 cttproxy support."

It does things to the kernel TPROXYv4 may not like. Kill it.


'--enable-ssl' '--with-openssl=/usr/include/openssl/'
'--enable-err-languages=EnglisItalian'
'--enable-default-err-language=Italian'

the err options are also DEAD.

'--disable-htcp'
'--with-large-files' '--prefix=/usr' '--exec_prefix=/usr'
'--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--libdir=/usr/lib/squid'
'--libexecdir=/usr/lib/squid' '--docdir=/usr/share/doc/squid'
'--datarootdir=/usr/share/squid' '--datadir=/usr/share/squid'
'--sysconfdir=/etc/squid' '--localstatedir=/var/spool/squid'
'--mandir=/usr/share/man' '--with-logdir=/var/log/squid'
'--enable-inline' '--enable-async-io=8' '--with-pthreads'
'--enable-storeio=ufs,aufs,diskd' '--enable-removal-policies=lru,heap'
'--enable-snmp' '--enable-delay-pools' '--enable-cache-digests'
'--enable-underscores' '--enable-icap-client' '--enable-referer-log'
'--enable-useragent-log' '--enable-follow-x-forwarded-for'
'--enable-auth=basic,digest,ntlm' '--enable-basic-auth-helpers=NCSA'
'--enable-digest-auth-helpers=password'
'--enable-external-acl-helpers=ip_user,unix_group'
'--with-filedescriptors=65536' '--with-default-user=proxy'
--with-squid=/usr/src/squid-3.1.0.6 --enable-ltdl-convenience

# iptables -V
iptables v1.4.3-rc1

# iptables -t mangle -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DIVERT     tcp  --  anywhere             anywhere            socket
TPROXY     tcp  --  anywhere             anywhere            tcp
dpt:www TPROXY redirect 0.0.0.0:3128 mark 0x1/0x1

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Chain DIVERT (1 references)
target     prot opt source               destination
MARK       all  --  anywhere             anywhere            MARK xset
0x1/0xffffffff
ACCEPT     all  --  anywhere             anywhere

# cat /etc/squid/squid.conf
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all

http_port 3128 tproxy
#http_port 3128

http://wiki.squid-cache.org/Features/Tproxy4

"NP: A dedicated squid port for tproxy is REQUIRED"


hierarchy_stoplist cgi-bin ?
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
coredump_dir /var/spool/squid/cache
cache_effective_user proxy
cache_effective_group proxy
access_log /var/log/squid/access.log squid
cache_store_log /var/log/squid/store.log
referer_log /var/log/squid/referer.log

log_access allow all
cache allow all

Two very redundant settings.


# squid -X -d1 -N
<snip squid.conf parse>
2009/03/24 16:04:06.961| Initializing https proxy context
2009/03/24 16:04:06.964| Using SSLv2/SSLv3.
2009/03/24 16:04:06.965| Setting RSA key generation callback.
2009/03/24 16:04:06.965| Setting certificate verification callback.
2009/03/24 16:04:06.965| Setting CA certificate locations.
2009/03/24 16:04:06.965| leave_suid: PID 11891 called
2009/03/24 16:04:06.965| leave_suid: PID 11891 giving up root, becoming 'proxy'

2009/03/24 16:04:06.965| Stopping full transparency: Missing needed
capability support.

That looks serious. It has something to do with libcap-dev.

2009/03/24 16:04:06.965| command-line -X overrides: ALL,1
2009/03/24 16:04:06.966| Starting Squid Cache version 3.1.0.6 for
i686-pc-linux-gnu...
2009/03/24 16:04:06.966| Process ID 11891
2009/03/24 16:04:06.966| With 1024 file descriptors available
2009/03/24 16:04:06.966| Initializing IP Cache...
2009/03/24 16:04:06.966| ipcacheAddEntryFromHosts: Bad IP address '::1'
2009/03/24 16:04:06.966| ipcacheAddEntryFromHosts: Bad IP address 'fe00::0'
2009/03/24 16:04:06.967| ipcacheAddEntryFromHosts: Bad IP address 'ff00::0'
2009/03/24 16:04:06.967| ipcacheAddEntryFromHosts: Bad IP address 'ff02::1'
2009/03/24 16:04:06.967| ipcacheAddEntryFromHosts: Bad IP address 'ff02::2'
2009/03/24 16:04:06.967| ipcacheAddEntryFromHosts: Bad IP address 'ff02::3'
2009/03/24 16:04:06.967| DNS Socket created at 0.0.0.0, FD 5
2009/03/24 16:04:06.967| Adding domain isiline.net from /etc/resolv.conf
2009/03/24 16:04:06.967| Adding nameserver 213.144.64.1 from /etc/resolv.conf
2009/03/24 16:04:06.967| Adding nameserver 213.144.66.1 from /etc/resolv.conf
2009/03/24 16:04:06.968| User-Agent logging is disabled.
2009/03/24 16:04:07.234| Unlinkd pipe opened on FD 11
2009/03/24 16:04:07.238| Local cache digest enabled; rebuild/rewrite
every 3600/3600 sec
2009/03/24 16:04:07.238| Swap maxSize 0 KB, estimated 0 objects
2009/03/24 16:04:07.238| Target number of buckets: 0
2009/03/24 16:04:07.238| Using 8192 Store buckets
2009/03/24 16:04:07.238| Max Mem  size: 262144 KB
2009/03/24 16:04:07.238| Max Swap size: 0 KB
2009/03/24 16:04:07.238| Using Least Load store dir selection
2009/03/24 16:04:07.239| Set Current Directory to /var/spool/squid/cache
2009/03/24 16:04:07.335| Loaded Icons.
2009/03/24 16:04:07.336| Accepting  spoofing HTTP connections at
0.0.0.0:3128, FD 13.
2009/03/24 16:04:07.336| HTCP Disabled.
2009/03/24 16:04:07.337| Squid modules loaded: 0
2009/03/24 16:04:07.337| Adaptation support is off.
2009/03/24 16:04:07.337| Ready to serve requests.

Once the above issues are resolved. I think you will need a cache.log trace of whats happening when a request goes through.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
  Current Beta Squid 3.1.0.6

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux