Paul wrote
I have several remote sites running a local copy of squid that in
turn use a parent squid.
I want to improve the logging on the parent squid, at the moment each
site has 1 real external IP address and many internal IP's e.g.
192.168.1.x, in the parent squid access log I see just the 1 real IP
address for all requests as expected.
Ive now configured the remote sites squid to add an X-Forward header
and ive set
follow_x_forwarded_for allow all
acl_uses_indirect_client off
log_uses_indirect_client on
on the parent squid, the access log now shows the internal IP making
the request i.e. 192.168.1.x
However all my sites have the same 192.168.1.x range, is there any
way to make it log both the external IP AND the internal IP e.g.
78.128.146.22,192.168.1.12 so I can narrow down what IP at each site
is viewing?
I dont think there is such a config but if anyone has any
ideas/pointers on how to achieve I would be grateful.
Another thing I have just noticed is I use squidguard as a redirector
on the parent squid, its being passed the internal IP not the direct
IP - is there a way to pass squidguard the direct access IP? I only
want to log the local IP in access.log I dont want it to be used for
any ACL's or redirectors.
Paul
Not good replying twice to my own post but I managed to solve my problem
by using logformat and wanted to show how I did in in case anyone else
had the same situation
acl remote_sites src "/home/squid/remote_sites"
logformat showxff %ts.%03tu %6tr %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
%"{X-Forwarded-For}>h
access_log /var/log/squid/remote.log showxff remote_sites
And the remote.log file shows both the direct ip and the X-Forwarded-For ip
Cheers
Paul
