On Wed, 28 Oct 2009 10:26:51 -0400, "Kelly, Jack" <Jack.Kelly@xxxxxxxxxxxxxxxxx> wrote: > Hi everyone, > I have what will probably be a pretty simple question... unfortunately I > need to provide a few details to help explain what I'm trying to do and > why. > > One of the big uses of Squid to our managers is seeing how much time > employees are spending on the internet. To that extent, we've got Squint > installed for analyzing our logs and generating a shiny report that does > exactly that, and can be viewed in an html document hosted right on the > Squid box. Works great. We also authenticate with LDAP so requests can > be tied to user credentials in Squid. Again, works great. > > Here's where the minor hiccup comes in: > I have an acl called 'passthrough' which is basically a list of > domains/keywords/etc that the proxy server will allow requests for > without prompting the user for their credentials. This comes in handy > for programs that like to check for updates online, like Adobe Reader > and iTunes. Unfortunately for my purposes, requests that go through > unauthenticated are recorded in access.log by requestor IP address, > which subsequently gets parsed by Squint and adds gobs of useless > information to the report. > > So, my question: > Is there any way to get Squid to exclude certain types of records from > access.log? Or would I be better off just beefing up our PAC file to > send these 'passthrough' requests around the proxy? > > On second thought, I suppose I could just write and cron a perl script > that nukes lines containing an IP in our DHCP range right before Squint > updates. That feels messy though :) > > Thanks everyone! > Jack > The access_log directive accepts ACLs which map what can be logged to that file. You are after something like: access_log /foo squid !bypass Where "squid" is the logformat (if you have your own custom one there, use that), and "bypass" is the same ACL you use in http_access to bypass (assuming its just one ACL fro that). Amos
