Hi, today wake up me more an doubt. 795035 112.215.36.175 TCP_MISS/200 96944 GEThttp://ads.xlxtra.com%2Ferrors%2F%3Ftype=404@xxxxxxxxxxxxxx/pictures/9612330624e58d492b8555.jpg -DIRECT/74.204.173.205 image/jpeg my squid is setup with ntlm ( Integrated Active Directory ) so all users need authenticate. if there ware peoples connected in my proxy by Internet ( as shows the log above ) they were passed user/password so why doesn't show the credentials in log ? there are many connections like that as follow. 1342942154.124 112573 112.215.36.175 TCP_MISS/408 359 GET http://ads.xlxtra.com%2Ferror s%2F%3Ftype=404@xxxxxxxxxxxxxxxxxxxx/img180/46/hitthanks.jpg - DIRECT/208.94.3.14 text/html access.log.1.gz:1342942154.124 112573 112.215.36.175 TCP_MISS/408 359 GET http://ads.xlxtra.com%2Ferror s%2F%3Ftype=404@xxxxxxxxxxxxxxxxxxxx/img187/6110/rainbowon5.gif - DIRECT/208.94.1.75 text/html access.log.1.gz:1342942154.124 112573 112.215.36.175 TCP_MISS/408 359 GET http://ads.xlxtra.com%2Ferror s%2F%3Ftype=404@xxxxxxxxxxxxxxxxxxxx/img713/1883/raj.png - DIRECT/208.94.3.105 text/html access.log.1.gz:1342942170.208 1324968 112.215.36.175 TCP_MISS/206 463358 GET http://ads.xlxtra.com%2Fe rrors%2F%3Ftype=404@xxxxxxxxxxxxxxxxxxxxxx/attachments/44/6/1/1322155347-HANdsOME4HoTTy2-Digital_Playgr ound-Jacks_Big_Ass_Show_Vol_08_-_Full_DvDRip_By_-_RaJ_-_Disc_01_avi.avi - DIRECT/209.212.146.38 video/x -msvideo any tip is welcome thanks 2012/8/1 Usuário do Sistema <maiconlp@xxxxxxxxx>: > thanks, my issue was with security. > > thanks > > > > 2012/8/1 Amos Jeffries <squid3@xxxxxxxxxxxxx>: >> On 02.08.2012 09:37, Usuário do Sistema wrote: >>> >>> Hello, I have been asked what are external ip address in the sarg reports. >>> >>> so I had done a search in access.logs and I found follow access among >>> others. >>> >>> 795035 112.215.36.175 TCP_MISS/200 96944 GET >>> http://ads.xlxtra.com%2Ferrors%2F%3Ftype=40 >>> 4@xxxxxxxxxxxxxx/pictures/9612330624e58d492b8555.jpg - >>> DIRECT/74.204.173.205 image/jpeg >>> >>> please, released there are two external ip address at the initial >>> 112.215.36.175 and at the end 74.204.173.205. >>> >>> when I run a sarg report that access it appear like the most used! it >>> is very strange why it doesn't show a internal ip address instead ? >> >> >> One would assume you know the Squid machine IP address(es) without needing >> them logged on every request. If you have a multi-IP box where that is also >> needed, you can use a custom log format to display the IP at Squids end of >> each TCP connections. >> http://www.squid-cache.org/Doc/config/logformat/ >> >> >>> >>> what is this external access ? >> >> >> http://wiki.squid-cache.org/Features/LogFormat >> >> The one on the right (next to DIRECT/) is the IP of the server providing the >> response. Every MISS or REFRESH will have a server where the upstream data >> came from. >> >> The one on left (next to TCP_MISS) is the IP of the client making the >> request. One would expect you to know who your users are and where they are >> located. If that IP is known not to be a legit customer/client of your Squid >> something is wrong with your security access controls. >> >> >> Amos >>
