On 2014-07-08 17:36, Nil Nik wrote:
I am NOT looking for client IP or host. I am looking for target server
IP.
In case of 'ssl_bump none' squid access log shows IP of server instead
of domain.
Nik Nik,
The answer to your original question is that Squid only has the TCP/IP
packet details to work with in intercepted traffic. particularly with
port 443 traffic which has not been decrypted to get the Host header
details.
log_fqdn on is not useful for me.
For the record this option is not even supported by Squid-3.2 and later.
People using it should move to using %>A in a custom log format instead.
The proper way to log rDNS details is with the %<A and %>A log tokens in
a custom logformat.
The %<A format token is the one needed to log server rDNS record.
However it is important to be aware that rDNS record is often different
from the URL domain name being fetched by the client. Server IP address
is far more accurate and reliable for both debugging and reporting.
Amos
----------------------------------------
From: Antony.Stone@xxxxxxxxxxxxxxxxxxxx
To: squid-users@xxxxxxxxxxxxxxx
Date: Mon, 7 Jul 2014 20:14:40 +0200
Subject: Re: Why squid show IP in access log for
transparent proxy?
On Monday 07 July 2014 at 19:44:34, Mark jensen wrote:
to show the domain name instead of IP:
One method would be to make use of this directive in the squid.conf
file to
get the log file to show FQDNs instead of the IPs: log_fqdn on
That's for looking up the hostnames of clients connecting to the
proxy.
i got the impression the original question was about the target server
IP
addresses appearing in the logifles, instead of their DNS names.
this is a good link which may help you:
http://unix.stackexchange.com/questions/134132/how-can-we-make-squid-do-a-r
everse-nslookup
Regards,
Antony.
--
This email was created using 100% recycled electrons.
Please reply to the list;
please don't CC me.
