Gentlemen, and it never occurred to you that there are other types of traffic besides HTTP / HTTPS, right? DNS, ICMP, other protocols? 11.03.2017 2:44, Yosi Greenfield пишет: > Aha! That could be it. I use sslbump, but not for all users. I'll > check that out, although I think that it's a problem even for bumped > users. Even for bumped users we don't bump all sites, so that really > could be it. > > Thanks! > > > -----Original Message----- > From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On > Behalf Of Marcus Kool > Sent: Friday, March 10, 2017 3:38 PM > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: Data usage reported in log files > > > > On 10/03/17 16:27, Yosi Greenfield wrote: >> Thanks! >> >> Netflow is much larger. >> >> I really want to know exactly what site is costing my users data. Many >> of our users are on metered connections and are paying for overage, >> but I can't tell where that overage is being used. Are they using >> youtube, webmail, wetransfer? I see only a fraction of their actual >> proxy usage in my squid logs. >> >> Data compression would give the opposite result, so that's not what >> I'm seeing. >> >> Any other ideas? > Is there any traffic that is not directed to Squid? > > Do you use ssl-bump in bump mode ? > If not, Squid has no idea how many bytes go through the (HTTPS) tunnels. > > Marcus > > >> -----Original Message----- >> From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] >> On Behalf Of Antony Stone >> Sent: Friday, March 10, 2017 2:21 PM >> To: squid-users@xxxxxxxxxxxxxxxxxxxxx >> Subject: Re: Data usage reported in log files >> >> On Friday 10 March 2017 at 20:14:36, Yosi Greenfield wrote: >> >>> Hello all, >>> >>> I'm analyzing my squid logs with sarg, and I see that the number of >>> bytes reported as used by any particular user are often nowhere near >>> the bytes reported by netflow and tcpdump. >> Which is larger? >> >>> I'm trying to trace my users' data usage by site, but I'm unable to >>> do so from the log files because of this. >> Well, what is it you really want to know? >> >> netflow / tcpdump will give you accurate numbers for the quantity of >> data on your Internet link - I assume this is what you're most interested > in? >> Squid will show you what quantity of data goes to/from the clients, >> but is that really important? >> >>> Can someone please explain to me what I might be missing? Why does >>> squid log report one thing and netflow and tcpdump show something >>> else? >> Data compression? >> >> HTTP responses are often gzipped, so if tcpdump is showing you smaller >> numbers of bytes than Squid reports, that's what I'd look at first. >> >> >> Antony. >> > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users -- Bugs to the Future
Attachment:
0x613DEC46.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
