Search squid archive

Re: Data usage reported in log files

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Think of one simple thing. Squid does not see and can not see protocols
that do not support. What do you expect from it? Does it work on L1/L2?
No? Then what is the discussion about?


11.03.2017 3:22, Yuri Voinov пишет:
> Of course, there is no stream video from security cams, no voice IP, no
> SIP, no torrents, no RDP, no other protocol. They simple does not exists
> and we're all believe that's all not above over 1% of overall traffic.
> Yes. Sure. Really.
>
> Only web-surfing :) Sure :)
>
>
> 11.03.2017 3:19, Yuri Voinov пишет:
>> 11.03.2017 2:57, Antony Stone пишет:
>>> On Friday 10 March 2017 at 21:50:19, Yuri Voinov wrote:
>>>
>>>> Gentlemen, and it never occurred to you that there are other types of
>>>> traffic besides HTTP / HTTPS, right?
>>>>
>>>> DNS, ICMP, other protocols?
>>> I'm assuming Yosi has been measuring only TCP traffic, but even if he's been 
>>> measuring everything, I don't think DNS, ICMP and other protocols would add 
>>> more than 1% on top of HTTP/S, unless (as Marcus suggested) there is also 
>>> totally-non-Squid traffic on the link being measured.
>> Come on, sure? Even in L7? Really? Cool story, bro!
>>> Antony.
>>>
>>>> 11.03.2017 2:44, Yosi Greenfield пишет:
>>>>> Aha! That could be it. I use sslbump, but not for all users. I'll
>>>>> check that out, although I think that it's a problem even for bumped
>>>>> users. Even for bumped users we don't bump all sites, so that really
>>>>> could be it.
>>>>>
>>>>> Thanks!
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On
>>>>> Behalf Of Marcus Kool
>>>>> Sent: Friday, March 10, 2017 3:38 PM
>>>>> To: squid-users@xxxxxxxxxxxxxxxxxxxxx
>>>>> Subject: Re:  Data usage reported in log files
>>>>>
>>>>> On 10/03/17 16:27, Yosi Greenfield wrote:
>>>>>> Thanks!
>>>>>>
>>>>>> Netflow is much larger.
>>>>>>
>>>>>> I really want to know exactly what site is costing my users data. Many
>>>>>> of our users are on metered connections and are paying for overage,
>>>>>> but I can't tell where that overage is being used. Are they using
>>>>>> youtube, webmail, wetransfer? I see only a fraction of their actual
>>>>>> proxy usage in my squid logs.
>>>>>>
>>>>>> Data compression would give the opposite result, so that's not what
>>>>>> I'm seeing.
>>>>>>
>>>>>> Any other ideas?
>>>>> Is there any traffic that is not directed to Squid?
>>>>>
>>>>> Do you use ssl-bump in bump mode ?
>>>>> If not, Squid has no idea how many bytes go through the (HTTPS) tunnels.
>>>>>
>>>>> Marcus
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx]
>>>>>> On Behalf Of Antony Stone
>>>>>> Sent: Friday, March 10, 2017 2:21 PM
>>>>>> To: squid-users@xxxxxxxxxxxxxxxxxxxxx
>>>>>> Subject: Re:  Data usage reported in log files
>>>>>>
>>>>>> On Friday 10 March 2017 at 20:14:36, Yosi Greenfield wrote:
>>>>>>> Hello all,
>>>>>>>
>>>>>>> I'm analyzing my squid logs with sarg, and I see that the number of
>>>>>>> bytes reported as used by any particular user are often nowhere near
>>>>>>> the bytes reported by netflow and tcpdump.
>>>>>> Which is larger?
>>>>>>
>>>>>>> I'm trying to trace my users' data usage by site, but I'm unable to
>>>>>>> do so from the log files because of this.
>>>>>> Well, what is it you really want to know?
>>>>>>
>>>>>> netflow / tcpdump will give you accurate numbers for the quantity of
>>>>>> data on your Internet link - I assume this is what you're most
>>>>>> interested in?
>>>>>> Squid will show you what quantity of data goes to/from the clients,
>>>>>> but is that really important?
>>>>>>
>>>>>>> Can someone please explain to me what I might be missing? Why does
>>>>>>> squid log report one thing and netflow and tcpdump show something
>>>>>>> else?
>>>>>> Data compression?
>>>>>>
>>>>>> HTTP responses are often gzipped, so if tcpdump is showing you smaller
>>>>>> numbers of bytes than Squid reports, that's what I'd look at first.
>>>>>>
>>>>>>
>>>>>> Antony.

-- 
Bugs to the Future

Attachment: 0x613DEC46.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux