Thanks for the reply. Im parsing squid logs to send to a SIEM to identify IOCs. The SIEM agent requires a URL to be formatted with http|https://<URI> It knows then that it can break the string out into various components such as request URL authority, host etc Your comment on logging https connections is not what I have found. I would expect that typing https://something.net will return that extact string in the log. Every https connection is logged as a CONNECT with the FQDN appended the :443. Is there something in the config to force this to happen? DOesnt seem to be a way of doing it with log formatting Im simply rewriting to strip the 443 port and prepending https://. Doesn't matter to me if CONNECT != HTTPS I simply need my url to be properly formed in the logs -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/https-log-message-formatting-help-tp4681994p4682037.html Sent from the Squid - Users mailing list archive at Nabble.com. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
