On 05/20/2017 10:07 AM, Ralf Hildebrandt wrote: > we want to create statistics on how many > clients were "caught" trying to access blocked sites. > > Currently, we're grepping the log for TCP_DENIED in conjunction with the > patterns from the ACLs. [...] > Is there any way around this? Like "tagging" rejects or logging the > ACL that caused the rejection? Yes, append an annotate_transaction ACL with a distinct annotation value to each distinct http_access rule. If you have many such rules, this should be automated, of course. Log the added annotation using %note logformat code. FWIW, the idea of logging "the [name of the] ACL that caused the rejection" (a la deny_info) does not work well in general because the same ACL name may appear in many rules (in general). And the idea of logging the matched http_access rule "number" makes logged values very fragile -- a single change in http_access lines may change the meaning of half of the logged values. HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users