Search squid archive

Re: Tagged ACLs?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 05/20/2017 10:07 AM, Ralf Hildebrandt wrote:

> we want to create statistics on how many
> clients were "caught" trying to access blocked sites.
> 
> Currently, we're grepping the log for TCP_DENIED in conjunction with the
> patterns from the ACLs. [...]  
> Is there any way around this? Like "tagging" rejects or logging the
> ACL that caused the rejection?

Yes, append an annotate_transaction ACL with a distinct annotation value
to each distinct http_access rule. If you have many such rules, this
should be automated, of course.

Log the added annotation using %note logformat code.

FWIW, the idea of logging "the [name of the] ACL that caused the
rejection" (a la deny_info) does not work well in general because the
same ACL name may appear in many rules (in general). And the idea of
logging the matched http_access rule "number" makes logged values very
fragile -- a single change in http_access lines may change the meaning
of half of the logged values.


HTH,

Alex.

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux