Thanks. That's the answer I expected. The problem is only customer expectation. When there is a mix of bumped and tunneled traffic the logging is not consistent but the helpers provide what's needed as you mentioned. I understand why it is the way it is and will simply explain this to the customer. Thanks for the weekend response. Senor On 6/23/2018 17:09, Alex Rousskov wrote: > On 06/23/2018 04:38 PM, senor wrote: >> Hi all, >> >> I've noticed that a tunneled 443 request is not logged to access.log >> until the client or server terminate which can be a long time. > Yes, CONNECT tunnels are logged when the tunnel is over (i.e., Squid is > done talking to the client and server). This log-at-the-end approach is > similar to other transactions (which may also take a very long time). > > >> Is it possible to get squid to log the CONNECT at tunnel initiation? > It is possible to be notified about CONNECT requests via eCAP and ICAP > interfaces as well as via external ACL helpers. > > It is not possible to log the CONNECT request/response before the tunnel > is over. One could, in principle, separate CONNECT request/response > messages from the established tunnel, and log each "phase" of the tunnel > transaction separately, but I am not sure that is a good idea -- it is > not clear to me why a CONNECT tunnel should be treated differently from > any other HTTP transaction where the both client and server may send > request and response body bytes concurrently (and for a long time). > > > What problem are you trying to solve? > > > Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
