On 4/15/19 8:01 AM, David Touzeau wrote: > Is it possible, sometimes to better understand a bunch of ACLs to log > the last matches or a set of matched acls objects: > 192.168.1.235 - - [15/Apr/2019:15:59:30 +0200] "GET > http://www.msftncsi.com/ncsi.txt HTTP/1.1" 200 211 "-" "curl/7.52.1" > TCP_MISS:HIER_DIRECT text/plain objects1,objects2 Yes, it is possible to do something like that in modern Squids, but covering all ACLs in a non-trivial squid.conf would require tedious manual work or automation. Here is a rough untested recipe: 1. For each named ACL x that you want to access-log, create a wrapper annotation ACL called matchAndLogX: acl x ... acl annotateAfterX annotate_transaction matchedAcls+=x acl matchAndLogX all-of x annotateAfterX 2. For each named ACL x wrapped in step 1, replace all its uses in old squid.conf directives with the matchAndLogX ACLs defined in step 1. For example: http_access deny x y becomes http_access deny matchAndLogX matchAndLogY 3. Add matchedAcls annotation to your logformat definition to log annotations accumulated by the wrapper ACLs defined in step 1: logformat myAccessRecord ... %note{matchedAcls} access_log ... logformat=myAccessRecord ... Depending on your actual configuration, you may be able to reduce the amount of logging/wrapping if you annotate groups of matching ACLs rather than each individual ACL. For example: acl annotateAfterX annotate_transaction matchedAcls+=(x,y) http_access deny x y annotateAfterXandY Needless to say, adding such annotations manually to a non-trivial configuration is a lot of error-prone work! Automating wrapping, monitoring cache.log with elevated debugging levels (see debug_options), or hacking Squid to log the info you need is a better approach in many (most?) cases. HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
