Search squid archive

Re: squid v4: logformat log the last denied ACL object

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Le 15/04/2019 à 22:41, Alex Rousskov a écrit :

On 4/15/19 8:01 AM, David Touzeau wrote:


Is it possible, sometimes to better understand a bunch of ACLs to log
the last matches or a set of matched acls objects:
192.168.1.235 - - [15/Apr/2019:15:59:30 +0200] "GET
http://www.msftncsi.com/ncsi.txt HTTP/1.1" 200 211 "-" "curl/7.52.1"
TCP_MISS:HIER_DIRECT text/plain objects1,objects2

Yes, it is possible to do something like that in modern Squids, but
covering all ACLs in a non-trivial squid.conf would require tedious
manual work or automation. Here is a rough untested recipe:

1. For each named ACL x that you want to access-log, create a wrapper
annotation ACL called matchAndLogX:

    acl x ...
    acl annotateAfterX annotate_transaction matchedAcls+=x
    acl matchAndLogX all-of x annotateAfterX


2. For each named ACL x wrapped in step 1, replace all its uses in old
squid.conf directives with the matchAndLogX ACLs defined in step 1. For
example:

    http_access deny x y

becomes

    http_access deny matchAndLogX matchAndLogY


3. Add matchedAcls annotation to your logformat definition to log
annotations accumulated by the wrapper ACLs defined in step 1:

    logformat myAccessRecord ...  %note{matchedAcls}
    access_log ... logformat=myAccessRecord ...


Depending on your actual configuration, you may be able to reduce the
amount of logging/wrapping if you annotate groups of matching ACLs
rather than each individual ACL. For example:

     acl annotateAfterX annotate_transaction matchedAcls+=(x,y)
     http_access deny x y annotateAfterXandY


Needless to say, adding such annotations manually to a non-trivial
configuration is a lot of error-prone work! Automating wrapping,
monitoring cache.log with elevated debugging levels (see debug_options),
or hacking Squid to log the info you need is a better approach in many
(most?) cases.


HTH,

Alex.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users


Thanks !!!

Will try both options



_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux