Search squid archive

Re: access log without hostname

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 9/19/19 10:29 AM, sknz wrote:
> I'm using squid 3.5.3 to intercept https without issuing the client
> certificate.  
> 
> https_port 3127 intercept ssl-bump generate-host-certificates=off
> cert=certs/squid.pem
> ssl_bump none all

> So my squid access log is similar to this. Is there any way to make it more
> meaningful? perhaps hostname?

You can peek at step1 to get access to TLS client handshake information,
which may include TLS SNI. You can also peek at step2 to get access to
TLS server handshake information, which may include TLS server CN and
other details. IIRC, some of those details will be logged automatically
with the default logformat. Others can be logged using TLS-specific
logformat %codes.

  https://wiki.squid-cache.org/Features/SslPeekAndSplice


HTH,

Alex.


> ...............................
> 1568902948.817  65168 10.1.0.1 TCP_TUNNEL/200 891 CONNECT 157.240.16.63:443
> - ORIGINAL_DST/157.240.16.63 - 10.1.0.1
> 1568903081.342 240109 10.1.0.1 TCP_TUNNEL/200 458 CONNECT
> 172.217.163.132:443 - ORIGINAL_DST/172.217.163.132 - 10.1.0.1
> 1568903132.645 240133 10.1.0.1 TCP_TUNNEL/200 99047 CONNECT
> 172.217.31.214:443 - ORIGINAL_DST/172.217.31.214 - 10.1.0.1
> ...............................

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux