On 25/09/2019 15:29, Alex Rousskov wrote:
On 9/25/19 7:12 AM, Alessandro Andrei wrote:
My access_log file il flooded with messages that I do not want to see
Specifically
1) CONNECT vortex-win.data.microsoft.com
2) TCP_DENIED/407
So I created two ACLs to exclude them from logging and applied it to my access log
acl AuthRequest http_status 407
acl excludefromlog dstdomain .vortex-win.data.microsoft.com
access_log stdio:/var/log/squid/access.log logformat=squid !AuthRequest !excludefromlog
FYI: If you have two unwanted record kinds (one CONNECT and one
TCP_DENIED/407), then you should use a different rule to block _each_
record kind. The current rule only blocks logging of records that match
_both_ conditions. Look for any-of ACL.
Of course, silly me!
Changed to
acl AuthResponse407 http_status 407
acl excludefromlog dstdomain .vortex-win.data.microsoft.com
acl DoNotLog any-of AuthResponse407 excludefromlog
access_log stdio:/var/log/squid/access.log logformat=squid !DoNotLog
but isn't there a way to avoid all this?
You can try patching your Squid or testing the fixed version. The former
may be difficult if you are not running master-based code (future v5).
I'm running version 3.5.20, the one that is installed by default with
Centos 7 repos
I guess I should download and compile version 4.8...
You may also be able to avoid the WARNING if you adjust the rule to
check the "has response" condition before checking AuthRequest. Look for
the "has" ACL. However, you would have to decide whether to log all
records that lack responses. If any of those responses are absent due to
Squid bugs, your decision, whatever it is, may be incorrect in some cases.
OK, if I get it correctly the "has" ACL requires version 4, so I DO have
to upgrade
Anyway it's not clear to me how this check should be done in my
configuration
Thanks!
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users