Hello everybody, I am facing a problem with my actual access.log configuration. I use this logformat for the access.log : "logformat timereadable %tl %un %Ss %>Hs %>a:%>p %st %rm %ru %mt %<st %Sh %<A %la %lp %2tr" It's all good to trace requests when users are authentified, the login is present into <%un>. But I have some users which are not authentified (because of incompatiblity with their softwares) and then I don't have any information to differentiate which requests are made by each "user". I tried to add <%et> <%ea> <%ul> <%ue>, without any success (the <%ul> just display the same as <%un> in my case). I am searching a way to display a field which would help me to identify the requester. For example, I use an ACL a rule file for each "user" in which several ACLs are defined. (squid/current/etc/current/rule/PXI_TESTPXI_P.conf) Is there a way to use the "matching rule" file in the access log ? Actually, this is the log from an authenticated user : Sep 2 17:08:32 FPVPXI2 squid[312387]: 02/Sep/2024:17:08:32 +0200 test TCP_TUNNEL 200 10.x.x.250:51994 6765 CONNECT www.google.com:443 - 5716 FIRSTUP_PARENT 10.x.x.241 10.x.x.240 3128 326 And one from an unauthenticated user : Sep 2 16:38:47 QFPVPXI2 squid[311234]: 02/Sep/2024:16:38:47 +0200 - TCP_TUNNEL 200 10.x.x.242:22426 6726 CONNECT www.google.com:443 - 5718 FIRSTUP_PARENT 10.x.x.241 10.x.x.240 3128 249 Regards, Xavier _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users