Exclude dstdomain in access.log file

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Exclude dstdomain in access.log file

Roberto Carna
Hi people, I have Debian 9 + Squid 3.5.23.

I'm using squidguard to filter domains and URL's, so in /etc/squid/squid.conf I have:

url_rewrite_program /usr/bin/squidGuard -c /etc/squidguard/squidGuard.conf

I must exclude "hangouts.google.com" domain in /var/log/squid/access.log file.

So firstly I edited in my /etc/squid/squid.conf file:

acl exclude dstdomain hangouts.google.com
access_log none exclude
access_log /var/log/squid/access.log squid

But it didn't work, when I executed "tail -f /var/log/squid/access.log" I could see logs from hangouts.google.com.

After that I edited again my /etc/squid/squid.conf file:

acl exclude dstdomain hangouts.google.com
access_log /var/log/squid/access.log squid !exclude

But it didn't work again.

Please can you tell me what I can do in order to deny logs from hangouts.google.com ???

Thanks a lot, greetings !!!

Robert

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Exclude dstdomain in access.log file

Vacheslav Zouhairy
well ufdbguard is better, it's about time to upgrade..

On Wed, 2020-01-01 at 18:14 -0300, Roberto Carna wrote:
Hi people, I have Debian 9 + Squid 3.5.23.

I'm using squidguard to filter domains and URL's, so in /etc/squid/squid.conf I have:

url_rewrite_program /usr/bin/squidGuard -c /etc/squidguard/squidGuard.conf

I must exclude "hangouts.google.com" domain in /var/log/squid/access.log file.

So firstly I edited in my /etc/squid/squid.conf file:

acl exclude dstdomain hangouts.google.com
access_log none exclude
access_log /var/log/squid/access.log squid

But it didn't work, when I executed "tail -f /var/log/squid/access.log" I could see logs from hangouts.google.com.

After that I edited again my /etc/squid/squid.conf file:

acl exclude dstdomain hangouts.google.com
access_log /var/log/squid/access.log squid !exclude

But it didn't work again.

Please can you tell me what I can do in order to deny logs from hangouts.google.com ???

Thanks a lot, greetings !!!

Robert

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Exclude dstdomain in access.log file

Amos Jeffries
Administrator
In reply to this post by Roberto Carna
On 2/01/20 10:14 am, Roberto Carna wrote:
>
> Please can you tell me what I can do in order to deny logs from
> hangouts.google.com <http://hangouts.google.com> ???

Which of the several FQDN entries in the logs are you seeing it appear?

dstdomain only relates to the URL domain.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Exclude dstdomain in access.log file

Roberto Carna
Dear Amos, I have this log entries that I want to disable:

1577988384.248      0 10.88.1.112 TAG_NONE/503 0 CONNECT hangouts.google.com:443 fchop HIER_NONE/- -
1577988384.435      0 10.88.1.31 TAG_NONE/503 0 CONNECT hangouts.google.com:443 ccardiff HIER_NONE/- -
1577988384.659      0 10.88.1.26 TAG_NONE/503 0 CONNECT hangouts.google.com:443 mtowers HIER_NONE/- -
1577988385.069      3 10.88.1.13 TAG_NONE/503 0 CONNECT hangouts.google.com:443 pmonkey HIER_NONE/- -

Is it possible doing that using "dstdomain" ???

Or maybe squidguard doesn't let do it ?

Thanks a lot again !!!

El jue., 2 ene. 2020 a las 2:55, Amos Jeffries (<[hidden email]>) escribió:
On 2/01/20 10:14 am, Roberto Carna wrote:
>
> Please can you tell me what I can do in order to deny logs from
> hangouts.google.com <http://hangouts.google.com> ???

Which of the several FQDN entries in the logs are you seeing it appear?

dstdomain only relates to the URL domain.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Exclude dstdomain in access.log file

Amos Jeffries
Administrator
On 3/01/20 7:09 am, Roberto Carna wrote:

> Dear Amos, I have this log entries that I want to disable:
>
> 1577988384.248      0 10.88.1.112 TAG_NONE/503 0 CONNECT
> hangouts.google.com:443 <http://hangouts.google.com:443> fchop HIER_NONE/- -
> 1577988384.435      0 10.88.1.31 TAG_NONE/503 0 CONNECT
> hangouts.google.com:443 <http://hangouts.google.com:443> ccardiff
> HIER_NONE/- -
> 1577988384.659      0 10.88.1.26 TAG_NONE/503 0 CONNECT
> hangouts.google.com:443 <http://hangouts.google.com:443> mtowers
> HIER_NONE/- -
> 1577988385.069      3 10.88.1.13 TAG_NONE/503 0 CONNECT
> hangouts.google.com:443 <http://hangouts.google.com:443> pmonkey
> HIER_NONE/- -
>
> Is it possible doing that using "dstdomain" ???

It should be, but yes you have hit a bug. It may be fixed in the latest
Squid version, but I am not certain of that.

>
> Or maybe squidguard doesn't let do it ?
>

squidguard does not have anything to do with the logging issue.

It likely does have something to do with those being 503 though. It is
responsible for telling Squid what URL to send the upstream server - and
a CONNECT tunnel has no such URL, squidguard cannot handle that.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Exclude dstdomain in access.log file

Roberto Carna
Ok Amos, thanks a lot for your help.

I'll try to update my Squid version i order to block the given domains in my access.log file.

Greetings !!!

El vie., 3 ene. 2020 a las 3:15, Amos Jeffries (<[hidden email]>) escribió:
On 3/01/20 7:09 am, Roberto Carna wrote:
> Dear Amos, I have this log entries that I want to disable:
>
> 1577988384.248      0 10.88.1.112 TAG_NONE/503 0 CONNECT
> hangouts.google.com:443 <http://hangouts.google.com:443> fchop HIER_NONE/- -
> 1577988384.435      0 10.88.1.31 TAG_NONE/503 0 CONNECT
> hangouts.google.com:443 <http://hangouts.google.com:443> ccardiff
> HIER_NONE/- -
> 1577988384.659      0 10.88.1.26 TAG_NONE/503 0 CONNECT
> hangouts.google.com:443 <http://hangouts.google.com:443> mtowers
> HIER_NONE/- -
> 1577988385.069      3 10.88.1.13 TAG_NONE/503 0 CONNECT
> hangouts.google.com:443 <http://hangouts.google.com:443> pmonkey
> HIER_NONE/- -
>
> Is it possible doing that using "dstdomain" ???

It should be, but yes you have hit a bug. It may be fixed in the latest
Squid version, but I am not certain of that.

>
> Or maybe squidguard doesn't let do it ?
>

squidguard does not have anything to do with the logging issue.

It likely does have something to do with those being 503 though. It is
responsible for telling Squid what URL to send the upstream server - and
a CONNECT tunnel has no such URL, squidguard cannot handle that.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users