filter access.log

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

filter access.log

Eric F.
Hi,

I have the following logs :

1598547651.549 120818 192.168.100.105 TCP_TUNNEL/200 3234 CONNECT
dmp.re:443 ericf HIER_DIRECT/213.186.33.2 -
1598547651.549 120726 192.168.100.105 TCP_TUNNEL/200 3234 CONNECT
www.dmp.re:443 ericf HIER_DIRECT/213.186.33.2 -
1598547652.325      0 192.168.100.109 TCP_DENIED/407 3881 CONNECT
g.live.com:443 - HIER_NONE/- text/html
1598547654.216     25 192.168.100.109 TCP_MISS/200 4973 GET
http://192.168.100.89/nagios/cgi-bin/status.cgi? ericf
HIER_DIRECT/192.168.100.89 text/html
1598547662.424      0 192.168.100.109 TCP_DENIED/407 3881 CONNECT
g.live.com:443 - HIER_NONE/- text/html
1598547664.937     26 192.168.100.109 TCP_MISS/200 4978 GET
http://192.168.100.89/nagios/cgi-bin/status.cgi? ericf
HIER_DIRECT/192.168.100.89 text/html
1598547671.345 110538 192.168.100.116 TCP_TUNNEL/200 55246 CONNECT
login.live.com:443 ericf HIER_DIRECT/40.90.22.187 -
1598547672.565      0 192.168.100.109 TCP_DENIED/407 4228 CONNECT
g.live.com:443 - HIER_NONE/- text/html
1598547675.655     25 192.168.100.109 TCP_MISS/200 4974 GET
http://192.168.100.89/nagios/cgi-bin/status.cgi? ericf
HIER_DIRECT/192.168.100.89 text/html
1598547676.192      0 192.168.100.109 TCP_DENIED/407 3881 CONNECT
g.live.com:443 - HIER_NONE/- text/html

Is it possible to remove log that is not authenticated (ldap) ?
I mean these lines :  *- HIER_NONE/- text/html$

Thank's!

-- Eric
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: filter access.log

Amos Jeffries
Administrator
On 28/08/20 7:18 pm, Wesley Mouedine Assaby wrote:
>
> Is it possible to remove log that is not authenticated (ldap) ?

Of course.

With the current Squid versions use a "note" type ACL to match any
details produced by helpers. e.g. the "user=" sent by the authentication
helper.

For example:

 acl hasUser note user
 access_log ... logformat=squid hasUser


Or,

 acl hasUser note user
 access_log none !hasUser
 access_log ...


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users