supress some special error messages fromm access.log

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

supress some special error messages fromm access.log

Verwaiser
Hello,
since updating our proxy (now squid 4.03) I get very very many error
messages like the following examples:

/192.168.12.120 - - [30/Aug/2018:12:11:51 +0200] "NONE
error:transaction-end-before-headers NONE/0.0" 0 0 NONE:HIER_NONE
192.168.12.37 - biew [30/Aug/2018:12:11:51 +0200] "CONNECT
ad11.adfarm1.adition.com:443 HTTP/1.1" 200 1004 TCP_TUNNEL:HIER_DIRECT
192.168.12.117 - - [30/Aug/2018:12:11:51 +0200] "NONE
error:transaction-end-before-headers NONE/0.0" 0 0 NONE:HIER_NONE
192.168.12.37 - - [30/Aug/2018:12:11:52 +0200] "NONE
error:transaction-end-before-headers NONE/0.0" 0 0 NONE:HIER_NONE
192.168.12.135 - - [30/Aug/2018:12:11:52 +0200] "NONE
error:transaction-end-before-headers NONE/0.0" 0 0 NONE:HIER_NONE
192.168.12.52 - - [30/Aug/2018:12:11:52 +0200] "NONE
error:transaction-end-before-headers NONE/0.0" 0 0 NONE:HIER_NONE
192.168.12.135 - - [30/Aug/2018:12:11:52 +0200] "NONE
error:transaction-end-before-headers NONE/0.0" 0 0 NONE:HIER_NONE
192.168.12.220 - - [30/Aug/2018:12:11:52 +0200] "NONE
error:transaction-end-before-headers NONE/0.0" 0 0 NONE:HIER_NONE
192.168.12.52 - - [30/Aug/2018:12:11:52 +0200] "NONE
error:transaction-end-before-headers NONE/0.0" 0 0 NONE:HIER_NONE/

How can I get rid of these messages? Is it possible to construct an ACL like

/acl noTransactionError url_regex -i "error:transaction-end-before-headers"
access_log none noTransactionError /

(doesnt work...)

Holger



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: supress some special error messages fromm access.log

Alex Rousskov
On 08/30/2018 08:03 AM, Verwaiser wrote:

> since updating our proxy (now squid 4.03) I get very very many error
> messages like the following examples:
>
> /192.168.12.120 - - [30/Aug/2018:12:11:51 +0200] "NONE
> error:transaction-end-before-headers NONE/0.0" 0 0 NONE:HIER_NONE

AFAIK, the following email summarizes the current status of those
transaction-end-before-headers log entries:
http://lists.squid-cache.org/pipermail/squid-users/2017-June/015781.html


> How can I get rid of these messages? Is it possible to construct an ACL

Probably yes. Look at your access log entries and try (a combination of)
simple ACLs that are likely to match logged default/zero values: port,
localport, proto, method, http_status, hier_code, and has.

When designing your ACLs, be as restrictive as you can to minimize the
chance of false positives (that you will never see logged and so you
will not know that they exist). It may be a good idea to log all matches
into a separate log so that you can easily double check that they all
have error:transaction-end-before-headers.

Once you figure it out, please post the winning combination here.


> like
> /acl noTransactionError url_regex -i "error:transaction-end-before-headers"
> access_log none noTransactionError /
>
> (doesnt work...)

If url_regex does not work in this context, it is a bug. The same bug
probably makes the workaround mentioned above possible. You can
facilitate fixing this bug instead of fiddling with ACLs, of course.


HTH,

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users