unique access.log for specific ACLs

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

unique access.log for specific ACLs

Joey Officer

Apologies if this has been covered before, but I could not find an archived discussion on the same topic.  Is it possible to assign a unique log file output to a specific ACL?  The use case is that we’ve begun blocking certain sites and we would like to begin logging the attempted access.

 

I’d suspect something similar to the following:

 

(squid 3.5.12)

#blocking

acl isf_blacklist dstdom_regex "/etc/squid/block.txt"

access_log daemon:/var/log/squid/blocked.log isf_blacklist

http_access deny isf_blacklist

deny_info TCP_RESET isf_blacklist

 

Appreciate any guidance that can be provided.

 

Joey

 


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: unique access.log for specific ACLs

Alex Rousskov
On 04/09/2018 08:10 AM, Joey Officer wrote:
> Apologies if this has been covered before, but I could not find an
> archived discussion on the same topic.  Is it possible to assign a
> unique log file output to a specific ACL?

Yes, it is. See your own example below for a sketch.

> acl isf_blacklist dstdom_regex "/etc/squid/block.txt"
> access_log daemon:/var/log/squid/blocked.log isf_blacklist
> http_access deny isf_blacklist
> deny_info TCP_RESET isf_blacklist


However, please note that ACLs are evaluated in a particular directive
context so their evaluation results may change even within one HTTP
transaction scope. For example, a given ACL that did not match in
http_access rules may match when access_log rules are evaluated. There
was a more detailed discussion about that a few days ago:

http://lists.squid-cache.org/pipermail/squid-users/2018-April/018017.html


HTH,

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: unique access.log for specific ACLs

Matus UHLAR - fantomas
In reply to this post by Joey Officer
On 09.04.18 14:10, Joey Officer wrote:

>Apologies if this has been covered before, but I could not find an archived
> discussion on the same topic.  Is it possible to assign a unique log file
> output to a specific ACL?  The use case is that we've begun blocking
> certain sites and we would like to begin logging the attempted access.
>
>I'd suspect something similar to the following:
>
>(squid 3.5.12)
>#blocking
>acl isf_blacklist dstdom_regex "/etc/squid/block.txt"

note that dstdom_regex is quite infeffective (although not as much
as url_regex), since regulatrr expression matching is CPU hungry.
use dstdomain whenever possible.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Christian Science Programming: "Let God Debug It!".
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users