On 08/28/2011 01:10 PM, Amos Jeffries wrote:
> On 29/08/11 06:39, Tsantilas Christos wrote:
>> On 08/27/2011 08:03 PM, Amos Jeffries wrote:
>>> On 28/08/11 02:50, Tsantilas Christos wrote:
>>>> %>la for intercepted connections
>>>>
>>>> This patch adjusts the %>la logformat code handling for intercepted
>>>> connections
>>>> based on the following rules:
>>>> - If the corresponding http_port or https_port option has an explicit
>>>> listening host name or IP address, then log the IP address.
>>>> - Otherwise, log a dash character.
>>>>
>>>> Also adjusts %>lp logformat code handling for intercepted
>>>> connections to
>>>> always
>>>> log the port number from the corresponding http_port or https_port
>>>> option.
>>>
>>> +1. Looks fine.
>>>
>>> Amos
>>
>> I will commit this patch to trunk if there is not any objection.
>>
>>
>> PS. I forgot to mention that this is a Measurement Factory project.
>
>
> This whole thing itches a worry in the back of my mind. Updating the
> release notes about %>la creation today makes me realize what it is.
>
> We are using ">" on tags to indicate incoming things,
I do not think that part is accurate. I will try to provide a better
definition below.
> usually state
> shared with the clients view of the world. This change makes the tag
> loose that overlap with the clients world view on intercepted traffic.
>
> What do you think about resurrecting %la / %lp for this data instead?
I think ">" is the right choice here because we are logging the Squid
address where the client has connected to:
">" means information related to the client-Squid connection
"<" means information related to the Squid-server connection
"l" means information related to the Squid side of a connection
Thus,
">l" means information related to the Squid side of a client-Squid
connection, and that is what we want to log.
We could add another logformat code to log the IP address where the
intercepted client was _trying_ to connect to, but nobody has asked to
log that information yet, AFAIK.
HTH,
Alex.
Received on Tue Aug 30 2011 - 21:56:15 MDT
This archive was generated by hypermail 2.2.0 : Wed Aug 31 2011 - 12:00:03 MDT