On 09/08/2011 06:38 AM, Amos Jeffries wrote:
> On 08/09/11 02:21, Tsantilas Christos wrote:
>>
>> Normally an administrator needs to now the IP address the client
>> connected to. It needs the IP address and not listening address.
>> In the case of intercepted connections this information does not exist
>> so why not get this info from listening IP address?
>> Moreover it is practical to have ONE formating code for the above (eg
>> easier to create a script for log analysis)
>>
>
> Your clients scripts apparently need to record Squid receiving IP for
> some kind of analysis.
>
> There is an email from a consultant in Africa waiting to be approved
> moderation in squid-dev (I got it already via netfilter). Who needs to
> reliably and definitively match logged details to packet flow measurements.
>
>
> To cater for both sets of user requirements we must have tags which can
> log both details individually and simultaneously with no confusion as to
> whether the data is coming from the packet or the receiving squid port.
>
> I would prefer only using al->cache->port->a.local for IP same as port,
> but this would show dashes in the forward/accel traffic to a wildcard
> listener. This case client destination was guaranteed to be the proxy
> itself and we can safely avoid the dash by using tcpClient->local. In
> all other cases the receiving IP is configured as listening port in
> http_port or undefined.
> See the scenarios below.
I am wondering if it make sense to use only one "%>la" formating code
and let the "{ARGUMENT}" specify its behaviour. For example use a
"%>la{include_itercepted}" in logformat.
Also we can extend the {ARGUMENT} part to allow more than one arguments ...
Received on Thu Sep 08 2011 - 10:53:42 MDT
This archive was generated by hypermail 2.2.0 : Thu Sep 08 2011 - 12:00:03 MDT