On Tue, 7 Jan 2003, Jay Turner wrote:
> Does anyone have any opinions/advice on the use of ident?
We used ident logging for accountability from one of our multi-user
systems (not for the everything, as this may have increased overhead
significantly).
With an LVS cluster of squid systems, and persistance between ports 3128
and 113, we found no usernames were being logged. This was due to our
non-NAT cluster and the IP addresses associated with the ident request
being different to the IP addresses perceived to be associated with the
squid request (e.g. the squid request terminated on the virtual IP at our
end, whereas the ident request originated from an individual cluster
backend system).
As a result, I have a small patch against 2.4.STABLE6 (which would probably
go against other version too, although I've not tested this), where the
originating address for ident requests can be set in the squid.conf file.
This allows the request to appear to original from the virtual IP, and thus
through the persistance get routed back to the correct backend. Because
the IPs match the squid connection, the identd returns valid user
information which squid then logs.
Apologies for the long-winded nature of the post - just thought it might be
of interest. If anyone wants the patch, email me.
-- Andrew Veitch, JANET Web Cache Service / Manchester University Cache Support mailto:andrew.veitch@man.ac.uk http://wwwcache.ja.net/Received on Tue Jan 07 2003 - 06:25:06 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:29 MST