ons 2007-03-21 klockan 16:31 -0700 skrev Korell, Doug:
> I am using Squid for one purpose only, to force PC's with generic
> Windows logins to authenticate using AD credentials when accessing the
> Internet. I have Squid configured and it's working fine, except the
> access.log of course logs all website hits (which we also have Websense
> doing). At first I didn't think this would be a big deal but in testing,
> if I hit just the mainpage for a site like cnn.com, it logs 150 entries.
Hmm.. thinking. HTTP is stateless so there is not really a "login" only
"this request was authorized". But I suppose it should be possible to
rate-limit the access log somehow.
At first I thought maybe this can be done with the session helper, which
can be used in many other such situations. However, the access.log acls
is "fast" and do not support external lookups such as helpers.. so I
guess something need to be coded to support this.
> So, is there some way I can log only LDAP authentications and if they
> were successful or unsuccessful?
You can do this in the auth helper interface, but unfortunately will
only tell you the login name and timestamp, not from which station or
any other details.
Most easily done as a wrapper around the actual auth helper.
#!/usr/bin/perl
$|=1;
use IPC::Open2;
my ($in, $out, $logfile);
my $logfilename = shift @ARGV;
open($logfile, ">>$logfilename") || die;
select $logfile; $|=1;
open2($out,$in,@ARGV) || die;
while(<STDIN>) {
my ($login, $password) = split;
print $in $_; $ans = <$out>;
print $logfile time(). " $login $ans\n";
print $ans;
}
Used in front of the auth helper in squid.conf together with a log file name.
auth_param basic /usr/local/squid/libexec/logauth.pl /usr/local/squid/var/logs/auth.log /usr/local/squid/libexec/squid_ldap_auth -b ...
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Sat Mar 31 2007 - 13:00:02 MDT