Re: [squid-users] RE: Store.log filling up

From: Amos Jeffries <squid3@dont-contact.us>
Date: Sat, 06 Oct 2007 23:14:17 +1300

sgmayo@mail.bloomfield.k12.mo.us wrote:
> Amos Jeffries wrote:
>>> From: Henrik Nordstrom <henrik@dont-contact.us>
>>> Date: Tue, 18 Sep 2007 16:57:58 +0200
>>>
>>> On mån, 2007-09-17 at 16:30 -0500, sgmayo@mail.bloomfield.k12.mo.us
>>> wrote:
>>>>> Could spyware or addware cause the store.log to fill up very quickly?
>>> Another tech has had troubles with this in the last couple of days and
>>> was
>>>>> asking. He says that they can clear it out and in no time (not sure
>>>>> how
>>> long, but under an hour) it is filled up and causing problems.
>>>>> Here is a small post of what was in it. Why does it list all the ?????
>>> Thanks for any info.
>>>>> 1190033958.390 RELEASE -1 FFFFFFFF 7B1287005AF9902646FDACC9F3EA9C7F ?
>>>>> ?
>>> ? ? ?/? ?/? ? ?
>>>
>>>> Looks a bit odd.. the ? is when the information is unknown, but these
>>> objects was in memory so the information should have been known I
>>> think..
>>>
>>>> What do access.log say?
>>>> Regards
>>>> Henrik
>>>
>>> He thought he had it figured out, but started getting this problem again
>>> so I am sending his other log files.
>>>
>>> Thanks for any info.
>>>
>>> --
>>> Scott Mayo
>>> System Administrator
>>> Bloomfield Schools
>>>
>>> ----------------------------------------------------------------------------
>>> Squid cache.log
>>>
>>>
>>>
>>> 2007/10/04 12:09:23| Starting Squid Cache version 2.4.STABLE7 for
>>> i586-mandrake-linux-gnu...
>>>
>> Gah! Try using 2.6
>
> Will that actually fix the problem though? I am running 2.4 here also and
> I do not have the kind of problem that he is.
>
> Thanks.
>

Possibly, possibly not. Some problems have very obscure triggers, he may
have it one you missed. It's worth doing for several reasons.

If it does, thats one less problem.

If it doesn't, that itself becomes the first step of the debug process.
We can then open a bug report accurately and start tracing the problem.
We have no interest in debugging code long abandoned.

He is going to have to move to a fixed version after the problem is
found anyway. Doing the groundwork for such a big jump now makes the
next simpler.

I say upgrade mostly because I'm keenly aware of the attack vectors open
in the earlier versions of squid.

Amos
Received on Sat Oct 06 2007 - 04:14:23 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:01 MDT