[squid-users] Log Issues

Hi all. Long time reading, first time writing.
Having a strange issue with the logging. Using SquidNT 2.6 on Win2k3 server= . Logging to Native format. Testing kraken and squint for reports. Squid is= set to log FQDN's of the PCs. On some machines, Squid logs part of the FQD= N and then appends the visited link AS the FQDN of the PC. There is no rhyme or reason. Doesn't do it for the same machine all the time or for every machine. Doesn't appear to be on any particular link either. Included below = is an excerpt of the log.
My machines are NOT in the adley.edu domain. It's actually the postalproducts domain. The copy is the correct way it logs. The second is the wrong..

As you can see from the correct vs incorrect, the same machine is affected..

-------------------------------------------------CORRECT LOGS--------------=
-----------------------------------
1231966930.825 219 icm1362.postalproducts.com TCP_MISS/200 2835 CONNECT =
webtrends.chase.com:443 - DIRECT/159.53.64.173 -
1231966931.653 1250 icm1362.postalproducts.com TCP_MISS/200 19963 CONNECT=
 mfasa.chase.com:443 - DIRECT/159.53.60.148 -
1231966931.731 140 icm1362.postalproducts.com TCP_MISS/200 622 CONNECT m=
fasa.chase.com:443 - DIRECT/159.53.60.148 -
1231966934.310 5016 icm1338.postalproducts.com TCP_MISS/200 154743 CONNEC=
T www.abfs.com:443 - DIRECT/159.204.50.123 -
1231966935.544 453 icm1362.postalproducts.com TCP_MISS/200 12875 CONNECT=
 mfasa.chase.com:443 - DIRECT/159.53.60.148 -
1231966937.138 1594 icm1362.postalproducts.com TCP_MISS/200 4040 CONNECT =
chaseonline.chase.com:443 - DIRECT/159.53.60.54 -
1231966937.247 109 icm1362.postalproducts.com TCP_MISS/200 822 CONNECT w=
ebtrends.chase.com:443 - DIRECT/159.53.64.173 - ---------------------------------------------END CORRECT LOGS--------------=
---------------------------------------

------------------------------BEGIN INCORRECTLY REPORTED LOGS -------------=
-----------------------------------------
1231889694.388 94 icm1362.adley.edu TCP_MISS/200 2820 GET http://www.go=
ogle.com/extern_js/f/CgJlbhICdXMrMAo4DSwrMA44AywrMBg4Ayw/EJjyoliR8jA.js - D=
IRECT/74.125.95.99 text/javascript
1231889694.497 78 icm1362.adley.edu TCP_MISS/204 192 GET http://clients=
1.google.com/generate_204 - DIRECT/74.125.95.100 text/html
1231889696.028 78 icm1362.adley.edu TCP_MISS/200 532 GET http://clients=
1.google.com/complete/search? - DIRECT/74.125.95.100 text/javascript
1231889696.341 78 icm1362.adley.edu TCP_MISS/200 521 GET http://clients=
1.google.com/complete/search? - DIRECT/74.125.95.100 text/javascript
1231889696.810 79 icm1362.adley.edu TCP_MISS/200 524 GET http://clients=
1.google.com/complete/search? - DIRECT/74.125.95.100 text/javascript
1231889696.966 78 icm1362.adley.edu TCP_MISS/200 535 GET http://clients=
1.google.com/complete/search? - DIRECT/74.125.95.100 text/javascript
1231889697.106 62 icm1362.adley.edu TCP_MISS/200 542 GET http://clients=
1.google.com/complete/search? - DIRECT/74.125.95.100 text/javascript
1231889697.263 63 icm1362.adley.edu TCP_MISS/200 542 GET http://clients=
1.google.com/complete/search? - DIRECT/74.125.95.100 text/javascript
1231889697.263 3047 icm1362.adley.edu TCP_MISS/200 7425 GET http://www.go=
ogle.com/images/nav_logo4.png - DIRECT/74.125.95.147 image/png
1231889697.591 78 icm1362.adley.edu TCP_MISS/200 543 GET http://clients=
1.google.com/complete/search? - DIRECT/74.125.95.100 text/javascript
1231889699.310 297 icm1362.adley.edu TCP_MISS/200 9612 GET http://www.go=
ogle.com/search? - DIRECT/74.125.95.99 text/html
1231889699.481 62 icm1362.adley.edu TCP_MISS/200 11388 GET http://www.g=
oogle.com/mapdata? - DIRECT/74.125.95.147 image/gif
1231889699.622 31 icm1362.adley.edu TCP_MISS/200 10121 GET http://www.g=
oogle.com/extern_js/f/CgJlbhICdXMrMA44AywrMBY4BCwrMBc4ASwrMBg4AywrMCA4ACwrM=
CE4AywrMCc4ACw/m9o-Fsol5xE.js - DIRECT/74.125.95.147 text/javascript
1231889699.685 32 icm1362.adley.edu TCP_MISS/200 5523 GET http://www.go=
ogle.com/images/swxa.gif - DIRECT/74.125.95.147 image/gif
1231889699.794 203 icm1362.adley.edu TCP_MISS/204 350 GET http://g.micro=
soft.com/_0sfdata/1? - DIRECT/207.68.179.201 -
1231889700.185 313 icm1362.adley.edu TCP_MISS/200 40924 GET http://www.m=
gmgrand.com/ - DIRECT/216.190.168.61 text/html
1231889718.403 47 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_MISS/2= 00 10197 GET http://widgetserver.com/syndication/subscriber/InsertWidget.js=
? joelh DIRECT/63.246.8.185 application/x-javascript
1231889719.060 32 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_HIT/20= 0 91632 GET http://cdn.widgetserver.com/syndication/subscriber/Main.js - NO=
NE/- application/x-javascript
1231889719.231 31 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_MISS/2= 00 3488 GET http://widgetserver.com/syndication/get_widget.js? joelh DIRECT=
/63.246.8.185 application/x-javascript
1231889719.278 31 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_MISS/2= 00 3488 GET http://widgetserver.com/syndication/get_widget.js? joelh DIRECT=
/63.246.8.185 application/x-javascript
1231889719.341 0 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_HIT/20= 0 886 GET http://widgetserver.com/syndication/flash/v8/Helper.swf joelh NON=
E/- application/x-shockwave-flash
1231889719.372 0 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_HIT/20= 0 1911 GET http://cdn.widgetserver.com/syndication/images/indicator.gif joe= lh NONE/- image/gif
1231889719.403 15 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_HIT/20= 0 5209 GET http://pub.widgetbox.com/flash/getwidget.swf - NONE/- applicatio= n/x-shockwave-flash
1231889719.450 62 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_MISS/2= 00 1150 GET http://widgetserver.com/syndication/get_widget.html? joelh DIRE=
CT/63.246.8.185 text/html
1231889719.450 31 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_MISS/2= 00 339 GET http://widgetserver.com/metrics/image.gif? - DIRECT/63.246.8.185= image/gif
1231889719.513 32 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_MISS/2= 00 11605 GET http://cdn.widgetserver.com/syndication/publisher/Main.js? joe= lh DIRECT/72.21.81.133 application/x-javascript
1231889719.638 0 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_HIT/20= 0 2602 GET http://cdn.widgetserver.com/syndication/flash/wrapper/quantcast.=
swf - NONE/- application/x-shockwave-flash
1231889719.716 78 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_MISS/2= 00 2510 GET http://www.google.com/calendar/embed? joelh DIRECT/74.125.95.10=
3 text/html
1231889719.763 60360 icm1550.postalproducts.com TCP_MISS/200 531 CONNECT s=
erver8.dollarsonthenet.net:443 jerilynn DIRECT/67.106.229.37 -
1231889719.778 47 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_MISS/2= 00 5012 GET http://flash.quantserve.com/quant.swf? - DIRECT/64.94.107.24 ap= plication/x-shockwave-flash
1231889719.841 0 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_HIT/20= 0 4495 GET http://www.google.com/calendar/cac5c66d795867837864147e74321fc1e=
mbedcompiled.css joelh NONE/- text/css
1231889719.856 0 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_HIT/20= 0 49948 GET http://www.google.com/calendar/cac5c66d795867837864147e74321fc1=
embedcompiled__en.js - NONE/- application/x-javascript
1231889719.966 0 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_HIT/20= 0 398 GET http://www.google.com/calendar/images/menu_arrow_open.gif joelh N=
ONE/- image/gif
1231889719.997 0 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_HIT/20= 0 422 GET http://www.google.com/calendar/images/btn_menu6.gif joelh NONE/- = image/gif
1231889719.997 0 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_HIT/20= 0 457 GET http://www.google.com/calendar/images/icon_print.gif - NONE/- ima= ge/gif
1231889720.075 62 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_REFRES= H_HIT/200 5715 GET http://calendar.google.com/googlecalendar/images/combine=
d_v5.gif joelh DIRECT/74.125.95.100 image/gif
1231889720.075 62 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_REFRES= H_HIT/200 2260 GET http://calendar.google.com/googlecalendar/images/bubble_=
combined.png joelh DIRECT/74.125.95.102 image/png
1231889720.638 16 icm1024.rightcove.vo.llnwd.net/d5/unsecured/media/161=
2802193/1612802193_7056293001_20090113165000-breaking-thumb.jpg? TCP_MISS/2= 00 356 GET http://flash.quantserve.com/pixel.swf? joelh DIRECT/64.94.107.24= application/x-shockwave-flash ------------------------------------------------------END WRONG ERROR LOGS-=
------------------------------------------------------------------------

I can see the difference, I just don't understand why it's happening. Any h= elp at all would be greatly appreciated!!

Thanks
Dustin

Dustin Hane
IT Support
Ph: 414-290-1128
Fx: 414-290-1515
500 W Oklahoma Ave
Milwaukee, WI 53207
dustinh_at_postalproducts.com
Received on Wed Jan 21 2009 - 18:38:06 MST