Re: [squid-users] Applying ACLs to access_log directive

From: Chris Robertson <crobertson_at_gci.net>
Date: Tue, 16 Jun 2009 12:03:51 -0800

Jon Gregory wrote:
> I am using SquidNT 2.7 STABLE 5 on WinXP SP3 running as a service and would like to sense check what I am attempting but failing to achieve. From all the documentation I have read from Visolve, squid-cache.org FAQ and this lists history I am creating a valid set of directives in the below format.
>
> access_log <filepath> [<logformat name> [acl acl ...]]
>
>
>
> I am wanting to direct logging to individual files depending on the source network while still capturing all requests in the access.log. The example below is how I have attempted to implement this but the result is that access.log logs all events which is okay but the network specific logs remain empty.
>
> acl NET_A src 192.168.0.0/24
> acl NET_A src 10.20.30.0/24
> acl NET_B src 192.168.1.0/24
> acl NET_C src 192.168.2.0/24
>
> access_log c:/squid/var/logs/access_NET_A.log squid NET_A
> access_log c:/squid/var/logs/access_NET_B.log squid NET_B
> access_log c:/squid/var/logs/access_NET_C.log squid NET_C
> access_log c:/squid/var/logs/access.log squid
>

That looks right...

> In an attempt to test I have also implemented a usergroup based ACL I can get logging to individual files and to the catch all access.log which works as I would expect.
>
> acl Admins external NT_local_group Administrators
>
> access_log c:/squid/var/logs/access_ADMINS.log squid Admins
> access_log c:/squid/var/logs/access.log squid
>

So it works...

> What am I not understanding? Is there a dependence on the acl type when using access_log?
>

Do the entries in c:/squid/var/logs/access.log show the remotehost IP in
the third column?

Chris
Received on Tue Jun 16 2009 - 20:04:00 MDT

This archive was generated by hypermail 2.2.0 : Wed Jun 17 2009 - 12:00:04 MDT