Paul wrote
>>
>>
>> I have several remote sites running a local copy of squid that in
>> turn use a parent squid.
>>
>> I want to improve the logging on the parent squid, at the moment each
>> site has 1 real external IP address and many internal IP's e.g.
>> 192.168.1.x, in the parent squid access log I see just the 1 real IP
>> address for all requests as expected.
>>
>> Ive now configured the remote sites squid to add an X-Forward header
>> and ive set
>>
>> follow_x_forwarded_for allow all
>> acl_uses_indirect_client off
>> log_uses_indirect_client on
>>
>> on the parent squid, the access log now shows the internal IP making
>> the request i.e. 192.168.1.x
>>
>> However all my sites have the same 192.168.1.x range, is there any
>> way to make it log both the external IP AND the internal IP e.g.
>> 78.128.146.22,192.168.1.12 so I can narrow down what IP at each site
>> is viewing?
>>
>> I dont think there is such a config but if anyone has any
>> ideas/pointers on how to achieve I would be grateful.
>>
>
> Another thing I have just noticed is I use squidguard as a redirector
> on the parent squid, its being passed the internal IP not the direct
> IP - is there a way to pass squidguard the direct access IP? I only
> want to log the local IP in access.log I dont want it to be used for
> any ACL's or redirectors.
>
> Paul
>
Not good replying twice to my own post but I managed to solve my problem
by using logformat and wanted to show how I did in in case anyone else
had the same situation
acl remote_sites src "/home/squid/remote_sites"
logformat showxff %ts.%03tu %6tr %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
%"{X-Forwarded-For}>h
access_log /var/log/squid/remote.log showxff remote_sites
And the remote.log file shows both the direct ip and the X-Forwarded-For ip
Cheers
Paul
Received on Wed Jul 15 2009 - 10:01:00 MDT
This archive was generated by hypermail 2.2.0 : Wed Jul 15 2009 - 12:00:03 MDT