Re: [squid-users] Information flodded in logfiles

From: Kinkie <gkinkie_at_gmail.com>
Date: Wed, 16 Sep 2009 19:19:42 +0200

That's some broken clients asking for things without providing the
necessary authentication. There is nothing to do about it,
debug_options doesn't affect access.log .

Your best course of action, if you are in a corporate environment, is
find who is using the PC at address 192.168.42.30, understand what
software is misbehaving, and fix it up.
Banyan (I hope I got the first name right, if not I apologize) got it
right though, you need to set the log management infrastructure up in
any case. If you're running on a Linux system, you should look into
logrotate (it comes standard on any distribution I know of), otherwise
you can check squid's build-in log rotation feature (see
squid.conf.documented).

  /kinkie

On Wed, Sep 16, 2009 at 4:39 PM, Banyan He <banyan_at_rootong.com> wrote:
> I've no ideas about the logging facility. But actually, you can try "squid
> -k retate" with logrotate program.
>
> Regards,
>
> --
> Banyan He
> Network & System Security Infrastructure
> Mail: banyan_at_rootong.com
> Blog: http://www.rootong.com/blog
> LinkedIn: http://www.linkedin.com/in/banyanhe
> Website: http://www.rootong.com
>
>
>> From: sandiphw <sandiphw_at_hotmail.com>
>> Date: Wed, 16 Sep 2009 06:39:50 -0700 (PDT)
>> To: <squid-users_at_squid-cache.org>
>> Subject: [squid-users] Information flodded in logfiles
>>
>>
>>
>> Recently I found that logfiles are flooding with informations like
>>
>> access.log
>>
>> 1253094090.451      0 192.168.42.30 TCP_DENIED/407 1725 OPTIONS
>> http://ab-desktop/ - NONE/- text/html
>> 1253094090.675      0 192.168.42.30 TCP_DENIED/407 1725 OPTIONS
>> http://ab-desktop/ - NONE/- text/html
>> 1253094090.728      0 192.168.42.30 TCP_DENIED/407 1725 OPTIONS
>> http://ab-desktop/ - NONE/- text/html
>> 1253094090.791      0 192.168.42.30 TCP_DENIED/407 1725 OPTIONS
>> http://ab-desktop/ - NONE/- text/html
>> 1253094090.853      0 192.168.42.30 TCP_DENIED/407 1725 OPTIONS
>> http://ab-desktop/ - NONE/- text/html
>> 1253094090.916      0 192.168.42.30 TCP_DENIED/407 1725 OPTIONS
>> http://ab-desktop/ - NONE/- text/html
>> 1253094090.978      0 192.168.42.30 TCP_DENIED/407 1725 OPTIONS
>> http://ab-desktop/ - NONE/- text/html
>> 1253094091.041      0 192.168.42.30 TCP_DENIED/407 1725 OPTIONS
>> http://ab-desktop/ - NONE/- text/html
>> 1253094091.104      0 192.168.42.30 TCP_DENIED/407 1725 OPTIONS
>> http://ab-desktop/ - NONE/- text/html
>> 1253094091.166      0 192.168.42.30 TCP_DENIED/407 1725 OPTIONS
>> http://ab-desktop/ - NONE/- text/html
>> 1253094091.214   2365 192.168.40.251 TCP_DENIED/407 1834 GET
>> http://swupmf.adobe.com/manifest/60/win/AdobeUpdater.upd uc NONE/- text/html
>> 1253094091.228      0 192.168.42.30 TCP_DENIED/407 1725 OPTIONS
>> http://ab-desktop/ - NONE/- text/html
>> 1253094091.291      0 192.168.42.30 TCP_DENIED/407 1725 OPTIONS
>> http://ab-desktop/ - NONE/- text/html
>> 1253094091.297   2362 192.168.41.158 TCP_DENIED/407 1834 GET
>>
>> store.log
>>
>> 1253094091.353 RELEASE -1 FFFFFFFF C22A6119C402EA74195B01ECBBCB178E  407
>> 1253094091         0 1253094091 text/html 1281/1663 OPTIONS
>> http://ab-desktop/
>> 1253094091.416 RELEASE -1 FFFFFFFF 7EFAAFD1B02BF3BE93C9E7B6FADB8DA5  407
>> 1253094091         0 1253094091 text/html 1281/1663 OPTIONS
>> http://ab-desktop/
>> 1253094091.479 RELEASE -1 FFFFFFFF 319EE692DFCB0B34FD454660195B3F7E  407
>> 1253094091         0 1253094091 text/html 1281/1663 OPTIONS
>> http://ab-desktop/
>> 1253094091.541 RELEASE -1 FFFFFFFF 09676C7ACB16372E01BE2CC091E32AEC  407
>> 1253094091         0 1253094091 text/html 1281/1663 OPTIONS
>> http://ab-desktop/
>> 1253094091.603 RELEASE -1 FFFFFFFF 5A9DA57ED86A40F79B68105608272ABD  407
>> 1253094091         0 1253094091 text/html 1281/1663 OPTIONS
>> http://ab-desktop/
>> 1253094091.666 RELEASE -1 FFFFFFFF 278CF68206B1E065B102B5C97888FBBD  407
>> 1253094091         0 1253094091 text/html 1281/1663 OPTIONS
>> http://ab-desktop/
>> 1253094091.728 RELEASE -1 FFFFFFFF BCBF8DD569006699EBF9ADD91F37B57C  407
>> 1253094091         0 1253094091 text/html 1281/1663 OPTIONS
>> http://ab-desktop/
>> 1253094091.791 RELEASE -1 FFFFFFFF E08AD5AF3E329C7DB2EDD50DC8509502  407
>> 1253094091         0 1253094091 text/html 1281/1663 OPTIONS
>> http://ab-desktop/
>> 1253094091.853 RELEASE -1 FFFFFFFF 4088B6F70F4213FF8DB0AC561865C5FB  407
>> 1253094091         0 1253094091 text/html 1281/1663 OPTIONS
>> http://ab-desktop/
>> 1253094091.916 RELEASE -1 FFFFFFFF 99D33E36EBE2F2FF7BD0117587015231  407
>> 1253094091         0 1253094091 text/html 1281/1663 OPTIONS
>> http://ab-desktop/
>> 1253094091.978 RELEASE -1 FFFFFFFF 8FCB9F138361AC4BC44763DEF42D4753  407
>> 1253094091         0 1253094091
>>
>>
>>
>> Logfiles becomes in over a GB witin 7 days and squid stops working. We need
>> to manually replaced these files with new one. debug_option is set to
>> default. How to stop these informations comming to logfiles? How can I set
>> the maximum size of logfile? Or something else creating the problem? Any
>> advise will be highly appreciated.
>>
>> SKS
>>
>>
>>
>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Information-flodded-in-logfiles-tp25472578p25472578.html
>> Sent from the Squid - Users mailing list archive at Nabble.com.
>>
>
>
> 

-- 
    /kinkie
Received on Wed Sep 16 2009 - 17:19:54 MDT

This archive was generated by hypermail 2.2.0 : Thu Sep 17 2009 - 12:00:02 MDT