Re: [squid-users] Missing username on logs when using c-icap

Hi.tank you for the reply.

This is my squid version ans how it was compiled:

Squid Cache: Version 3.1.8
configure options: '--with-maxfd=8192' '--prefix=/usr'
'--libdir=/usr/lib64' '--sysconfdir=/etc/squid'
'--localstatedir=/var/log/squid' '--datadir=/usr/share/squid'
'--mandir=/usr/man' '--with-pthreads' '--enable-follow-x-forwarded-for'
'--enable-storeio=aufs ufs diskd' '--enable-removal-policies=lru heap'
'--enable-delay-pools' '--enable-snmp' '--enable-icap-client'
'--enable-auth=basic ntlm digest' '--enable-basic-auth-helpers=DB LDAP NCSA
MSNT SMB getpwnam' '--enable-digest-auth-helpers=ldap password'
'--enable-ntlm-auth-helpers=smb_lm' '--enable-external-acl-helpers=ip_user
ldap_group unix_group wbinfo_group' '--enable-linux-netfilter'
'--enable-async-io' '--build=x86_64-slackware-linux'
'build_alias=x86_64-slackware-linux' 'CFLAGS=-O2 -fPIC'
'CXXFLAGS=-O2 -fPIC' --with-squid=/tmp/SBo/squid-3.1.8

Here is it´s configuration:

auth_param basic program /usr/libexec/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching: SEU ACESSO ESTA SENDO MONITORADO
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl localhost src ::1/128
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl to_localhost dst ::1/128
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl SEARCH method SEARCH
acl FTP proto FTP
...
# Local ACLs
acl PURGE method PURGE
acl password proxy_auth REQUIRED
acl localnet src 172.31.0.0/24
...
acl MULTIMEDIA rep_mime_type -i ^(audio\/x-mpegurl|audio\/mpeg)$
acl MULTIMEDIA rep_mime_type -i ^(video\/flv|video\/x-flvs)$
acl MULTIMEDIA rep_mime_type -i
^(application\/x-shockwave-flash||application\/ogg)$
acl MULTIMEDIA rep_mime_type -i ^(audio\/ogg|video\/ogg)$
...
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow PURGE localhost
http_access deny PURGE
http_access allow localnet password
http_access deny all
http_port 3128
hierarchy_stoplist cgi-bin ?
cache_dir ufs /var/cache/squid/ 1000 16 256
access_log /var/log/squid/access.log squid
icap_log /var/log/squid/icap_access.log
cache_store_log none
logfile_rotate 0
pid_filename /var/run/squid/squid.pid
cache_log /var/log/squid/cache.log
coredump_dir /var/log/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_header X-Authenticated-User
icap_service service_av_req reqmod_precache bypass=1
icap://localhost:1344/srv_clamav
icap_service service_av_resp respmod_precache bypass=1
icap://localhost:1344/srv_clamav
icap_service service_url_check_req reqmod_precache bypass=1
icap://localhost:1344/url_check
adaptation_access service_av_resp deny MULTIMEDIA
adaptation_access service_av_resp allow all
adaptation_service_chain REQ_CHAIN service_url_check_req service_av_req
adaptation_access REQ_CHAIN deny MULTIMEDIA
adaptation_access REQ_CHAIN allow all:

The only change made from the normal operation mod to the use of c-icap was
to add the icap configuration and services.

Regards.
Carlos Xavier.

----- Original Message -----
From: "Amos Jeffries" <squid3_at_treenet.co.nz>
To: <squid-users_at_squid-cache.org>
Sent: Wednesday, October 20, 2010 12:46 AM
Subject: Re: [squid-users] Missing username on logs when using c-icap

> On Tue, 19 Oct 2010 15:45:56 -0200, "Carlos Xavier"
> <cbastos_at_connection.com.br> wrote:
>> Hi.
>> We use SARG to generate some statistical data and also to have some
>> control
>> where our authenticated users are going. This control are based on the
>> username on the squid access log.
>> Now we started to use c-icap to check for virus and check the url. Since
>
>> then the username of the users doing the request are not showing on the
>
>> logs anymore .
>> Is there a way to force squid to output the username on the log?
>>
>> Here are the log entry withouc c-icap
>> 1287458110.628 282 187.15.127.198 TCP_MISS/200 13196 GET
>> http://www.squid-cache.org.br/templates/mambodefault/images/banner3.swf
>> avg
>> DIRECT/216.59.16.196 application/x-shockwave-flash
>>
>> Adn the same access done using c-icap
>> 1287510188.937 6549 187.15.127.198 TCP_HIT/200 13207 GET
>> http://www.squid-cache.org.br/templates/mambodefault/images/banner3.swf
> -
>> NONE/- application/x-shockwave-flash
>>
>
> Squid version? configuration?
>
> Amos
>
Received on Wed Oct 20 2010 - 04:26:28 MDT