On 20/07/2013 2:04 p.m., Amm wrote:
> Hello,
>
> Squid already has option to log FULL query. i.e strip_query_terms off.
>
> I would like to know is there any way to log FULL query only for particular acl?
Not in the existing Squid.
It could be added fairly easily, but the utility of doing it is very
small. The major gain from stripping such terms is to protect stupid
security systems which do things like place credentials or users private
details in the query-string portion of URLs.
> I am asking this because, I do not want log file to get full by recording everything, just wanted queries recorded for few cases.
If you are worried about query-string filling logs then you have bigger
problems. A simple flood of rejected requests could dump far more
content into your logs than query-strings on normal traffic do.
If this is an actual problem I suggest looking at making yourself a
daemon helper, you can do anything you like with the log lines in the
daemon. Our squid-3.3 daemon does some basic checks on file size and
rotates the logs if they get too big, in addition to the squid-requested
rotations.
Or one of the other network I/O logging modules can send logs to a
machine with more space available.
Amos
Received on Sun Jul 21 2013 - 05:05:51 MDT
This archive was generated by hypermail 2.2.0 : Sun Jul 21 2013 - 12:00:05 MDT