LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 04-29-2013, 01:09 PM   #1
moody_mark
LQ Newbie
 
Registered: Jan 2010
Posts: 10

Rep: Reputation: 1
Squid and SARG: odd URLs listed on reports for just one machine


Hopefully im posting in the right forum so here goes:

Ive setup a proxy server at home which runs SARG (squid reports) one of the machines is showing some odd stuff in the URLs on the reports that the other machines dont. Typically you'll see "somedomain.com" under the list of visited sites. For this machine we often see some strange random URLs, in fact they dont look anything like URLs just random text, for example:


uanchzqfjy 1 258 0.00% 0.00% 100.00% 00:00:00 146 0.00%
trmsiclhwr 1 258 0.00% 0.00% 100.00% 00:00:00 151 0.00%
tnpwxxkcpz 1 258 0.00% 0.00% 100.00% 00:00:00 154 0.00%
tkpwlgxqds 1 258 0.00% 0.00% 100.00% 00:00:00 147 0.00%

I doubt if its a SARG or Squid problem since the other machines dont show this. Its a windows 8 machine and there is another windows 8 machine too that doesn't show the same output. We also have other devices like tablets and phones which also dont show the same.

Im wondering perhaps its some odd process on the machine thats causing this. I won't rule out malware either since the user of this machine is prone to downloading software and playing a lot of games :-)
 
Old 04-30-2013, 11:35 AM   #2
Lexus45
Member
 
Registered: Jan 2010
Location: Kurgan, Russia
Distribution: Slackware, Ubuntu
Posts: 339
Blog Entries: 3

Rep: Reputation: 47
Quote:
Originally Posted by moody_mark View Post
I doubt if its a SARG or Squid problem
Search for this line in squid access.log file. It's a good starting point.
 
Old 05-01-2013, 06:32 AM   #3
moody_mark
LQ Newbie
 
Registered: Jan 2010
Posts: 10

Original Poster
Rep: Reputation: 1
I see entries like this in the squid access logs but I'm pretty sure this is open DNS resolving to some default IP. The server is configured with openDns

Code:
1367392007.452    155 192.168.0.25 TCP_MISS/400 258 HEAD http://fqypzlbphd/ - DIRECT/67.215.65.132 text/html
1367392007.575    278 192.168.0.25 TCP_MISS/400 258 HEAD http://sdfngxhtls/ - DIRECT/67.215.65.132 text/html
 
Old 05-09-2013, 02:40 PM   #4
moody_mark
LQ Newbie
 
Registered: Jan 2010
Posts: 10

Original Poster
Rep: Reputation: 1
I contacted OpenDns and they say this:

Quote:
...hit-nxdomain.opendns.com is actually the server we have that responds when people make requests to non-existent domain...Any domain that is looked up on a network with OpenDNS but does not exist will get responses from that server...You can disable NX Domain Redirection in your settings.
So useful info there. OpenDns were really helpful but obviously could not tell me why these odd URLs were appearing, this is something on the machine itself
 
  


Reply

Tags
sarg, squid, ubuntu


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Sarg Reports UberRogue Linux - Server 1 03-30-2013 09:00 AM
Install Sarg to monitor Squid not success. Cannot see sarg.conf file !!! Help me. ducloiag Linux - Networking 2 11-30-2010 08:32 PM
Sarg+Squid reports best practices markotitel Linux - Server 0 09-14-2010 03:49 AM
Squid Logs Reports with SARG kendrick Linux - Software 0 03-31-2008 08:51 AM
SARG not generating scheduled reports from Squid symesd Linux - Software 0 11-01-2007 04:52 PM


All times are GMT -5. The time now is 01:10 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration