LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 09-25-2005, 10:27 PM   #1
mizard
LQ Newbie
 
Registered: Sep 2005
Posts: 3

Rep: Reputation: 0
access.log (squid) file, adding Logins


Hello! This is my first post here.
Sorry for my English.

I need your help, guys.

My access.log (squid) file contains IP's, http's etc, but I need Logins and Computer Names too.
How can I do this? How can I add these parameters?

Please, help!
 
Old 09-26-2005, 03:48 AM   #2
mizard
LQ Newbie
 
Registered: Sep 2005
Posts: 3

Original Poster
Rep: Reputation: 0
Guys, please help!
It's ordinary squid proxy server.
 
Old 09-26-2005, 05:52 AM   #3
deoren
Member
 
Registered: Oct 2003
Location: USA
Distribution: Ubuntu
Posts: 214

Rep: Reputation: 30
I don't know about your setup, but on a FC1 and a Gentoo box it logs connections from users that have authenticated via proxy_auth. In my case I use LDAP to authenticate them.

I then use sarg to process access.log and generate reports of the traffic.

Have you altered the squid config file much from the original?
 
Old 09-26-2005, 10:32 PM   #4
mizard
LQ Newbie
 
Registered: Sep 2005
Posts: 3

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by deoren
I don't know about your setup, but on a FC1 and a Gentoo box it logs connections from users that have authenticated via proxy_auth. In my case I use LDAP to authenticate them.

I then use sarg to process access.log and generate reports of the traffic.

Have you altered the squid config file much from the original?
deoren , thank you very much for your answer!
So, your squid access.log file contains and Logins and Hostnames?
If so, how you did it?
(My Linux is RHEL4)
There is a lot to edit. Can you say, what exactly you did? What kind of proxy_auth I need to use to see and Logins and Hostnames in my squid access.log file?
 
Old 09-27-2005, 07:45 AM   #5
deoren
Member
 
Registered: Oct 2003
Location: USA
Distribution: Ubuntu
Posts: 214

Rep: Reputation: 30
The very first thing I would recommend doing is getting a copy of Squid The Definitive Guide. I am reading it to help me setup an installation of squid for a small lab setting.

It's ISBN # is 0596001622. I would recommend Half.com or Amazon.com's Marketplace for a good price.

I've setup logging of hostnames in squid by searching for
Quote:
TAG: log_fqdn on|off
in squid.conf and adding
Code:
log_fqdn on
below all of the comments. As the comments say though, this may slow access speed as squid has to lookup each connecting system.

I'm likely to turn this off in the future once I research a program similar to Apache's logresolve. This will let me resolve the ip addresses before any log analyzers get a hold of it. Because squid would not be doing the dns resolution during access it would speed up requests as well.

Of course for that to work you need your nameserver (mentioned in /etc/resolv.conf of the squid box) to support ip->name lookups.

Lastly, for adding your own rules do a search for
Quote:
INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
and scroll down. In the squid.conf file for a Gentoo install the first rule after that was
Code:
http_access allow localhost
. I left it and added something like the following (different directory structure):

Code:
# Authenticate against OpenLDAP directory.  Make sure to chmod 600 the pass file
auth_param basic program /usr/lib/squid/squid_ldap_auth -b "ou=users,dc=example,dc=com" 127.0.0.1 -D uid=squidquery,ou=DSA,dc=example,dc=com -W /etc/squid/squid_query.conf -v 3
auth_param basic children 10
auth_param basic realm Squid Proxy Server
auth_param basic credentialsttl 1 hour

# Require that users authenticate in order to use Proxy
acl Authenticated proxy_auth REQUIRED
http_access allow Authenticated
Code:
man squid_ldap_auth
will tell you the different options for the ldap helper. Now you should see the login names and hostnames for your environment. As mentioned previously, resolving hostnames right before or during the log analysis phase should result in less latency for proxy requests.

Last but not least, chapter 12 covers the different helpers for proxy authentication.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Variables for Squid Access Log mephitic Linux - Software 2 07-29-2004 05:16 PM
My squid won't fill /var/log/squid/access.log linuxlah Linux - General 5 10-06-2003 10:51 PM
what log file generator that support squid log? heero82 Linux - Software 2 07-11-2003 08:52 PM
Squid access.log files davebarnes Linux - Networking 1 10-27-2002 04:05 PM
log file for past logins Hano Linux - Security 1 04-23-2002 03:55 PM


All times are GMT -5. The time now is 08:44 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration