Hi Sirs,

Im using Debian ETCH as a proxy server here in our SOHO. I'd like to know how to set the squid logs to also show the client's names requesting the url and their IP address.

As of now, when I type in tail -f /var/log/squid/access.log it only shows the URLs.

Second, I would also like to know how long the logs are kept in the server like what is the default time. Somehow, it seems like it only shows the last 30 min logs of a single user.

How do I also edit this to show at least all of the logs for a number of days.

Any help would be appreciated

thanks

You should take a look here to see how you can customize the squid logformat.
The logs are kept as long as you don't run:
. If you have only 30min logs, that means that there is a cronjob that rotate the logs every half an hour.

Hi bathory,

thanks for the reply.

I tried to turn emulate_httpd_log on and tried to enable each of the logformat like combine and common, and lastly the option log_ip_on_direct to on, still I get the same format of logs which really does not show me the IP address and time.

the format is like this:

1234884806.156 25697 127.0.0.1 TCP_MISS/200 418 GET http://mail.google.com/mail/channel/...gm8-c3ui5e&t=1 - DIRECT/209.85.143.83 text/plain
1234884809.969 626 127.0.0.1 TCP_MISS/200 1638 POST http://www.mmorpg.com/ajax/tools.cfc...=1234884732035 - DIRECT/216.168.135.100 text/html

hope u can help me out.

I really appreciate it

If you want the date and time to be in a readable format, use %tl. In my squid.conf I use:
The Ip is the Ip of the client, in your case localhost. You can use %>A to have the fqdn of the client.

thanks for the help sir!

I can see the time now. just one more question, what do i need to do for it to show the exact IP address of the client instead of localhost?

on squid.conf change the value of the client_netmask 255.255.255.255/255.255.255.0

@slacker_me
Use another box to test squid, so you'll the IP of that box

@yoh101
I guess that the OP just sees localhost because he uses the same box running squid to test
The default "client_netmask 255.255.255.255" should display the whole IP of the client, while "client_netmask 255.255.255.0" will replace the last octet with "0".

Hi

thanks for all the help

sorry for being quite dumb in asking this but im not really sure wat you mean by using another box to test squid.

My squid box is also a dhcp server so i know all of the ip addresses of each of the clients passing through squid.

However, all just shows localhost in the logs instead of their ips.

thanks and i really appreciate it.

I thought that you're checking squid from the computer running squid. It seems that the same box runs except from squid and dhcpd, a firewall that masquerades the LAN IPs.
You can turn of masquerading and see if it works.

Regards

thanks bathory! i'll try this

In addition to this, wouldnt it be much easier to have logs display the client's username? have you tried this? coz i think im sure i was able to include the options UL and UN in my logformat but it does not show it still. is this still affected by masquerade in iptables?

any thoughts?

thanks

This can be done only if you use some kind of authentication for your clients to use squid.

nice catch bathory need those info thanks