Latest LQ Deal: Linux Power User Bundle
Go Back > Forums > Linux Forums > Linux - General
User Name
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.


  Search this Thread
Old 04-29-2013, 01:09 PM   #1
LQ Newbie
Registered: Jan 2010
Posts: 10

Rep: Reputation: 1
Squid and SARG: odd URLs listed on reports for just one machine

Hopefully im posting in the right forum so here goes:

Ive setup a proxy server at home which runs SARG (squid reports) one of the machines is showing some odd stuff in the URLs on the reports that the other machines dont. Typically you'll see "" under the list of visited sites. For this machine we often see some strange random URLs, in fact they dont look anything like URLs just random text, for example:

uanchzqfjy 1 258 0.00% 0.00% 100.00% 00:00:00 146 0.00%
trmsiclhwr 1 258 0.00% 0.00% 100.00% 00:00:00 151 0.00%
tnpwxxkcpz 1 258 0.00% 0.00% 100.00% 00:00:00 154 0.00%
tkpwlgxqds 1 258 0.00% 0.00% 100.00% 00:00:00 147 0.00%

I doubt if its a SARG or Squid problem since the other machines dont show this. Its a windows 8 machine and there is another windows 8 machine too that doesn't show the same output. We also have other devices like tablets and phones which also dont show the same.

Im wondering perhaps its some odd process on the machine thats causing this. I won't rule out malware either since the user of this machine is prone to downloading software and playing a lot of games :-)
Old 04-30-2013, 11:35 AM   #2
Registered: Jan 2010
Distribution: Debian, Centos, Ubuntu, Slackware
Posts: 361
Blog Entries: 3

Rep: Reputation: 48
Originally Posted by moody_mark View Post
I doubt if its a SARG or Squid problem
Search for this line in squid access.log file. It's a good starting point.
Old 05-01-2013, 06:32 AM   #3
LQ Newbie
Registered: Jan 2010
Posts: 10

Original Poster
Rep: Reputation: 1
I see entries like this in the squid access logs but I'm pretty sure this is open DNS resolving to some default IP. The server is configured with openDns

1367392007.452    155 TCP_MISS/400 258 HEAD http://fqypzlbphd/ - DIRECT/ text/html
1367392007.575    278 TCP_MISS/400 258 HEAD http://sdfngxhtls/ - DIRECT/ text/html
Old 05-09-2013, 02:40 PM   #4
LQ Newbie
Registered: Jan 2010
Posts: 10

Original Poster
Rep: Reputation: 1
I contacted OpenDns and they say this:

Quote: is actually the server we have that responds when people make requests to non-existent domain...Any domain that is looked up on a network with OpenDNS but does not exist will get responses from that server...You can disable NX Domain Redirection in your settings.
So useful info there. OpenDns were really helpful but obviously could not tell me why these odd URLs were appearing, this is something on the machine itself


sarg, squid, ubuntu

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sarg Reports UberRogue Linux - Server 1 03-30-2013 09:00 AM
Install Sarg to monitor Squid not success. Cannot see sarg.conf file !!! Help me. ducloiag Linux - Networking 2 11-30-2010 08:32 PM
Sarg+Squid reports best practices markotitel Linux - Server 0 09-14-2010 03:49 AM
Squid Logs Reports with SARG kendrick Linux - Software 0 03-31-2008 08:51 AM
SARG not generating scheduled reports from Squid symesd Linux - Software 0 11-01-2007 04:52 PM > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 07:41 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration