Ping a Specific Port

Question

wrieedx

Asked: 2015-06-17 21:01:53 +0800 CST2015-06-17 21:01:53 +0800 CST 2015-06-17 21:01:53 +0800 CST

How to log only certain result/status codes with Squid?

772

By default Squid logs all access information including 'successes' and 'failures'. I'm interested in logging only 'failures'. In other words, I want to do something like log only Squid DENIED result codes, or, alternatively, don't log successful HTTP transactions. Regardless of how I define 'success' and 'failure', I need to be able to define more specifically what sort of access information Squid will write to the log file. Does anybody know how to do this?

1 Answers

Voted

Hard-Format · Answer 1 · 2015-09-11T17:47:15+08:00

You can achieve this functionality with ACLs, though there are some tricks to it.

The main trick is to make sure that you don't accidentally check binary connections for http_status codes. Squid never sees status codes for binary connections and will throw a warning in cache.log for binary connection it sees if you mess this up.

Here is a sample config that will write all http success and redirections as well as all binary connections that finish opening a socket (we don't have success/failure visibility beyond that) to success.log, and all http failure codes and binary connections that fail to open a socket to failure.log.

acl CONNECT method CONNECT

# http status codes (http://wiki.squid-cache.org/SquidFaq/SquidLogs)
acl success_codes http_status 100-199 # informational
acl success_codes http_status 200-299 # successful transactions
acl success_codes http_status 300-399 # redirection

acl failure_codes http_status 400-499 # client error
acl failure_codes http_status 500-599 # server error

acl success_hier hier_code HIER_DIRECT
acl failure_hier hier_code HIER_NONE

acl failure all-of CONNECT failure_hier
acl failure all-of !CONNECT failure_codes

acl success all-of CONNECT success_hier
acl success all-of !CONNECT success_codes

access_log stdio:/usr/local/squid/var/logs/success.log logformat=squid success
access_log stdio:/usr/local/squid/var/logs/failure.log logformat=squid failure

The problem with this config is that it disables the default log file and will not log anything that doesn't match one of those two ACLs. Now, I'm pretty confident that I've written my ACLs well and that I've accounted for all possibilities, but this would still make me nervous, so you might want to add another log file just to catch anything that happens to miss both ACLs

access_log stdio:/usr/local/squid/var/logs/unknown.log logformat=squid !success !failure

Or you can just define success and set failure to !success

acl CONNECT method CONNECT

# http status codes (http://wiki.squid-cache.org/SquidFaq/SquidLogs)
acl success_codes http_status 100-199 # informational
acl success_codes http_status 200-299 # successful transactions
acl success_codes http_status 300-399 # redirection

acl success_hier hier_code HIER_DIRECT
acl failure_hier hier_code HIER_NONE

acl success all-of CONNECT success_hier
acl success all-of !CONNECT success_codes

access_log stdio:/usr/local/squid/var/logs/success.log logformat=squid success
access_log stdio:/usr/local/squid/var/logs/failure.log logformat=squid !success

How to log only certain result/status codes with Squid?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?