Re: [squid-users] Skipping logging certain traffic in access.log?

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 29 Oct 2009 17:36:15 +1300

On Wed, 28 Oct 2009 10:26:51 -0400, "Kelly, Jack"
<Jack.Kelly_at_wsdevelopment.com> wrote:
> Hi everyone,
> I have what will probably be a pretty simple question... unfortunately I
> need to provide a few details to help explain what I'm trying to do and
> why.
>
> One of the big uses of Squid to our managers is seeing how much time
> employees are spending on the internet. To that extent, we've got Squint
> installed for analyzing our logs and generating a shiny report that does
> exactly that, and can be viewed in an html document hosted right on the
> Squid box. Works great. We also authenticate with LDAP so requests can
> be tied to user credentials in Squid. Again, works great.
>
> Here's where the minor hiccup comes in:
> I have an acl called 'passthrough' which is basically a list of
> domains/keywords/etc that the proxy server will allow requests for
> without prompting the user for their credentials. This comes in handy
> for programs that like to check for updates online, like Adobe Reader
> and iTunes. Unfortunately for my purposes, requests that go through
> unauthenticated are recorded in access.log by requestor IP address,
> which subsequently gets parsed by Squint and adds gobs of useless
> information to the report.
>
> So, my question:
> Is there any way to get Squid to exclude certain types of records from
> access.log? Or would I be better off just beefing up our PAC file to
> send these 'passthrough' requests around the proxy?
>
> On second thought, I suppose I could just write and cron a perl script
> that nukes lines containing an IP in our DHCP range right before Squint
> updates. That feels messy though :)
>
> Thanks everyone!
> Jack
>

The access_log directive accepts ACLs which map what can be logged to that
file.

You are after something like:
  access_log /foo squid !bypass

Where "squid" is the logformat (if you have your own custom one there, use
that), and "bypass" is the same ACL you use in http_access to bypass
(assuming its just one ACL fro that).

Amos
Received on Thu Oct 29 2009 - 04:36:19 MDT

This archive was generated by hypermail 2.2.0 : Thu Oct 29 2009 - 12:00:04 MDT