11.03.2017 3:47, Yosi Greenfield пишет:
> Gentlemen,
>
> Thanks Antony. Yes, we are accounting for everything else. I'm
> talking about port 3128 and 3129 only.
>
> Any other traffic is being tracked both by netflow and tcpdump and
> they match. What does not match is 3128/9 and squid log.
It
11.03.2017 3:43, Antony Stone пишет:
> On Friday 10 March 2017 at 22:33:44, Yuri Voinov wrote:
>
>> We have not seen the network topology and the full configuration of
>> network devices - what are we arguing about and guessing about?
> Nobody is arguing, and we are guessing so that we might be
Gentlemen,
Thanks Antony. Yes, we are accounting for everything else. I'm
talking about port 3128 and 3129 only.
Any other traffic is being tracked both by netflow and tcpdump and
they match. What does not match is 3128/9 and squid log.
I'll report back after the weekend if the discrepancy is
On Friday 10 March 2017 at 22:33:44, Yuri Voinov wrote:
> We have not seen the network topology and the full configuration of
> network devices - what are we arguing about and guessing about?
Nobody is arguing, and we are guessing so that we might be helpful to Yosi who
asked the question.
According to the above, NetFlow will always show much more traffic than
the SQUID. This is obvious and there is nothing to discuss here. If this
is not clear to someone, put a collector that collects statistics at the
data link level and compare the counters. I'm not just talking about
TCP, Alex.
On Friday 10 March 2017 at 22:22:59, Yuri Voinov wrote:
> Of course, there is no stream video from security cams, no voice IP, no
> SIP, no torrents, no RDP, no other protocol. They simple does not exists
> and we're all believe that's all not above over 1% of overall traffic.
> Yes. Sure.
Think of one simple thing. Squid does not see and can not see protocols
that do not support. What do you expect from it? Does it work on L1/L2?
No? Then what is the discussion about?
11.03.2017 3:22, Yuri Voinov пишет:
> Of course, there is no stream video from security cams, no voice IP, no
>
Of course, there is no stream video from security cams, no voice IP, no
SIP, no torrents, no RDP, no other protocol. They simple does not exists
and we're all believe that's all not above over 1% of overall traffic.
Yes. Sure. Really.
Only web-surfing :) Sure :)
11.03.2017 3:19, Yuri Voinov
11.03.2017 2:57, Antony Stone пишет:
> On Friday 10 March 2017 at 21:50:19, Yuri Voinov wrote:
>
>> Gentlemen, and it never occurred to you that there are other types of
>> traffic besides HTTP / HTTPS, right?
>>
>> DNS, ICMP, other protocols?
> I'm assuming Yosi has been measuring only TCP
On Friday 10 March 2017 at 21:50:19, Yuri Voinov wrote:
> Gentlemen, and it never occurred to you that there are other types of
> traffic besides HTTP / HTTPS, right?
>
> DNS, ICMP, other protocols?
I'm assuming Yosi has been measuring only TCP traffic, but even if he's been
measuring
On 03/10/2017 01:37 PM, Marcus Kool wrote:
> Squid has no idea how many bytes go through the (HTTPS) tunnels.
Actually, Squid knows the number of raw (encrypted) TCP payload bytes
inside a tunnel and should log that.
Squid also knows and logs the number of HTTP (decrypted) bytes if the
SSL
Gentlemen, and it never occurred to you that there are other types of
traffic besides HTTP / HTTPS, right?
DNS, ICMP, other protocols?
11.03.2017 2:44, Yosi Greenfield пишет:
> Aha! That could be it. I use sslbump, but not for all users. I'll
> check that out, although I think that it's a
Aha! That could be it. I use sslbump, but not for all users. I'll
check that out, although I think that it's a problem even for bumped
users. Even for bumped users we don't bump all sites, so that really
could be it.
Thanks!
-Original Message-
From: squid-users
On 10/03/17 16:27, Yosi Greenfield wrote:
Thanks!
Netflow is much larger.
I really want to know exactly what site is costing my users data. Many of
our users are on metered connections and are paying for overage, but I can't
tell where that overage is being used. Are they using youtube,
Thanks!
Netflow is much larger.
I really want to know exactly what site is costing my users data. Many of
our users are on metered connections and are paying for overage, but I can't
tell where that overage is being used. Are they using youtube, webmail,
wetransfer? I see only a fraction of
On Friday 10 March 2017 at 20:14:36, Yosi Greenfield wrote:
> Hello all,
>
> I'm analyzing my squid logs with sarg, and I see that the number of
> bytes reported as used by any particular user are often nowhere
> near the bytes reported by netflow and tcpdump.
Which is larger?
> I'm trying to
Hello,
as I have already noted in other thread, I seem to have memory leak in squid
3.4.8 (debian 8 jessie) version, only memory cache used now.
Looking at cacti graphs, seems that memory usage grows by half-hour or hour
jumps. Is there any job done periodically in squid?
and if there's
On 03/10/2017 02:38 AM, Matus UHLAR - fantomas wrote:
>> On 03/09/2017 10:24 AM, Matus UHLAR - fantomas wrote:
>>> is running aufs with rock store and safe, when not running with "-N"?
>
> On 09.03.17 11:02, Alex Rousskov wrote:
>> Running AUFS in SMP mode is unsafe by default but some admins use
Just to add that one of my current test labs of squid is a combination of:
1 haproxy as balancer(or a custom LB I wrote)
2+ squid instances with the proxy protocol enabled and each has it's own
ufs\aufs cache_dir
The idea was to verify if it would be possible to let different instances
Hello all,
There is another way (not better but another) that does not require you do join
squid machines to domain: Map proxy SPN to a designated user. I describe this
at
https://docs.diladele.com/administrator_guide_4_9/active_directory/create_user/index.html
Pros - have one user that can
Are the browsing machines domain joined?
If so and you are just talking about joining the squid proxies to the domains
for auth delegation to the dcs this is greatly simplified with realmd now.
Could probably be scripted quite easily.
-Original Message-
From: squid-users
Kerberos is on the wishlist for very long.
one reason was: the setup is a bit complicated and we do have 150 proxies in
our subsidiaries. so we need 150 different Kerberos setups with 150 trusts and
tickets and certificates etc. so we work on this to have it someday replaced...
thanxs
>
we have tried with "auth_param ntlm keep_alive off", but both with on/off it
does not make a difference.
seems realy to be connected to patch level and installed patches on windows 10.
> -Ursprüngliche Nachricht-
> Von: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] Im
>
On 03/09/2017 10:24 AM, Matus UHLAR - fantomas wrote:
is running aufs with rock store and safe, when not running with "-N"?
On 09.03.17 11:02, Alex Rousskov wrote:
Running AUFS in SMP mode is unsafe by default but some admins use
configuration hacks to make it work for them. Primary Store
On 10/03/2017 6:36 a.m., Matus UHLAR - fantomas wrote:
does it have sense to run pinger without having cache peers configured?
if I get the "Network DB Statistics:" output properly, it seems that 33% of
hosts is unreachable.
On 10.03.17 08:33, Amos Jeffries wrote:
The code using it is called
25 matches
Mail list logo
