Hello, Bellow is the message that I retrieve from logstash. We use logstash as our logging system. Now, I do add tags to log messages in log stash. I believe the %st is my size right?
Apr 14 01:31:13 Proxy-SI-1 (squid-2): Proxy-SI-1 1460611873.853 0 2 10.88.14.225 TCP_DENIED_ABORTED 301 2147480505 535 2147479970 POST 1.0 text/html - - - - 3128 - [Mozilla/4.0 (compatible; MSIE 5.5; Win32)] [-] sq_err:[301 Access Denied] c_hdr:[Accept: */*\r\nContent-Type: application/octet-stream\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Win32)\r\nUserAgent: blugro3relay.groove.microsoft.com\r\nContent-Length: 2147479552\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nExpires: 0\r\nCache-Control: max-age=0\r\n] s_hdr:[HTTP/1.1 301 Moved Permanently\r\nServer: squid/3.4.13\r\nMime-Version: 1.0\r\nDate: Thu, 14 Apr 2016 05:31:13 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nLocation: http://blockmessage.palmbeach.k12.fl.us/block_message.php?clientaddr=10.88.14.225&clientname=-&clientuser=-&clientgroup=SDPBC-Network&targetgroup=Blacklist&url=HTTP://blugro3relay.groove.microsoft.com\r\nX-Squid-Error: 301 Access Denied\r\n\r] Here is the custom syslog from the config logformat custom Proxy-SI-1 %ts.%tu %dt %tr %>a %Ss %03Hs %st %<st %>st %rm %rv %mt %[un %<A %<a %<p %>lp %{Referer}>h [%{User-Agent}>h\ ] [%{Host}>h] sq_err:[%{X-Squid-Error}<h] c_hdr:[%>h] s_hdr:[%<h] On Fri, Apr 15, 2016 at 12:57 AM, Jason Haar <jason_h...@trimble.com> wrote: > If you are blocking it, then it can't be uploading 2G? How are you > measuring that it uploads 2G? Did you change squid's logging to support > that (it doesn't log upload sizes - only download sizes by default). Are > you simply referring to the Content-Length header - as that would say 2G - > even if the upload is then blocked. > > On Fri, Apr 15, 2016 at 4:04 PM, Michael Pelletier < > michael.pellet...@palmbeachschools.org> wrote: > >> I am blocking grove.microsoft.com. Even though I am blocking it, I am >> seeing large, 2 Gig, uploads from the client to the proxy (which indeed >> blocks it). It is almost like the connection request (explicit) contains >> the 2 gig post request. Why is this happening? Has anyone seen this? >> >> >> Michael >> >> *Disclaimer: *Under Florida law, e-mail addresses are public records. If >> you do not want your e-mail address released in response to a public >> records request, do not send electronic mail to this entity. Instead, >> contact this office by phone or in writing. >> >> >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users >> >> > > > -- > Cheers > > Jason Haar > Information Security Manager, Trimble Navigation Ltd. > Phone: +1 408 481 8171 > PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > > -- *Disclaimer: *Under Florida law, e-mail addresses are public records. If you do not want your e-mail address released in response to a public records request, do not send electronic mail to this entity. Instead, contact this office by phone or in writing.
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
