mån 2006-03-20 klockan 12:55 -0600 skrev Scott: > me the name of the acl and not the word withing the file. By setting the > debugging to full(9) it can see what word is blocked as it logs all the > words in the blocking list until it finds a match, but I don't really need > it > to be logging that much information as it is hard to pinpoint. It is > possible to somehow have it identify what word withing the acl list that is > being matched.
Only by extending the source with this function. Not hard, but still..
in aclMatchRegex, add just before the return 1; line
debug(28, 2) ("aclMatchRegex: match '%s' found in '%s'\n",
data->pattern, word);
and enable debug section 28 level 2.
debug_option ALL,1 28,9
> If I could get a log file that had the machine's IP address,
> and the word being blocked that is all I would want.
This would require a bit more work. The IP or even request is not known
at this level. But you should be able to deduce this by combining
access.log TCP_DENIED with the debug output from cache.log using the
timestamp as key..
Regards
Henrik
signature.asc
Description: Detta är en digitalt signerad meddelandedel
