I'm glad you were able to use that information. I thought I might share another tip or two that I've found to be helpful:
When testing and debugging your squidGuard.conf file it helps to verify the information that squidGuard is receiving from Squid. As mentioned below, that information is available in squid's access.log. (On a RH 7.1 system: /var/log/squid/access.log) That would seem simple enough, but squid's access.log is not the easiest place to look for information. Several factors make it difficult to find specific records in access.log: - The records are long and some viewers wrap the records on your screen - Just a handful of users will add records to access.log at a brisk pace - The time field on the records is not "human-readable", giving almost no point of reference Here's a couple of tips to help you get the information you need out of access.log: - If your results are reproducible, don't look for old data, create new data. Type 'tail /var/log/squid/access.log' in a terminal window, but don't hit enter. Run your test from a browser and immediately hit enter on the 'tail ...' command. The transaction you need should be on the screen. - If you'd rather work with a file than reading the screen, change your tail command to 'tail /var/log/squid/access.log > test1-results' - To convert the time field into "people" format: 'perl -pe 's/(\d+\.\d+)/localtime $1/e' test1-results > test1-time' - If you need more data, you can pull the information from access.log and create an off-line working file. If all of your tests were from 192.168.0.5 for example, you could pull all of that data from access.log with: 'cat /var/log/squid/access.log | grep ' 192.168.0.5 ' > mydata' - You could of course then convert the times with: 'perl -pe 's/(\d+\.\d+)/localtime $1/e' mydata > mydata-time' I hope you find this information useful. Rick > -----Original Message----- > From: Mark Fardal [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, February 19, 2003 10:45 PM > To: Rick Matthews > Subject: [EMAIL PROTECTED] > > > > > You can look in squid's access.log and see the information that > > was sent to squidGuard: > > > > ----- record from access.log ----- > > 1045713788.227 636 192.168.44.3 TCP_MISS/200 22280 GET \ > > http://my.yahoo.com/?myHome rick DIRECT/64.58.77.197 text/html > > ----- end of record --------- > > > > The information is sent to squidGuard in this format: > > http://my.yahoo.com/?myHome 192.168.44.3/- rick GET > > > > squidGuard takes the 192.168.44.3 and matches me with the 'office' > > source group in my configuration file. > > Very helpful! It is sending 127.0.0.1, and using that in the ip > address rule makes it use that source. Now time rules work, at > least the way I have it set up now. > > > Using "User" requires running ident on all of your clients. > I saw the comment about ident/RFC-931 in the config documentation. > Maybe someone could translate it from the original Geek. > > > Are you running squid in transparent mode? In squid.conf, what is > > the value of client_netmask? > it's unchanged...what is transparent mode? > #Default: > # client_netmask 255.255.255.255 > > thanks, > Mark > >
