RE: [squid-users] NTLM effect on access.log

Would you mind to explain, what this module exactly does?

> -----Original Message-----
> From: Robert Collins [mailto:robert.collins@itdomain.com.au]
> Sent: 29 October 2001 06:02
> To: Tony Melia
> Cc: Squid Users
> Subject: Re: [squid-users] NTLM effect on access.log
>
>
> On Mon, 2001-10-29 at 09:54, Tony Melia wrote:
> > I just started using ntlm/fakeauth authentication which works great.
> > However, I ran my normal calamaris and webalizer reports on
> the logs, and
> > got really weird results. Calamaris shows almost no hits
> and webalizer said
> > my log files were unrecognisable. I can see from the
> access.log that there
> > are lots of anonymous TCP_DENIED which seem to be
> generated/required by
> > fakeauth, followed by a successful log with the username recorded.
>
> The extra TCP_DENIED's are microsoft's wonderful legacy. We've
> considered filterting them out, but until we can be sure there is no
> lost information of a useful nature, tjey will remain.
>
> > Is there a grep/other filter I can run my access.log
> through to 'fix' it so
> > I can still use standard squid reporting tools? I still
> need to have access
> > to access.log with the username intact. What do other ntlm
> users use to get
> > stats on?
>
> The username is escaped in the log file to prevent problems with
> existing tools. You'll need to see why it's breaking the tools you're
> using, and then we can look at ways to solve that.
> Rob
>
Received on Mon Oct 29 2001 - 02:05:37 MST