Hello @all,
I am using Squid 2.5.9-10sarge2 togehter with Samba 3.0.14a-3 and
realized NTLM_Auth with an w2k Domaincontroller.
Every night the squid logs are parsed to user statistics with sarg:
http://sarg.sourceforge.net/
First Problem:
When using NTLM_AUTH and a user wants to access the internet squid first
returns "Authentification required", the user then sends only his
usercredential, squid again returns "Authentification required" , the
user sends his user- and domaincredentials and finally can access the
internet:
(...)
1129272288.978 0 XXX.YYY.172.0 TCP_DENIED/407 1900 GET
http://www.manager-magazin.de/img/0,1020,513338,00.jpg - NONE/-
text/html
1129272288.995 4 XXX.YYY.172.0 TCP_DENIED/407 1904 GET
http://www.manager-magazin.de/img/0,1020,513338,00.jpg - NONE/-
text/html
1129272288.996 1 XXX.YYY.172.0 TCP_DENIED/407 1900 GET
http://www.manager-magazin.de/img/0,1020,495700,00.jpg - NONE/-
text/html
1129272289.008 4 XXX.YYY.172.0 TCP_DENIED/407 1904 GET
http://www.manager-magazin.de/img/0,1020,495700,00.jpg - NONE/-
text/html
1129272289.283 287 XXX.YYY.172.0 TCP_MISS/200 6727 GET
http://www.manager-magazin.de/img/0,1020,513338,00.jpg exampleuser
FIRST_UP_PARENT/XXX.YYY.172.4 image/jpeg
1129272289.293 283 XXX.YYY.172.0 TCP_MISS/200 7464 GET
http://www.manager-magazin.de/img/0,1020,495700,00.jpg exampleuser
FIRST_UP_PARENT/XXX.YYY.172.4 image/jpeg
(...)
So the syntax is this: time elapsed remotehost code/status bytes method
URL rfc931 peerstatus/peerhost type
Let us say the user "exampleuser" has the IP "XXX.YYY.172.66".
I do not understand why XXX.YYY.172.0 is logged insted of XXX.YYY.172.66
My first thought was that the option "client_netmask" in
/etc/squid/squid.conf was set in a wrong way but it is:
"client_netmask 255.255.255.255" so that squid should log the whole IP,
right?
Greets from germany,
Daniel Halbe
Received on Fri Oct 14 2005 - 01:21:51 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:04 MST
