mån 2006-03-20 klockan 12:55 -0600 skrev Scott:
> me the name of the acl and not the word withing the file. By setting the
> debugging to full(9) it can see what word is blocked as it logs all the
> words in the blocking list until it finds a match, but I don't really need
> it
> to be logging that much information as it is hard to pinpoint. It is
> possible to somehow have it identify what word withing the acl list that is
> being matched.
Only by extending the source with this function. Not hard, but still..
in aclMatchRegex, add just before the return 1; line
debug(28, 2) ("aclMatchRegex: match '%s' found in '%s'\n", data->pattern, word);
and enable debug section 28 level 2.
debug_option ALL,1 28,9
> If I could get a log file that had the machine's IP address,
> and the word being blocked that is all I would want.
This would require a bit more work. The IP or even request is not known
at this level. But you should be able to deduce this by combining
access.log TCP_DENIED with the debug output from cache.log using the
timestamp as key..
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:04 MST