Re: [squid-users] Squid and Mirrored Router Ports

From: Edward C. Jakosalem <list@dont-contact.us>
Date: Wed, 18 Apr 2007 00:00:47 +1000 (EST)

> Hi,
>
> Edward C. Jakosalem wrote:
>>> tis 2007-04-17 klockan 20:55 +1000 skrev Edward C. Jakosalem:
>>>
>>>> I have posted this same problem before but I want to post it again
>>>> because
>>>> I am pressured to make this work with Squid. I know that Squid's use
>>>> is
>>>> either an accelerator or proxy or both. But we want Squid to _only_
>>>> capture web traffic and log them, that's all. As such, I have
>>>> configured
>>>> my server to act as transparent proxy.
>>> I don't quite get what you are trying to do here.. Do you want Squid to
>>> act as a transparent proxy by intercepting port 80 traffic and have it
>>> redirected to Squid, or do you just want to audit the port 80 traffic
>>> without actually touching the packets by just listening on a switch
>>> mirror/monitor port?
>>
>> I actully just need squid to act as transparent proxy so I can log
>> traffic. I don't care how squid will do this, I just need the logs. And
>> the reason why we use the mirrored port is that we don't want browsing
>> affected in case this server goes down.
>
> So you want Squid to be in the path but don't want it to affect anything
> if it goes down? That can't be done, unless you can use WCCP to ignore
> it if it's down. Never played with WCCP so I don't know if it's
> possible. I've always 'done the right thing' and told my browsers about
> the proxy!
>
>
>>> The first can be done by Squid, and any of the interception methods
>>> will
>>> work. WCCP, Policy routing etc..
>>>
>>> The second is not a job for Squid. You need a packet analyzer/auditor
>>> for this. There is quite many different ones depending on what you are
>>> looking for..
>>
>> We specifically need the Squid log format that's why we want to make
>> this
>> work with squid. My boss doesn't want it any other way. :-(
>
> Why must he have Squid format logs? What's his business reason for
> having to have them in that format?

I honestly don't know. But the aim is to have a record of our customers'
browsing activities and retain the logs for 6 months.

>
> Squid is probably the wrong tool for the job and won't work how you've
> got it set up now so why not look around at other tools that are
> designed for the job?

I already did and told him that. I actually have a program called _packit_
up and running. I also found some other useful ones as well. But
management said Squid can do it and if I can't make it to work, they will
seek help from someone who knows how to. Hey, what's a lowly employee like
me to do? :-(

>
> HTH,
>
>
> Neil.

Anyway, I will accept all suggestions coming my way. Who knows, it might
actually work at all?

Thanks Neil.
>
> --
> Neil Hillard neil.hillard@agustawestland.com
> AgustaWestland http://www.whl.co.uk/
>
> Disclaimer: This message does not necessarily reflect the
> views of Westland Helicopters Ltd.
>
Received on Tue Apr 17 2007 - 08:00:53 MDT

This archive was generated by hypermail pre-2.1.9 : Tue May 01 2007 - 12:00:01 MDT