[squid-users] Log rotate
I want to rotate access.log by logrotate system process so I disabled rotation
in squid.conf, logfile_rotate has been set to zero; by logrotate I can compress
log files and to name them with date suffix.
But what I have to write among postrotate and endscript ? What command to send
to squid to start rotation?
It’s right to write "squid -k rotate" in postrotate section if I wanted to
manage rotation only by logrotate?
This is my /etc/logorotate.d/ file
var/log/squid/access.log {
daily
compress
rotate 365
missingok
nocreate
sharedscripts
postrotate
test ! -e /var/run/squid.pid || test ! -x /usr/sbin/squid ||
/usr/sbin/squid -k rotate 2>/dev/null
endscript
}
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Log rotate
My OS is Centos 7.
But I manage rotation by logrotate, according to your suggestions in
/etc/logrotate.d/squid, among postscript and endscript, there is written 'squid
-k rotate’ so you don’t invoke squid rotation too ?!? We have 2 rotations?
> On 7 Dec 2020, at 10:08, Matus UHLAR - fantomas wrote:
>
> On 07.12.20 09:12, sampe...@tiscali.it <mailto:sampe...@tiscali.it> wrote:
>> I want to rotate access.log by logrotate system process so I disabled
>> rotation in squid.conf, logfile_rotate has been set to zero; by logrotate
>> I can compress log files and to name them with date suffix.
>
>> But what I have to write among postrotate and endscript ? What command to
>> send to squid to start rotation?
>
>> It’s right to write "squid -k rotate" in postrotate section if I wanted to
>> manage rotation only by logrotate?
>
>
> this is very common on debian-based systems.
>
>> This is my /etc/logorotate.d/ file
>>
>> var/log/squid/access.log {
>> daily
>> compress
>> rotate 365
>> missingok
>> nocreate
>> sharedscripts
>> postrotate
>> test ! -e /var/run/squid.pid || test ! -x /usr/sbin/squid ||
>> /usr/sbin/squid -k rotate 2>/dev/null
>> endscript
>> }
>
> are you sure you don't run debian? ;-)
> I would just like to avoit redirecting stderr to /dev/null
> - if something bad happens, you should know it and not flush the info
>
>
> /var/log/squid/*.log {
> daily
> compress
> delaycompress
> rotate 31
> missingok
> nocreate
> sharedscripts
> prerotate
> test ! -x /usr/sbin/sarg-reports || /usr/sbin/sarg-reports daily
> endscript
> postrotate
> test ! -e /var/run/squid.pid || test ! -x /usr/sbin/squid ||
> /usr/sbin/squid -k rotate
> endscript
> }
>
>
> --
> Matus UHLAR - fantomas, uh...@fantomas.sk <mailto:uh...@fantomas.sk> ;
> http://www.fantomas.sk/ <http://www.fantomas.sk/>
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Linux - It's now safe to turn on your computer.
> Linux - Teraz mozete pocitac bez obav zapnut.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org <mailto:squid-users@lists.squid-cache.org>
> http://lists.squid-cache.org/listinfo/squid-users
> <http://lists.squid-cache.org/listinfo/squid-users>
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Log rotate
> doesn't centos come with squid package, including logrotate config?
I manually installed Squid package 4.8-1 by yum utility while logrotate
3.8.6-19 was already installed.
> you are running squid -k rotate in postrotate too, so what is your question?
When I installed Squid package, It’s has been created automatically
/etc/logrotate.d/squid as I showed in previous mails and where there is written
'squid -k rotate’.
My question is: if I use logrotate process why in /etc/logrotate.d/squid is
recalled ''squid -k rotate’ ?
I thought 'squid -k rotate’ started another file rotation in addition to
logrotate.
> On 7 Dec 2020, at 12:07, Matus UHLAR - fantomas wrote:
>
> On 07.12.20 10:35, sampe...@tiscali.it wrote:
>> My OS is Centos 7.
>
> doesn't centos come with squid package, including logrotate config?
>
>> But I manage rotation by logrotate, according to your suggestions in
>> /etc/logrotate.d/squid, among postscript and endscript, there is written
>> 'squid -k rotate’ so you don’t invoke squid rotation too ?!? We have 2
>> rotations?
>
> you are running squid -k rotate in postrotate too, so what is your question?
>
> according to squid docs, squid only reopens log files in "rotate" request,
> so logrotate takes care about renaming and compressing files, while squid
> only has to reopen them.
>
>>> On 07.12.20 09:12, sampe...@tiscali.it <mailto:sampe...@tiscali.it> wrote:
>>>> I want to rotate access.log by logrotate system process so I disabled
>>>> rotation in squid.conf, logfile_rotate has been set to zero; by logrotate
>>>> I can compress log files and to name them with date suffix.
>>>
>>>> But what I have to write among postrotate and endscript ? What command to
>>>> send to squid to start rotation?
>>>
>>>> It’s right to write "squid -k rotate" in postrotate section if I wanted to
>>>> manage rotation only by logrotate?
>>>
>>>
>>> this is very common on debian-based systems.
>>>
>>>> This is my /etc/logorotate.d/ file
>>>>
>>>> var/log/squid/access.log {
>>>> daily
>>>> compress
>>>> rotate 365
>>>> missingok
>>>> nocreate
>>>> sharedscripts
>>>> postrotate
>>>> test ! -e /var/run/squid.pid || test ! -x /usr/sbin/squid ||
>>>> /usr/sbin/squid -k rotate 2>/dev/null
>>>> endscript
>>>> }
>
>>> On 7 Dec 2020, at 10:08, Matus UHLAR - fantomas wrote:
>>> are you sure you don't run debian? ;-)
>>> I would just like to avoit redirecting stderr to /dev/null
>>> - if something bad happens, you should know it and not flush the info
>>>
>>>
>>> /var/log/squid/*.log {
>>> daily
>>> compress
>>> delaycompress
>>> rotate 31
>>> missingok
>>> nocreate
>>> sharedscripts
>>> prerotate
>>> test ! -x /usr/sbin/sarg-reports || /usr/sbin/sarg-reports
>>> daily
>>> endscript
>>> postrotate
>>> test ! -e /var/run/squid.pid || test ! -x /usr/sbin/squid ||
>>> /usr/sbin/squid -k rotate
>>> endscript
>>> }
>
> --
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Silvester Stallone: Father of the RISC concept.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
[squid-users] authorized by pcname
Can I set acl to authorize specific computer name by http_access directive ? I used usually acl src but I’d like to specify Netbios name, so I Thought as client IP address is sent to squid It’ll be the same thing with pc name. It’s possible ? ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] dhcp
Can you suggest way to manage acl for clients which are using DHCP server? ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] dhcp
I’m using Squid to permit or deny to clients to access to Internet (http/https traffic). Squid is dmz and It’s using my public DNS to solve names. Clients are in Microsoft domain. Client browser is configured to point squid service on 3128 port to access external network (local addresses are bypassed) and inside squid.conf I’m referencing clients by IP address because until yesterday I used static addresses. Today I’m going to use DHCP server too, e.g. for notebook, so I’ll use dynamic addresses too. So I’d like to manage dynamic address to permit/deny Internet access in the same way. I thought to specify "pc name”, instead of IP address, in squid.conf but Squid server has set DNS public, so It cannot to resolve client name. Thanks > On 11 Dec 2020, at 19:27, Amos Jeffries wrote: > > On 11/12/20 7:48 pm, sampei02 wrote: >> Can you suggest way to manage acl for clients which are using DHCP server? > > Firstly, what does DHCP have to do with clients using HTTP ? > > eg, why is it even a consideration for you? > > > Secondly, what are you trying to have Squid do? > > To provide help we need information about what your situation is. > > Amos > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] authorized by pcname
What Squid mechanism do you suggest me to identify the “computer name” ? What solution/corretion can I make to my environment to apply my idea? > On 12 Dec 2020, at 10:48, Amos Jeffries wrote: > > On 11/12/20 3:55 am, sampei02 wrote: >> Can I set acl to authorize specific computer name by http_access directive ? > > Maybe. That depends on whether there is any mechanism for Squid to identify > the "computer name". > > > >> I used usually acl src but I’d like to specify Netbios name, so >> I Thought as client IP address is sent to squid It’ll be the same thing >> with pc name. > > > Your thought is both right and wrong. > > NetBOIS name plays the same role as IP address - both are the "address" of > the client machine in their relevant protocols. > > However, Squid does not use or implement NetBIOS protocol to talk to clients. > Squid only uses IP based protocols. > > Sometimes NTLM credentials contain the NetBIOS name of a "NetBIOS node" > machine. > > Or IDENT protocol can be used to directly query the client about its name. > *IF* that protocol is supported and enabled on the client. > > > Amos > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] authorized by pcname
Thanks for your suggestions. 1. In this way I should move problem to another level that is dhcp server. 2. My DHCP server already updates to local DNS, that is Active Directory, but Squid cannot point to this local Microsoft DNS because It’s using external DNS. I have two DNS: Microsoft DNS (AD) for resolve intranet addresses and Linux DNS (public network) to resolve Internet address. Squid uses last DNS. 3. I’m not interesting, I thought already to it. 4.I didn’t switch to DHCP. dhcp is a further service. I’m using dhcp from few months and I’ll use it only for notebook. When client asks url to Squid, is there way to capture the “client name” and to check the match to acl? Does It exist trusted application to integrate into Squid to make it? > On 12 Dec 2020, at 14:20, Antony Stone > wrote: > > On Saturday 12 December 2020 at 14:03:23, sampe...@tiscali.it wrote: > >> What Squid mechanism do you suggest me to identify the “computer name” ? >> What solution/corretion can I make to my environment to apply my idea? > > A few suggestions: > > 1. Why not get your DHCP server to allocate IP addresses according to MAC > address; then your clients will get fixed addresses again and you can use > those > in your ACLs. > > 2. Alternatively, get your DHCP server to update a local DNS server, and > point > Squid at that so that it can look up the names of the PCs in DNS (without > needing to know about NetBIOS) and you can use those. > > 3. Get your users to authenticate to Squid as people, not as computers; then > you can apply the appropriate rules for who is trying to do stuff instead of > assuming who is using which computer. > > 4. Why have you switched from static addressing to DHCP? If you need DHCP to > cater for machines which "temporarily visit" your network, how about just > allocating a subnet range for those and continue to use static addresses for > the machines you know about? > > > Regards, > > > Antony. > > -- > A good conversation is like a miniskirt; > short enought to retain interest, > but long enough to cover the subject. > > - Celeste Headlee > > > Please reply to the list; > please *don't* CC me. > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] squid writes to /var/log/messages
With Squid 4.8 and rsyslogd 8.24, I noted some Squid logs in /var/log/messages, .e.g " ipcacheParse No Address records…” or “ Starting new redirector helpers…”. I configured log Squid to default options, excluded for "access_log /var/log/squid/access.log” instead of "access_log /var/log/squid/access.log squid” Where can I find answer because Squid writes to /var/log/messages too? ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid writes to /var/log/messages
Ok, I noted these 2 squid processes: root/usr/sbin/squid -sYC squid (squid-1) --kid squid-1 -sYC -s means "Enable logging to syslog” This option ‘-s’ could explain writing to messages ? > On 21 Dec 2020, at 09:14, NgTech LTD wrote: > > Hey Sampei, > > It's recommended you would send a squid.conf so we would try to > understand what might cause the issue you are writing about. > > Thanks, > Eliezer > > On Mon, Dec 21, 2020 at 9:07 AM sampe...@tiscali.it > wrote: >> >> With Squid 4.8 and rsyslogd 8.24, I noted some Squid logs in >> /var/log/messages, .e.g " ipcacheParse No Address records…” or “ Starting >> new redirector helpers…”. >> I configured log Squid to default options, excluded for "access_log >> /var/log/squid/access.log” instead of "access_log /var/log/squid/access.log >> squid” >> Where can I find answer because Squid writes to /var/log/messages too? >> >> >> ___ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid writes to /var/log/messages
> I can confirm that squid will write to /var/log/messages if syslog logging is > enabled AND syslog is configured to write to /var/log/messages (this is the > default behaviour on some Linux distributions, such as Debian, but not > Ubuntu). My distro is Centos7 and rsyslog is enabled and It’s configured to write to /var/log/messages; it’s the default behaviour. But how can I avoid Squid writes into this file? I chose the Squid default log files which are contained into /var/log/squid/ folder. > On 21 Dec 2020, at 11:31, Ambrose Li wrote: > > On Mon, Dec 21, 2020 at 11:01:07PM +1300, Amos Jeffries wrote: >> On 21/12/20 9:55 pm, sampe...@tiscali.it wrote: >>> Ok, I noted these 2 squid processes: >>> >>> root/usr/sbin/squid -sYC >>> squid (squid-1) --kid squid-1 -sYC >>> >>> -s means "Enable logging to syslog” >>> >>> This option ‘-s’ could explain writing to messages ? >> >> Squid does not write to /var/log/messages. On startup before Squid reads any >> configuration about whether cache.log or syslog is to be used it logs to >> stderr. >> >> That stderr channel is handled by whatever init system or shell is starting >> Squid. /var/log/messages is the init system log file. > > Actually no, /var/log/messages is not an init system log file; on some Linux > distros it is a default log location for syslog. > > I can confirm that squid will write to /var/log/messages if syslog logging is > enabled AND syslog is configured to write to /var/log/messages (this is the > default behaviour on some Linux distributions, such as Debian, but not > Ubuntu). > > > -- > Ambrose Li | Time zone: GMT-5 (Eastern) > ambroseli.ca > > “Any organization which designs a system… will inevitably produce a > design whose structure is a copy of the organization’s communication > structure.” — Conway’s Law > > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] skype
What is your experience with Windows Skype with latest Squid version ? I think Skype uses UDP protocol too. I have issue with start call to all computers, It works only chat. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid writes to /var/log/messages
I solved disabling ‘-s' option in squid startup script. Thanks > On 21 Dec 2020, at 15:36, Alex Rousskov > wrote: > > On 12/21/20 8:29 AM, sampe...@tiscali.it <mailto:sampe...@tiscali.it> wrote: > >> My distro is Centos7 and rsyslog is enabled and It’s configured to >> write to /var/log/messages; it’s the default behaviour. But how can I >> avoid Squid writes into this file? I chose the Squid default log >> files which are contained into /var/log/squid/ folder. > > You already know from other responses that removing "-s" from your Squid > command line options is the primary solution for stopping Squid from > logging to syslog, but I wanted to add a caveat: > > * Some Squid messages are only logged to syslog. > Those messages are logged to syslog regardless of the "-s" presence. > I suspect they may also disregard the "-l facility" setting. > > ... where "logged to syslog" should be interpreted as "sent to the > syslog daemon", of course. > > IMO, this caveat is essentially a Squid bug. > > You can prevent all Squid messages from appearing in system log files by > configuring your syslog daemon accordingly. > > > HTH, > > Alex. > > >>> On 21 Dec 2020, at 11:31, Ambrose Li wrote: >>> >>> On Mon, Dec 21, 2020 at 11:01:07PM +1300, Amos Jeffries wrote: >>>> On 21/12/20 9:55 pm, sampe...@tiscali.it <mailto:sampe...@tiscali.it> >>>> wrote: >>>>> Ok, I noted these 2 squid processes: >>>>> >>>>> root /usr/sbin/squid -sYC >>>>> squid (squid-1) --kid squid-1 -sYC >>>>> >>>>> -s means "Enable logging to syslog” >>>>> >>>>> This option ‘-s’ could explain writing to messages ? >>>> >>>> Squid does not write to /var/log/messages. On startup before Squid reads >>>> any >>>> configuration about whether cache.log or syslog is to be used it logs to >>>> stderr. >>>> >>>> That stderr channel is handled by whatever init system or shell is starting >>>> Squid. /var/log/messages is the init system log file. >>> >>> Actually no, /var/log/messages is not an init system log file; on some Linux >>> distros it is a default log location for syslog. >>> >>> I can confirm that squid will write to /var/log/messages if syslog logging >>> is >>> enabled AND syslog is configured to write to /var/log/messages (this is the >>> default behaviour on some Linux distributions, such as Debian, but not >>> Ubuntu). >>> >>> >>> -- >>> Ambrose Li | Time zone: GMT-5 (Eastern) >>> ambroseli.ca >>> >>> “Any organization which designs a system… will inevitably produce a >>> design whose structure is a copy of the organization’s communication >>> structure.” — Conway’s Law >>> >>> ___ >>> squid-users mailing list >>> squid-users@lists.squid-cache.org >>> http://lists.squid-cache.org/listinfo/squid-users >> >> ___ >> squid-users mailing list >> squid-users@lists.squid-cache.org <mailto:squid-users@lists.squid-cache.org> >> http://lists.squid-cache.org/listinfo/squid-users >> <http://lists.squid-cache.org/listinfo/squid-users> ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
