Re: [squid-users] NTLM effect on access.log

From: Robert Collins <robert.collins@dont-contact.us>
Date: 29 Oct 2001 16:02:16 +1100

On Mon, 2001-10-29 at 09:54, Tony Melia wrote:
> I just started using ntlm/fakeauth authentication which works great.
> However, I ran my normal calamaris and webalizer reports on the logs, and
> got really weird results. Calamaris shows almost no hits and webalizer said
> my log files were unrecognisable. I can see from the access.log that there
> are lots of anonymous TCP_DENIED which seem to be generated/required by
> fakeauth, followed by a successful log with the username recorded.

The extra TCP_DENIED's are microsoft's wonderful legacy. We've
considered filterting them out, but until we can be sure there is no
lost information of a useful nature, tjey will remain.

> Is there a grep/other filter I can run my access.log through to 'fix' it so
> I can still use standard squid reporting tools? I still need to have access
> to access.log with the username intact. What do other ntlm users use to get
> stats on?

The username is escaped in the log file to prevent problems with
existing tools. You'll need to see why it's breaking the tools you're
using, and then we can look at ways to solve that.
Rob
Received on Sun Oct 28 2001 - 21:58:36 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:03:10 MST