SQUID ACL category filtering logging

Started by Azerty728, July 06, 2020, 10:36:28 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 06, 2020, 10:36:28 PM
Hello there,

Is there someone able to explain me how to enhance SQUID logs  to add the category that was filtered in the logs ?
I'm using ACLs from Lille University and filtering some categories. But when a connection is dropped/blocked by SQUID, I'm only getting TCP_DENIED. I want to know which category was blocked. Is this only possible ? And if yes, how ?
I receive my logs by syslog to my Splunk.
Thank you.
July 28, 2020, 08:09:23 AM #1
hello Azerty,
in basic squid log this is not possible, however, you can use a third-party app to do so like solar winds',there's also open-source solutions like sarg or light squid they have nice features like top users and top sites and user usage but don't tell you most blocked category.
Disclaimer: All advice presented is "AS IS", no warranties.
I'm not part of the opnsense team, just trying to help.
Print
Go Up Pages1
User actions