Re: [squid-users] Removing dashes from user field in access.log

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 26 Apr 2012 11:03:19 +1200

On 26.04.2012 07:06, Isamar Maia wrote:
> Hi Folks,
>
> I am using squid version Version 2.6.STABLE22
> which comes included in Endian Firewall version 2.4.1,
> with Windows AD authentication(NTLM)
>
> I am exporting access logs to "Mysar" Web log reporter and in the
> reports,
> I can see WIndows AD user logins and some records come with a dash(-)
> sign.
>
> Checking access.log from squid, the dashes are in this log file.
>
> How can I eliminate the dash sign records ?

You can't.

  * software which does not support proxy login of the types you want to
use does not send a username.
  * Windows NTLM involves a set of handshake requests the first few do
not have any username included.
  * software which has good security practices and does not broadcast
your users login credentials around the Internet will tests for access
without credentials first.

You can minimize the number of such requests by enabling persistent
connections HTTP feature in all software, and also by pushing for
software which does not support proxy login to be upgraded to versions
which do support it.

> Why they are there ?

It is a web request made without login details. There is no username to
be logged.

PS. I really recommend upgrading your Squid, that version is not
supported for many years now. Endian apparently have a 2.5 version out,
if that does not come with a recently supported Squid please push them
to update their releases.

Amos
Received on Wed Apr 25 2012 - 23:03:24 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 26 2012 - 12:00:04 MDT