In General theres a Problem with the Infrastructure
client --> squid --> havp -->squid --> internet
on the same Machine, since you'll log each http request two times (one from the client, the other from havp)
giving strange results to calamaris/sarg etc...
So i RTFM'd a bit, and hey, theres a solution even for that Problem...
So, for anyone interested, i though i share my ideas
Heres the squid.conf (since i hate looking for it in my Documents Folder...
)Comments are welcome (especially about the squid->havp connection since i'm not shure avbout this
dunno where i got that from, but it works...)
Code:
http_port 3128
http_port 127.0.0.1:8081
tcp_outgoing_address 10.23.42.13 ##not really but it looks cool....
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl SSL_ports port 10443 # i hate these bastards...
acl SSL_ports port 8443 # se above
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl src_lan src 10.23.42.0/24
acl src_dmz src some.other.cool.ips
###important stuff
acl client_port myport 3128
acl havp_port myport 8081
acl no_virus_scan dstdomain .dontscan.me
acl dontcache dstdomain .ubuntu.com ## you'll get some nasty hashsum errors if you cache ubuntu files
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow havp_port localhost
http_access deny havp_port all
http_access allow localhost
http_access allow src_lan
http_access allow src_dmz
http_access deny all
http_reply_access allow all
always_direct allow dst_dmz
always_direct allow no_virus_scan
no_cache deny havp_port # we dont want to cache possible viruses, do we?
no_cache deny dontcache
## connect to havp
cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default
cache_peer_access 127.0.0.1 deny CONNECT
cache_peer_access 127.0.0.1 deny havp_port #needet if you dont want to loop your request
cache_peer_access 127.0.0.1 allow all
#some other stuff
cache_dir diskd /var/spool/squid3 2000 4 256
cache_mem 512 MB
# more stuff as you need
....
# now the logging fun
access_log /var/log/squid3/full.log squid # std log with ervey request
access_log /var/log/squid3/clean.log squid client_port !havp_port # log only request coming to client port and not those to the havp port,
http_port 127.0.0.1:8081
tcp_outgoing_address 10.23.42.13 ##not really but it looks cool....
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl SSL_ports port 10443 # i hate these bastards...
acl SSL_ports port 8443 # se above
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl src_lan src 10.23.42.0/24
acl src_dmz src some.other.cool.ips
###important stuff
acl client_port myport 3128
acl havp_port myport 8081
acl no_virus_scan dstdomain .dontscan.me
acl dontcache dstdomain .ubuntu.com ## you'll get some nasty hashsum errors if you cache ubuntu files
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow havp_port localhost
http_access deny havp_port all
http_access allow localhost
http_access allow src_lan
http_access allow src_dmz
http_access deny all
http_reply_access allow all
always_direct allow dst_dmz
always_direct allow no_virus_scan
no_cache deny havp_port # we dont want to cache possible viruses, do we?
no_cache deny dontcache
## connect to havp
cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default
cache_peer_access 127.0.0.1 deny CONNECT
cache_peer_access 127.0.0.1 deny havp_port #needet if you dont want to loop your request
cache_peer_access 127.0.0.1 allow all
#some other stuff
cache_dir diskd /var/spool/squid3 2000 4 256
cache_mem 512 MB
# more stuff as you need
....
# now the logging fun
access_log /var/log/squid3/full.log squid # std log with ervey request
access_log /var/log/squid3/clean.log squid client_port !havp_port # log only request coming to client port and not those to the havp port,
After that you should have a ugly full.log as usual
and a nice one with all the requests your clients made, and the exeption you configured (coming up as DIRECT...)
so you only need to configure sarg/calamaris etc to read clean.log and everything should be fine