[HOWTO] Squid/Lightsquid Logs with MAC addresses - pfSense 2.3.2



  • Hi everybody,

    last night (after about 4 pots of coffee) I figured out, how to log MAC addresses instead of IPs with Squid and Lightsquid.

    DISCLAIMER: Backup your config before playing around. This comes with absolutely no warranties.

    After installing and configuring Squid and Lightsquid follow these steps:

    • In the WebGUI, navigate to Services / Squid Proxy Server / General Tab and Scroll down to Logging Settings

    • Enable Access Logging –> Disabled

    • Scroll down to the bootom of the page and click on Show advanced Options

    • Paste the code below into the Custom ACLS (Before Auth)-Box

    • Save and restart Squid Service

    logfile_rotate 90
    debug_options rotate=90
    logformat iptomac %ts.%03tu %6tr %>eui %Ss/%03>Hs %<st %rm="" %ru="" %[="">a %Sh/%<a %mt<br="">access_log /var/squid/logs/access.log iptomac[/code]
    
    I attached a screenshot (MACs shortened) so you get an idea of how it will look.
    
    Now, I'll see if I can get rid of that **** stuck beacon issue.
    Time for another pot of coffee...
    
    Cheers!
    ![lightsquid.jpg](/public/_imported_attachments_/1/lightsquid.jpg)
    ![lightsquid.jpg_thumb](/public/_imported_attachments_/1/lightsquid.jpg_thumb)</a></st>
    


  • Just Superb  ;D



  • hi

    merci beaucoup ;) ;) ;) ;)



  • The idea is right but the syntax is wrong. On 2.4.4-RELEASE-p2:

    • Proxy Server -> General settings -> "Enable Access Logging" disabled (this prevents the default syntax to be loaded)
    • Advanced features ("Show Advanced Options") -> Custom Options (Before Auth) ->
    logfile_rotate 30
    debug_options rotate=30
    logformat squid %{%d/%m/%Y_%H:%M:%S}tl %>eui %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt
    access_log /var/squid/logs/access_custom.log
    

    Save and reload Squid. You'll find the log in /var/squid/logs as defined in the general options page. Obviously You can customize the options according to your needs (timestamp, logrotate days, etc...)


Log in to reply