Access.log won't update until I …

  • Background - Packages/Versions:

    Pfsense 1.2.3 RELEASE
    Lightsquid 1.7.1 pkg 1.2
    Squid 2.7.9_4 (Transparent proxy mode)

    Hi There,
    When my PFSENSE box reboots. Users can browse to their heart content but my access.log does not get updated. (Cache.log does though)

    ls -la /var/squid/log

    total 280
    drwxr-xr-x  2 proxy  proxy    512 Mar 30 22:00 .
    drwxr-xr-x  6 proxy  proxy    512 Nov 24 23:00 ..
    -rw-r–---  1 proxy  proxy  29316 Mar 31 11:00 access.log
    -rw-r-----  1 proxy  proxy      0 Mar 30 21:42 access.log.0
    -rw-r-----  1 proxy  proxy  221926 Mar 31 11:00 cache.log
    -rw-r-----  1 proxy  proxy    5162 Mar 30 22:00 cache.log.0
    The only way I get to access.log to 'wake up' is to do the following;

    1. In PFSENSE, Status, Sevices -> Restart the squid service
    2. In PFSENSE, Services, Proxy Server, General tab -> Untick 'enabled logging' , Save and re-tick 'enabled logging' , Save.

    AS soon as I did one of the above tricks – surf around a bit, I can see Access.log’s datestamp correlates correctly.

    I'm baffled a why this is happening!  ???

    Other things I tried:

    1. Reinstalled squid + squidlight. still does the same.

    2. Trying to stop/start from cli also does not work:

    /usr/local/sbin/squid -k shutdown
    /usr/local/sbin/squid -D

    any ideas?

  • Sounds like squid is not started in time on boot. There is a process that checks to see if squid is running before the firewall adds the transparent rule. If squid is not running then it does not add the transparent redirect for port 80 fw rule. Thats why if you click save it then starts working.
    You will probably find this in your log entries "SQUID is installed but not started.  Not installing redirect rules.".

  • thx wagonza - your reply nudged me into the right direction.

    if I do a pfctl -sn | grep http - I am suppose to see the redirect rule :
    rdr on re0 inet proto tcp from any to ! (re0) port = http -> port 80

    After browsing I found the solution in the,20690.15.html discussion… in a nutshell, it looks like there is some sort of race condition in rc.  so by commenting out the 'rm -f /tmp/filter_dirty' line fixes the problem!