Help!–To analyse squid 3.3.10 access log
-
I have an Intel E 2180 2.0 Ghz processor on Intel DG31PR motherboard with 2GB DDR2 RAM, 80gb HDD and two Nic's on a system runing pfsense Release 2.1 Amd64 with squid 3.3.10 and Diladele Websafety 3.2. The Firewall has 80 computers behind it. The system worked without errors for 4.5 days after which it started giving " Icap protocol error". The memory usage on the dashboard showed 91%. I restarted squid service and qlproxyd service several times but the system kept crashing every few minutes, finally I had to re-boot the system and then it is stable since last 30 hrs. I did not find any hint from qlproxy logs or squid access & cache logs. Can any one hint as to what might be causing the crash….
Secondly while analysing the squid access logs, 90% of the logs were present with only one entry repated thousands of times..can anyone guide me as to what this repetative entry in the log signifies....(I run quick heal endpoint security 5.2 on all 80 computers) and the TCP_DENIED log also points to quickheal servers1402973176.738 0 192.168.1.93 TCP_DENIED/407 4074 POST http://resolver1.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973176.827 0 192.168.1.16 TCP_DENIED/407 4074 POST http://resolver1.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973177.013 0 192.168.1.22 TCP_DENIED/407 4074 POST http://resolver4.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973177.185 263 192.168.1.92 TCP_MISS/204 373 GET https://in.yahoo.com/p.gif;_ylc=X3oDMTdiYzU5a3M4BF9TAzk3Njg0MTQyBGEDRklOLUR1YmFpIGZhY2VzIG1vbWVudCBvZiB0cnV0aCBvdmVyIGxvb21pbmcgcHJvcGVydHkgYnViYmxlBGFpZANpZC04MzAzNTgEY3BvcwMyNQRlZAMxBGcDN2IzNmE0MDMtYjczZC0zZDZlLWFkNjMtM2M3OGJkYzU2YzUxBGludGwDaW4EaXRjAzIEbHR4dANCZXdhcmVvZkR1YmFp4oCZc3Byb3BlcnR5bWFya2V0BHBrZ3YDMQRwb3MDMARzZWMDdGQtZmVhdARzbGsDdGh1bWIEdGVzdAM0MDI-? test2 HIER_DIRECT/202.43.192.109 text/plain 1402973177.308 0 192.168.1.199 TCP_DENIED/407 4066 POST http://webres2.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973177.335 0 192.168.1.199 TCP_DENIED/407 4066 POST http://webres4.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973177.367 0 192.168.1.199 TCP_DENIED/407 4066 POST http://webres2.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973177.393 0 192.168.1.199 TCP_DENIED/407 4066 POST http://webres1.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973177.434 136887 192.168.1.20 TCP_MISS_ABORTED/206 297133 GET http://www.scanwithfiles.com/files/offline_update_eav_9946.zip test2 HIER_DIRECT/50.97.146.242 application/zip 1402973177.472 0 192.168.1.199 TCP_DENIED/407 4066 POST http://webres1.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973177.482 0 192.168.1.7 TCP_DENIED/407 4073 POST http://resolver1.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973177.703 57 192.168.1.92 NONE/200 0 CONNECT s2.yimg.com:443 test2 HIER_DIRECT/203.84.220.80 - 1402973177.784 0 192.168.1.199 TCP_DENIED/407 4075 POST http://resolver1.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973177.809 0 192.168.1.154 TCP_DENIED/407 4075 POST http://resolver1.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973177.823 0 192.168.1.199 TCP_DENIED/407 4075 POST http://resolver1.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973177.844 0 192.168.1.152 TCP_DENIED/407 4075 POST http://resolver1.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973177.856 0 192.168.1.9 TCP_DENIED/407 4073 POST http://resolver1.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973177.903 0 192.168.1.154 TCP_DENIED/407 4075 POST http://resolver1.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973177.915 0 192.168.1.152 TCP_DENIED/407 4075 POST http://resolver1.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973178.224 0 192.168.1.7 TCP_DENIED/407 4064 POST http://webres1.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973178.256 0 192.168.1.16 TCP_DENIED/407 4074 POST http://resolver1.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973178.352 0 192.168.1.22 TCP_DENIED/407 4074 POST http://resolver5.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973178.509 0 192.168.1.16 NONE/400 3572 GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl - HIER_NONE/- text/html 1402973178.583 0 192.168.1.9 TCP_DENIED/407 4064 POST http://webres3.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973178.863 0 192.168.1.7 TCP_DENIED/407 4073 POST http://resolver1.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973179.184 0 192.168.1.92 TCP_DENIED/407 3511 CONNECT accounts.google.com:443 - HIER_NONE/- text/html 1402973179.192 263 192.168.1.92 TCP_MISS/204 373 GET https://in.yahoo.com/p.gif;_ylt=A2oKs9laq59TuIAAI58jetEF? test2 HIER_DIRECT/202.43.192.109 text/plain 1402973179.303 0 192.168.1.9 TCP_DENIED/407 4073 POST http://resolver1.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973179.455 0 192.168.1.16 NONE/400 4010 NONE error:invalid-request - HIER_NONE/- text/html 1402973179.566 0 192.168.1.98 TCP_DENIED/407 4074 POST http://resolver5.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973179.580 0 192.168.1.155 TCP_DENIED/407 4075 POST http://resolver1.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973179.599 0 192.168.1.80 TCP_DENIED/407 3561 CONNECT watson.microsoft.com:443 - HIER_NONE/- text/html 1402973179.658 0 192.168.1.7 TCP_DENIED/407 4064 POST http://webres3.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973179.691 0 192.168.1.155 TCP_DENIED/407 4075 POST http://resolver1.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973180.278 0 192.168.1.22 TCP_DENIED/407 4074 POST http://resolver1.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973180.395 0 192.168.1.7 TCP_DENIED/407 4073 POST http://resolver1.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973180.490 0 192.168.1.18 NONE/400 3576 POST /SpamResolverNG/SpamResolverNG.dll?DoNewRequest - HIER_NONE/- text/html 1402973180.592 0 192.168.1.18 NONE/400 3576 POST /SpamResolverNG/SpamResolverNG.dll?DoNewRequest - HIER_NONE/- text/html 1402973181.076 0 192.168.1.98 TCP_DENIED/407 4074 POST http://resolver1.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973181.899 0 192.168.1.7 TCP_DENIED/407 4073 POST http://resolver2.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973182.056 0 192.168.1.22 TCP_DENIED/407 4074 POST http://resolver1.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973182.059 0 192.168.1.9 TCP_DENIED/407 4064 POST http://webres1.qheal.ctmail.com/SpamResolverNG/SpamResolverNG.dll? - HIER_NONE/- text/html 1402973182.201 0 192.168.1.199 TCP_DENIED/407 4063 GET http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab? - HIER_NONE/- text/htmlthanks
cirkit
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.