SquidGuard Blacklist DB creation Loop



  • Hey ,

    After upgrade 2.2.1  to  2.2.3  ,  Squidguard keeps on loading backlist DB again and again (shows in cache.log), due to which for LAN users internet does not work.
    As soon as i remove /var/db/squidguard and uncheck "use blacklist in squidguard" , i'm able to see logs inside access.log  and internet works.

    squid 2.7.9 pkg v.4.3.6 and  squidguard 1.9.14

    Please note :- same setup is working fine on backup server.



  • Squid2 is years old already.  You should be using squid3.  What happens if you shell in and run

    squidGuard -b -C all



  • @KOM:

    Squid2 is years old already.  You should be using squid3.  What happens if you shell in and run

    squidGuard -b -C all

    I am seeing the same thing on my setup.  I am using squid 3. Enabling the blacklist in squidguard causes it to keep loading the database and no traffic gets through.  When I run the command you gave I get:

    2015-07-18 00:13:32 [5241] /usr/local/bin/squidGuard: can't write to logfile /var/log/squidGuard/squidGuard.log
    2015-07-18 00:13:32 [5241] /usr/local/bin/squidGuard: can't open configfile  all
    2015-07-18 00:13:32 [5241] Going into emergency mode

    Is there an easy way to fix this?

    Thanks,
    Chad



  • I tried fixing permissions to eliminate the errors.  I had to make the /var/log/squidGuard folder.

    
    mkdir /var/log/squidGuard
    chmod -R 755 /var/db/squidGuard
    chmod -R 755 /var/log/squidGuard
    chown -R proxy:proxy /var/db/squidGuard
    chown -R proxy:proxy /var/log/squidGuard
    
    

    After this there was no output from

    squidGuard -b -C all
    

    I tried re-enabling the blacklist but squidGuard keeps doing the db rebuild and will not allow traffic:

    18.07.2015 09:01:02 squidGuard stopped (1437235262.067)
    18.07.2015 09:01:02 db update done
    18.07.2015 09:01:02 squidGuard 1.4 started (1437235262.032)
    18.07.2015 08:57:11 squidGuard stopped (1437235031.849)
    18.07.2015 08:57:11 db update done
    18.07.2015 08:57:11 squidGuard 1.4 started (1437235029.203)
    18.07.2015 08:56:45 squidGuard stopped (1437235005.973)
    18.07.2015 08:56:45 db update done
    18.07.2015 08:56:45 squidGuard 1.4 started (1437235005.950)
    18.07.2015 08:56:38 squidGuard stopped (1437234998.520)
    18.07.2015 08:56:26 squidGuard stopped (1437234986.272)
    18.07.2015 08:56:26 db update done

    Any ideas on where to go from here?

    Thanks,
    Chad



  • Uninstall/reinstall of squidGuard, or a config.xml backup and then complete reload.  Something weird is going on.



  • @KOM:

    Uninstall/reinstall of squidGuard, or a config.xml backup and then complete reload.  Something weird is going on.

    I tried uninstalling and reinstalling squidguard with no luck. I will try a rebuild now. Could this have something to do with HYPER-V?



  • I doubt it.  Hypervisor issues are almost always related to hardware.  Why did you have to create the log dir?  SquidGuard logs are normally in /var/squidGuard/log/squidGuard.log.



  • @KOM:

    Why did you have to create the log dir?  SquidGuard logs are normally in /var/squidGuard/log/squidGuard.log.

    I made the directory since that is where the output from squidGuard -b -C all was looking for it.

    2015-07-18 00:13:32 [5241] /usr/local/bin/squidGuard: can't write to logfile /var/log/squidGuard/squidGuard.log
    2015-07-18 00:13:32 [5241] /usr/local/bin/squidGuard: can't open configfile  all
    2015-07-18 00:13:32 [5241] Going into emergency mode



  • Weird.  I also notice you're running squid 2. It shouldn't affect your problem, but I would recommend running squid3.  2 is ancient and doesn't support a lot of the newer directives and web tech.



  • I installed squid 3.  I have not used squid 2 in a long time.

    It was the OP that was running squid 2.  Seems like we both had the same problem with squidGuard though.  I will post back after trying a clean install.



  • I had to uninstall SquidGuard , because it is production environment and can not do testing .
    is there any way to achieve content and url blocking, without squidgurad .
    I'm not using squid 3 , becuase it makes my cpu usage 99% (16 Gb ram , 8 cores , Intel Xeon)



  • is there any way to achieve content and url blocking, without squidgurad

    You could try DansGuardian or E2Guardian.



  • @KOM:

    is there any way to achieve content and url blocking, without squidgurad

    You could try DansGuardian or E2Guardian.

    Ok Sir , I'll try to test the mentioned packages and update you .
    Right now i have done blocking on squid level itself for you-tube etc .



  • @KOM:

    Squid2 is years old already.  You should be using squid3.

    I have installed Squid 3.4 , and running in Transparent Mode, I 'm able to see the SSL intercept option in GUI .
    Can you please put some light on this feature (is there any change required on LAN  PC's  in terms of certificate import etc )



  • Please don't hijack an unrelated thread.  Post your problem in its own thread and I;ll be happy to help.



  • @KOM:

    Please don't hijack an unrelated thread.  Post your problem in its own thread and I;ll be happy to help.

    Thanks , I'm going to start new thread  :)