How to Read SquidGuard Logs, what does this logs mean to me?
-
Hi guys,
Im new to PFSense i Setup squid+squidguard.
both service are running, but squidguard is not blocking sites, i decided to check the logs, but i dont understand what it means. please help me just to read the logs. thanks!this is for squid cache.log (partial)
2015/07/12 15:10:56| Accepting proxy HTTP connections at 192.168.0.1, port 3128, FD 17.
2015/07/12 15:10:56| Accepting transparently proxied HTTP connections at 127.0.0.1, port 3128, FD 18.
2015/07/12 15:10:56| Accepting HTCP messages on port 4827, FD 19.
2015/07/12 15:10:56| Accepting SNMP messages on port 3401, FD 22.
2015/07/12 15:10:56| WCCP Disabled.
2015/07/12 15:10:56| Ready to serve requests.
2015/07/12 15:10:56| Done reading /cache swaplog (585 entries)
2015/07/12 15:10:56| Finished rebuilding storage from disk.
2015/07/12 15:10:56| 585 Entries scanned
2015/07/12 15:10:56| 0 Invalid entries.
2015/07/12 15:10:56| 0 With invalid flags.
2015/07/12 15:10:56| 585 Objects loaded.
2015/07/12 15:10:56| 0 Objects expired.
2015/07/12 15:10:56| 0 Objects cancelled.
2015/07/12 15:10:56| 0 Duplicate URLs purged.
2015/07/12 15:10:56| 0 Swapfile clashes avoided.
2015/07/12 15:10:56| Took 0.3 seconds (2130.4 objects/sec).
2015/07/12 15:10:56| Beginning Validation Procedure
2015/07/12 15:10:56| Completed Validation Procedure
2015/07/12 15:10:56| Validated 585 Entries
2015/07/12 15:10:56| store_swap_size = 12570k
2015/07/12 15:10:56| storeLateRelease: released 0 objects
2015/07/12 17:33:32| parseHttpRequest: Unsupported method 'USR'
2015/07/12 17:33:32| clientTryParseRequest: FD 40 (192.168.0.111:49943) Invalid Request
2015/07/12 17:34:51| parseHttpRequest: Unsupported method 'USR'
2015/07/12 17:34:51| clientTryParseRequest: FD 68 (192.168.0.111:50010) Invalid Request
2015/07/12 17:34:54| parseHttpRequest: Unsupported method 'LSM'
2015/07/12 17:34:54| clientTryParseRequest: FD 50 (192.168.0.111:50015) Invalid Request
2015/07/12 17:38:04| parseHttpRequest: Unsupported method 'USR'
2015/07/12 17:38:04| clientTryParseRequest: FD 28 (192.168.0.111:50126) Invalid Request
2015/07/12 17:38:08| parseHttpRequest: Unsupported method 'USR'
2015/07/12 17:38:08| clientTryParseRequest: FD 34 (192.168.0.111:50134) Invalid Request
2015/07/12 17:40:19| parseHttpRequest: Unsupported method 'USR'
2015/07/12 17:40:19| clientTryParseRequest: FD 35 (192.168.0.111:50203) Invalid Request
2015/07/12 17:40:29| parseHttpRequest: Unsupported method 'LSM'
2015/07/12 17:40:29| clientTryParseRequest: FD 15 (192.168.0.111:50209) Invalid Request
2015/07/12 17:42:29| parseHttpRequest: Unsupported method 'USR'
2015/07/12 17:42:29| clientTryParseRequest: FD 29 (192.168.0.111:50223) Invalid Request
2015/07/12 17:42:31| parseHttpRequest: Unsupported method 'LSM'
2015/07/12 17:42:31| clientTryParseRequest: FD 35 (192.168.0.111:50226) Invalid Request
2015/07/12 17:44:20| parseHttpRequest: Unsupported method 'USR'
2015/07/12 17:44:20| clientTryParseRequest: FD 28 (192.168.0.111:50239) Invalid Request
2015/07/12 17:44:29| parseHttpRequest: Unsupported method 'LSM'
2015/07/12 17:44:29| clientTryParseRequest: FD 56 (192.168.0.111:50245) Invalid Request
2015/07/12 17:46:27| parseHttpRequest: Unsupported method 'USR'
2015/07/12 17:46:27| clientTryParseRequest: FD 35 (192.168.0.111:50262) Invalid Request
2015/07/12 17:46:33| parseHttpRequest: Unsupported method 'LSM'
2015/07/12 17:46:33| clientTryParseRequest: FD 29 (192.168.0.111:50269) Invalid Request
2015/07/12 17:59:52| parseHttpRequest: Unsupported method 'USR'
2015/07/12 17:59:52| clientTryParseRequest: FD 76 (192.168.0.104:49666) Invalid Request
2015/07/12 18:00:19| parseHttpRequest: Unsupported method 'USR'
2015/07/12 18:00:19| clientTryParseRequest: FD 29 (192.168.0.104:49699) Invalid Request
2015/07/12 18:00:24| parseHttpRequest: Unsupported method 'USR'
2015/07/12 18:00:24| clientTryParseRequest: FD 63 (192.168.0.104:49708) Invalid Request
2015/07/12 18:03:18| parseHttpRequest: Unsupported method 'USR'
2015/07/12 18:03:18| clientTryParseRequest: FD 15 (192.168.0.104:49720) Invalid Request
2015/07/12 18:03:21| parseHttpRequest: Unsupported method 'USR'
2015/07/12 18:03:21| clientTryParseRequest: FD 35 (192.168.0.104:49725) Invalid Request -
Start from the beginning. Which version of pfSense, squid, squidguard? Start with squid first. Get it to the point where it's processing properly by shelling in and checking /var/squid/logs/access.log in realtime. Once you know squid is processing, then install and configure squidguard. Don't use transparent mode, use explicit mode with WPAD instead.