Squid 3.1 监控HTTPS日志

Squid 3.1 监控HTTPS日志

我已经在 Raspbian Wheezy OS 上配置了 squid3,这是配置文件(squid.conf):

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 192.168.0.0/24 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 81          # port added for testing

acl allowedSites1 dstdomain khooloo.cloudapp.net ## Newly Added
acl allowedSites2 dstdomain moovah.co.za
acl allowedSites3 dstdomain moovahapp.net
acl allowedSites4 dstdomain moovahapp.com
acl allowedSites5 dstdomain 168.63.241.212 ## Newly Added
acl allowedSites6 dstdomain 192.168.0.11 ## Newly Added
acl allowedSites7 dstdomain http://docs.google.com

acl BlockedHost src "/etc/squid3/blockedip"
#acl WhiteList src "/etc/squid3/whitelist"

http_access deny BlockedHost
#http_access allow WhiteList

acl CONNECT method CONNECT

http_access allow manager localhost
http_access allow localnet
http_access deny manager
http_access deny !Safe_ports
http_access deny to_localhost
icp_access deny all
#http_access deny all
http_port 3128 intercept
http_port 80 vhost
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid3/access.log squid

#Suggested default:
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern .               0       20%     4320
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid3

# block all other access

http_access allow allowedSites1
http_access allow allowedSites2
http_access allow allowedSites3
http_access allow allowedSites4
http_access allow allowedSites5
http_access allow allowedSites6
http_access allow allowedSites7

http_access deny all

我可以监控 http 日志。

有人能帮我监控 https 日志吗?

谢谢

答案1

我认为您可能需要考虑这里的一些工具:http://www.squid-cache.org/Misc/log-analysis.html

相关内容