Hello Friends,
Squid is very popular proxy used on Redhat servers , here is little tutorial on configuring sqid , checking squid logs , Hope you will enjoy!
SQUID Configuration :
---------------------------
1. yum install squid*
2. vi /etc/squid/squid.conf
Parameters to configure :
-----------------------------
By Default no machine is allowed to connect proxy server except localhost so need to allow access
to our subnet 192.168.0.0/24 (Need to create acl Step 3)
1. visible_hostname universe.server.com # universe.server.com is my Servers Hostname
2. http_port 192.168.0.60:8080 # My Servers Ip : 192.168.0.60 , Port 8080
3. acl mylan src 192.168.0.0/255.255.255.0 # mylan is name given to ACL
4. http_access allow mylan
5. http_access deny !mylan
6. Save changes and Exit
7. service squid start
On Client :
---------------
1. Open browser
2. Edit > Preferences > Connection settings >
3. Manual Proxy Configuration > Http Proxy > 192.168.0.60 , Port 8080
Thats it!!!!
You should be able to browse websites here onwards!!!
Additional Configuration :
-------------------------------
http://www.redhat.com/archives/ext3-users/2010-August/msg00003.html
1. vi /etc/squid/squid.conf
2. cache_dir ufs /var/spool/squid 100 16 256
Amount of Disk in MB to be used for Caching : 100
Number of First Level cache directories to be created : 16
NUmber of Second Level cache directories to be created : 256
Default Squid Cache directory : /var/spool/squid/(16 dirs)/(256 dirs)/(the small files)
'Level-1' is the number of first-level subdirectories which will be created under the 'Directory'--> The default is 16.
'Level-2' is the number of second-level subdirectories which will be created under each first-level directory --> The default is 256.
Where to check Squid Access Logs ? Who visited XYZ Sites?
-----------------------------------------------------------
Log File : /var/log/squid/access.log
Sample Logs :
---------------
[root@universe squid]# tail -f /var/log/squid/access.log
1350983287.130 2452 192.168.0.254 TCP_MISS/200 83569 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_35.png - DIRECT/125.99.127.201 image/png
1350983287.865 3913 192.168.0.254 TCP_MISS/200 61282 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_31.png - DIRECT/125.99.127.209 image/png
1350983288.327 1746 192.168.0.254 TCP_MISS/200 44226 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_08.png - DIRECT/125.99.127.209 image/png
1350983290.043 1595 192.168.0.254 TCP_MISS/200 22004 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_10.png - DIRECT/125.99.127.201 image/png
1350983290.214 2348 192.168.0.254 TCP_MISS/200 32779 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_26.png - DIRECT/125.99.127.209 image/png
1350983290.553 3932 192.168.0.254 TCP_MISS/200 66018 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_17.png - DIRECT/125.99.127.201 image/png
1350983291.331 777 192.168.0.254 TCP_MISS/200 830 GET http://metrics.htc.com/b/ss/htcww-en-prod,htcglobal-prod/1/H.25.2T/s3457431454036? - DIRECT/66.235.142.3 image/gif
1350983291.525 3197 192.168.0.254 TCP_MISS/200 79093 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_01.png - DIRECT/125.99.127.209 image/png
1350983292.021 1806 192.168.0.254 TCP_MISS/200 32147 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_28.png - DIRECT/125.99.127.209 image/png
1350983292.572 2529 192.168.0.254 TCP_MISS/200 66253 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_19.png - DIRECT/125.99.127.201 image/png
Squid Forensics :
----------------------
http://philosecurity.org/2009/04/19/squid-forensics
Where in cache , file xyz.jpg stored ?
------------------------------------------
grep -r “xyz.jpg” /var/spool/squid/ --> recursively search
Monitoring and Displaying squid logs in a nice fashion, and may then go deeper with searching and reporting functions --> squidview
Squidview Tool : http://www.rillion.net/squidview/
Sarg tool : http://sarg.sourceforge.net/sarg.php
Squidview :
---------------
1. wget http://www.rillion.net/squidview/squidview-0.79.tar.gz
2. tar -zxvf squidview-0.79.tar.gz
3. cd squidview-0.79/
4. ./configure
5. make
6. cp Makefile.old Makefile
7. make oldgcc
Launch squidview : ./squidview
Best Regards,
Girish
Squid is very popular proxy used on Redhat servers , here is little tutorial on configuring sqid , checking squid logs , Hope you will enjoy!
SQUID Configuration :
---------------------------
1. yum install squid*
2. vi /etc/squid/squid.conf
Parameters to configure :
-----------------------------
By Default no machine is allowed to connect proxy server except localhost so need to allow access
to our subnet 192.168.0.0/24 (Need to create acl Step 3)
1. visible_hostname universe.server.com # universe.server.com is my Servers Hostname
2. http_port 192.168.0.60:8080 # My Servers Ip : 192.168.0.60 , Port 8080
3. acl mylan src 192.168.0.0/255.255.255.0 # mylan is name given to ACL
4. http_access allow mylan
5. http_access deny !mylan
6. Save changes and Exit
7. service squid start
On Client :
---------------
1. Open browser
2. Edit > Preferences > Connection settings >
3. Manual Proxy Configuration > Http Proxy > 192.168.0.60 , Port 8080
Thats it!!!!
You should be able to browse websites here onwards!!!
Additional Configuration :
-------------------------------
http://www.redhat.com/archives/ext3-users/2010-August/msg00003.html
1. vi /etc/squid/squid.conf
2. cache_dir ufs /var/spool/squid 100 16 256
Amount of Disk in MB to be used for Caching : 100
Number of First Level cache directories to be created : 16
NUmber of Second Level cache directories to be created : 256
Default Squid Cache directory : /var/spool/squid/(16 dirs)/(256 dirs)/(the small files)
'Level-1' is the number of first-level subdirectories which will be created under the 'Directory'--> The default is 16.
'Level-2' is the number of second-level subdirectories which will be created under each first-level directory --> The default is 256.
Where to check Squid Access Logs ? Who visited XYZ Sites?
-----------------------------------------------------------
Log File : /var/log/squid/access.log
Sample Logs :
---------------
[root@universe squid]# tail -f /var/log/squid/access.log
1350983287.130 2452 192.168.0.254 TCP_MISS/200 83569 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_35.png - DIRECT/125.99.127.201 image/png
1350983287.865 3913 192.168.0.254 TCP_MISS/200 61282 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_31.png - DIRECT/125.99.127.209 image/png
1350983288.327 1746 192.168.0.254 TCP_MISS/200 44226 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_08.png - DIRECT/125.99.127.209 image/png
1350983290.043 1595 192.168.0.254 TCP_MISS/200 22004 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_10.png - DIRECT/125.99.127.201 image/png
1350983290.214 2348 192.168.0.254 TCP_MISS/200 32779 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_26.png - DIRECT/125.99.127.209 image/png
1350983290.553 3932 192.168.0.254 TCP_MISS/200 66018 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_17.png - DIRECT/125.99.127.201 image/png
1350983291.331 777 192.168.0.254 TCP_MISS/200 830 GET http://metrics.htc.com/b/ss/htcww-en-prod,htcglobal-prod/1/H.25.2T/s3457431454036? - DIRECT/66.235.142.3 image/gif
1350983291.525 3197 192.168.0.254 TCP_MISS/200 79093 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_01.png - DIRECT/125.99.127.209 image/png
1350983292.021 1806 192.168.0.254 TCP_MISS/200 32147 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_28.png - DIRECT/125.99.127.209 image/png
1350983292.572 2529 192.168.0.254 TCP_MISS/200 66253 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_19.png - DIRECT/125.99.127.201 image/png
Squid Forensics :
----------------------
http://philosecurity.org/2009/04/19/squid-forensics
Where in cache , file xyz.jpg stored ?
------------------------------------------
grep -r “xyz.jpg” /var/spool/squid/ --> recursively search
Monitoring and Displaying squid logs in a nice fashion, and may then go deeper with searching and reporting functions --> squidview
Squidview Tool : http://www.rillion.net/squidview/
Sarg tool : http://sarg.sourceforge.net/sarg.php
Squidview :
---------------
1. wget http://www.rillion.net/squidview/squidview-0.79.tar.gz
2. tar -zxvf squidview-0.79.tar.gz
3. cd squidview-0.79/
4. ./configure
5. make
6. cp Makefile.old Makefile
7. make oldgcc
Launch squidview : ./squidview
Best Regards,
Girish
No comments:
Post a Comment