Discussion:
[squid-users] supress some special error messages fromm access.log
Verwaiser
2018-08-30 14:03:09 UTC
Permalink
Hello,
since updating our proxy (now squid 4.03) I get very very many error
messages like the following examples:

/192.168.12.120 - - [30/Aug/2018:12:11:51 +0200] "NONE
error:transaction-end-before-headers NONE/0.0" 0 0 NONE:HIER_NONE
192.168.12.37 - biew [30/Aug/2018:12:11:51 +0200] "CONNECT
ad11.adfarm1.adition.com:443 HTTP/1.1" 200 1004 TCP_TUNNEL:HIER_DIRECT
192.168.12.117 - - [30/Aug/2018:12:11:51 +0200] "NONE
error:transaction-end-before-headers NONE/0.0" 0 0 NONE:HIER_NONE
192.168.12.37 - - [30/Aug/2018:12:11:52 +0200] "NONE
error:transaction-end-before-headers NONE/0.0" 0 0 NONE:HIER_NONE
192.168.12.135 - - [30/Aug/2018:12:11:52 +0200] "NONE
error:transaction-end-before-headers NONE/0.0" 0 0 NONE:HIER_NONE
192.168.12.52 - - [30/Aug/2018:12:11:52 +0200] "NONE
error:transaction-end-before-headers NONE/0.0" 0 0 NONE:HIER_NONE
192.168.12.135 - - [30/Aug/2018:12:11:52 +0200] "NONE
error:transaction-end-before-headers NONE/0.0" 0 0 NONE:HIER_NONE
192.168.12.220 - - [30/Aug/2018:12:11:52 +0200] "NONE
error:transaction-end-before-headers NONE/0.0" 0 0 NONE:HIER_NONE
192.168.12.52 - - [30/Aug/2018:12:11:52 +0200] "NONE
error:transaction-end-before-headers NONE/0.0" 0 0 NONE:HIER_NONE/

How can I get rid of these messages? Is it possible to construct an ACL like

/acl noTransactionError url_regex -i "error:transaction-end-before-headers"
access_log none noTransactionError /

(doesnt work...)

Holger



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
Alex Rousskov
2018-08-30 16:14:34 UTC
Permalink
Post by Verwaiser
since updating our proxy (now squid 4.03) I get very very many error
/192.168.12.120 - - [30/Aug/2018:12:11:51 +0200] "NONE
error:transaction-end-before-headers NONE/0.0" 0 0 NONE:HIER_NONE
AFAIK, the following email summarizes the current status of those
transaction-end-before-headers log entries:
http://lists.squid-cache.org/pipermail/squid-users/2017-June/015781.html
Post by Verwaiser
How can I get rid of these messages? Is it possible to construct an ACL
Probably yes. Look at your access log entries and try (a combination of)
simple ACLs that are likely to match logged default/zero values: port,
localport, proto, method, http_status, hier_code, and has.

When designing your ACLs, be as restrictive as you can to minimize the
chance of false positives (that you will never see logged and so you
will not know that they exist). It may be a good idea to log all matches
into a separate log so that you can easily double check that they all
have error:transaction-end-before-headers.

Once you figure it out, please post the winning combination here.
Post by Verwaiser
like
/acl noTransactionError url_regex -i "error:transaction-end-before-headers"
access_log none noTransactionError /
(doesnt work...)
If url_regex does not work in this context, it is a bug. The same bug
probably makes the workaround mentioned above possible. You can
facilitate fixing this bug instead of fiddling with ACLs, of course.


HTH,

Alex.

Loading...