Enabling User Agent field in Access Log

[Rashad Suleymanov]

Hello,

Is there a way to enable "User Agent" field in access log?

[Rafael Akchurin]

Not from Admin UI directly, but you can change the logformat that Admin UI generates, see https://docs.diladele.com/administrator_guide_stable/web_ui/configuration_files.html

Hope it does not break the reporter :(

Best regards,

Rafael Akchurin

On 9 Jul 2021, at 17:20, Rashad Suleymanov <abdul...@gmail.com> wrote:

Hello,

Is there a way to enable "User Agent" field in access log?

--
You received this message because you are subscribed to the Google Groups "Diladele Web Safety" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web-safety+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/web-safety/5b737f3f-f61f-4279-91f9-9a1dd25ea723n%40googlegroups.com.

[Rashad Suleymanov]

Thanks Rafael,

I enabled this line "logformat useragent  %>a [%tl] "%{User-Agent}>h" in following file "/opt/websafety/var/console/squid/templates/squid/conf/logfile.conf". But still I dont see User_Agent field in log file.

[Rafael Akchurin]

In the actual log or in the web ui? Web ui cannot parse custom formats :/

Best regards,

Rafael Akchurin

On 9 Jul 2021, at 18:40, Rashad Suleymanov <abdul...@gmail.com> wrote:

Thanks Rafael,

To view this discussion on the web visit https://groups.google.com/d/msgid/web-safety/a69f9414-93dc-45fa-9238-2db1cb4a0a0en%40googlegroups.com.

[Rashad Suleymanov]

I tried to see it in Web UI and "/var/log/squid/access.log" file as well. Seems it is not working.

You received this message because you are subscribed to a topic in the Google Groups "Diladele Web Safety" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/web-safety/4NczlNAPn68/unsubscribe.
To unsubscribe from this group and all its topics, send an email to web-safety+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/web-safety/1ADDE923-8E8F-4B51-9FD8-BC63CF96B7FA%40diladele.com.

--

BR,

Rashad Suleymanov

[Rafael Akchurin]

Save and restart and see if squid actually uses it

Best regards,

Rafael Akchurin

On 9 Jul 2021, at 18:44, Rashad Suleymanov <abdul...@gmail.com> wrote:



To view this discussion on the web visit https://groups.google.com/d/msgid/web-safety/CAO7v-XJCEpa_c6tqTDeRr3-X-Aftt%2BCg9hKubiX0zt9mjVUzKA%40mail.gmail.com.

[Rashad Suleymanov]

Here is log after restart squid.

2021/07/09 17:18:10| Processing: include "/opt/websafety/etc/squid/logfile.conf"
2021/07/09 17:18:10| Processing Configuration File: /opt/websafety/etc/squid/logfile.conf (depth 2)
2021/07/09 17:18:10| Processing: logformat useragent  %>a [%tl] "%{User-Agent}>h"
2021/07/09 17:18:10| ERROR: logformat useragent is already defined. Ignoring.

To view this discussion on the web visit https://groups.google.com/d/msgid/web-safety/0B886EB0-9725-4476-9C03-749490ADF279%40diladele.com.

--

BR,

Rashad Suleymanov

[Rafael Akchurin]

Ok it already defined, then the user agent already in the access log record? 

Best regards,

Rafael Akchurin

On 9 Jul 2021, at 18:55, Rashad Suleymanov <abdul...@gmail.com> wrote:



To view this discussion on the web visit https://groups.google.com/d/msgid/web-safety/CAO7v-XL2aHgsk8ggz10wAYm7wyaAoY_GiqmLiC%2BZ9sBbsTJBpQ%40mail.gmail.com.

[Rashad Suleymanov]

In the log file I still don't see it. Here is an example of logs.

1625846376.337  54243 172.24.0.100 TCP_TUNNEL/200 11172 CONNECT www.diladele.com:443 - HIER_DIRECT/88.198.141.190 -
1625846380.877  58781 172.24.0.100 TCP_TUNNEL/200 9145 CONNECT www.diladele.com:443 - HIER_DIRECT/88.198.141.190 -
1625846384.959  62866 172.24.0.100 TCP_TUNNEL/200 10257 CONNECT www.diladele.com:443 - HIER_DIRECT/88.198.141.190 -
1625846385.445 421513 172.24.0.100 TCP_TUNNEL/200 18696 CONNECT boss.az:443 - HIER_DIRECT/104.25.234.22 -
1625846385.445  68837 172.24.0.100 TCP_TUNNEL/200 13756 CONNECT www.bing.com:443 - HIER_DIRECT/131.253.33.200 -
1625846385.445 418460 172.24.0.100 TCP_TUNNEL/200 89925 CONNECT boss.azstatic.com:443 - HIER_DIRECT/104.26.9.172 -
1625846385.445  63188 172.24.0.100 TCP_TUNNEL/200 31846 CONNECT code.jquery.com:443 - HIER_DIRECT/69.16.175.42 -
1625846385.445  62487 172.24.0.100 TCP_TUNNEL/200 21633 CONNECT www.google-analytics.com:443 - HIER_DIRECT/216.58.208.206 -
1625846385.446  63295 172.24.0.100 TCP_TUNNEL/200 43289 CONNECT www.googletagmanager.com:443 - HIER_DIRECT/216.58.215.104 -
1625846385.446  62567 172.24.0.100 TCP_TUNNEL/200 6086 CONNECT cdnjs.cloudflare.com:443 - HIER_DIRECT/104.16.18.94 -
1625846385.446      0 172.24.0.100 NONE/000 0 NONE error:transaction-end-before-headers - HIER_NONE/- -
1625846385.446  63856 172.24.0.100 TCP_TUNNEL/200 6076 CONNECT diladele.com:443 - HIER_DIRECT/88.198.141.190 -
1625846385.446 289150 172.24.0.100 TCP_TUNNEL/200 53061 CONNECT ecn.dev.virtualearth.net:443 - HIER_DIRECT/95.101.178.226 -
1625846385.446  63354 172.24.0.100 TCP_TUNNEL/200 6071 CONNECT www.diladele.com:443 - HIER_DIRECT/88.198.141.190 -
1625846385.446  63629 172.24.0.100 TCP_TUNNEL/200 51375 CONNECT www.diladele.com:443 - HIER_DIRECT/88.198.141.190 -
1625846385.447  63350 172.24.0.100 TCP_TUNNEL/200 20866 CONNECT www.diladele.com:443 - HIER_DIRECT/88.198.141.190 -

To view this discussion on the web visit https://groups.google.com/d/msgid/web-safety/AC48F9A3-9365-411C-9E2F-864BF4ED60B6%40diladele.com.

--

BR,

Rashad Suleymanov

[Rafael Akchurin]

Thats strange, how did you install websafety? Do you use virtual appliance?

Best regards,

Rafael Akchurin

On 9 Jul 2021, at 19:01, Rashad Suleymanov <abdul...@gmail.com> wrote:



To view this discussion on the web visit https://groups.google.com/d/msgid/web-safety/CAO7v-XLGKjf19JuutJUyc5Mw73nCAbEY3sbMC%3DFx4AJamWQM8Q%40mail.gmail.com.

[Rashad Suleymanov]

Yes I installed a virtual appliance.

To view this discussion on the web visit https://groups.google.com/d/msgid/web-safety/34D0B1E9-2594-4EB8-A0E2-C1DA50EE3AA2%40diladele.com.

--

BR,

Rashad Suleymanov