Just wondering , is there a way to check upload content or any data related to uploads using squid logs ? Any plugin or enhancement? any other viable option. grateful for any advice . Thanks..
Asked
Active
Viewed 2,001 times
1 Answers
0
File uploads are just POST requests, and Squid logs the request methods used by default :
The native format for Squid is: time elapsed remotehost code/status bytes method URL rfc931 peerstatus/peerhost type
So a command like grep POST /var/log/squid/access.log should give you all the POST requests, however that will also include a lot of requests that aren't file uploads, an example here :
1416604451.778 243 172.16.1.20 TCP_MISS/200 455 POST http://serverfault.com/posts/641455/editor-heartbeat/answer - HIER_DIRECT/198.252.206.16 application/json
1416604497.047 245 172.16.1.20 TCP_MISS/200 327 POST http://serverfault.com/posts/641455/editor-heartbeat/answer - HIER_DIRECT/198.252.206.16 application/json
1416604542.304 241 172.16.1.20 TCP_MISS/200 327 POST http://serverfault.com/posts/641455/editor-heartbeat/answer - HIER_DIRECT/198.252.206.16 application/json
1416604587.562 241 172.16.1.20 TCP_MISS/200 327 POST http://serverfault.com/posts/641455/editor-heartbeat/answer - HIER_DIRECT/198.252.206.16 application/json
1416604694.915 241 172.16.1.20 TCP_MISS/200 313 POST http://serverfault.com/posts/validate-body - HIER_DIRECT/198.252.206.16 application/json
You could try filtering by request body size to get a better log, but without modification to Squid's source there is no way to log the request bodies, so you'll have a hard time getting the actual uploaded files.
Maybe look into ICAP and create a program that responds to REQMOD and logs the request body before giving the request back to Squid ?