Bug #4109
closedsquid package doesn't include hostname when logging remotely
0%
Description
Squid doesn't include the hostname when logging remotely (e.g.):
<33>Dec 13 13:40:18 snort2160: [120:3:1] (http_inspect) NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE [Classification: Unknown Traffic] [Priority: 3] {TCP} 192.168.2.1:80 -> 192.168.2.102:21832
But it should include the hostname between the date and the process (snort) in this case.
Updated by Jim Pingle about 10 years ago
- Status changed from New to Rejected
Squid/snort inconsistencies in the report aside, syslog does not include that. It's up to the remote system to identify it by the source IP of the log data and put it in the logs entries.
Updated by Patrick Hieber about 10 years ago
sorry - snort not squid ;)
The remote system can detect the sender, of cause. But if you ommit the hostname, it's not syslog (RFC)! Also, other processes correctly include the hostname and it should also be contained in the snort logs to be consistent.