• Support
  • Forums
  • Blogs
A New Community Experience is Coming! For more information, please see our announcement.

squid plugin does not receive data

GreyhatGreyhat

New Life Form
I did set up a an asset used a squid proxy. The logs go directly to ossim.
I enabled the squid plugin in the asset´s detals view but it seems to be no events are being generated by the plugin.
The asset has exactly one IP. The logs are accumulated unter /var/log/alienvault/devices/*IP*/*IP*.log  Some log line are below:

Oct 23 15:12:12 proxy1604a (squid-1): 1540300332.180    107 10.49.16.43 TCP_MISS/503 601 GET http://foodanddrink.tile.appex.bing.com/api/feed/? - HIER_DIRECT/2.22.61.83 text/html
Oct 23 15:12:12 proxy1604a (squid-1): 1540300332.180    108 10.49.16.43 TCP_CLIENT_REFRESH_MISS/200 1737 GET http://finance.services.appex.bing.com/Market.svc/AppTileV2? - HIER_DIRECT/88.221.124.42 application/xml
Oct 23 15:12:12 proxy1604a (squid-1): 1540300332.201    129 10.49.16.43 TCP_CLIENT_REFRESH_MISS/200 1725 GET http://de-de.appex-rf.msn.com/cgtile/v1/de-DE/HealthAndFitness/Home.xml? - HIER_DIRECT/88.221.233.83 application/xml
Oct 23 15:12:12 proxy1604a (squid-1): 1540300332.202    129 10.49.16.43 TCP_CLIENT_REFRESH_MISS/200 1689 GET http://de-de.appex-rf.msn.com/cgtile/v1/de-de/Sports/Today.xml? - HIER_DIRECT/88.221.233.83 application/xml
Oct 23 15:12:12 proxy1604a (squid-1): 1540300332.255     73 10.49.16.43 TCP_CLIENT_REFRESH_MISS/200 1769 GET http://de-de.appex-rf.msn.com/cgtile/v1/de-DE/News/Today.xml - HIER_DIRECT/88.221.233.83 application/xml
Oct 23 15:12:12 proxy1604a (squid-1): 1540300332.271     89 10.49.16.43 TCP_CLIENT_REFRESH_MISS/200 410 GET http://service.weather.microsoft.com/appex/DesktopTile/PreInstallLiveTile? - HIER_DIRECT/2.23.33.179 -
Oct 23 15:12:12 proxy1604a (squid-1): 1540300332.284      0 10.49.54.51 TCP_MEM_HIT/200 1116 GET http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl - HIER_NONE/- application/pkix-crl

The log lines match with thre regexp from the squid plugin but no events are generated.
What could be the reason or how would I try to investigate the reason?

Thanks
Greyhat
Tagged:

Share post:

Answers

  • A reboot did not solve the problem. But after initiating an update and rebooting the system, the logs are being processed
Sign In or Register to comment.