MAC Zerado no log do squid [RESOLVIDO]

1. MAC Zerado no log do squid [RESOLVIDO]

William de Oliveira Ferreira
williamoferreira

(usa Debian)

Enviado em 10/12/2020 - 10:40h

Olá comunidade!

estou com um CentOS 7 rodando dentro de um cloudstack.

eu coloquei essa linha no squid.conf

logformat custom_squid %{%d/%m/%Y_%H:%M:%S}tl %>eui %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt 


para registrar o MAC Address no log do squid. O lance é que o MAC vem zerado no log:

10/12/2020_10:27:07 00:00:00:00:00:00 192.168.0.92 TCP_TUNNEL/200 8963 CONNECT go.ezoic.net:443 - HIER_DIRECT/go.ezoic.net -
10/12/2020_10:28:26 00:00:00:00:00:00 192.168.0.92 TCP_TUNNEL/200 137616 CONNECT www.google.com:443 - HIER_DIRECT/www.google.com -
10/12/2020_10:28:45 00:00:00:00:00:00 192.168.0.92 TCP_TUNNEL/200 13821 CONNECT api.accounts.firefox.com:443 - HIER_DIRECT/api.accounts.firefox.com -
10/12/2020_10:28:45 00:00:00:00:00:00 192.168.0.92 TCP_TUNNEL/200 4130 CONNECT profile.accounts.firefox.com:443 - HIER_DIRECT/profile.accounts.firefox.com -
10/12/2020_10:30:36 00:00:00:00:00:00 192.168.0.92 TCP_TUNNEL/200 4652 CONNECT sync-1-us-west1-g.sync.services.mozilla.com:443 - HIER_DIRECT/sync-1-us-west1-g.sync.services.mozilla.com -
10/12/2020_10:31:43 00:00:00:00:00:00 192.168.0.92 TCP_TUNNEL/200 265251 CONNECT www.vivaolinux.com.br:443 - HIER_DIRECT/www.vivaolinux.com.br -
10/12/2020_10:32:00 00:00:00:00:00:00 192.168.0.92 TCP_TUNNEL/200 2054 CONNECT play.google.com:443 - HIER_DIRECT/play.google.com -


Meu squid (tá ativado o suporte arp)
Squid Cache: Version 4.11
Service Name: squid

This binary uses OpenSSL 1.1.1c FIPS 28 May 2019. For legal restrictions on distribution see https://www.openssl.org/source/license.html

configure options: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--libexecdir=/usr/lib64/squid' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--disable-dependency-tracking' '--enable-eui' '--enable-follow-x-forwarded-for' '--enable-auth' '--enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,PAM,POP3,RADIUS,SASL,SMB,SMB_LM' '--enable-auth-ntlm=SMB_LM,fake' '--enable-auth-digest=file,LDAP' '--enable-auth-negotiate=kerberos' '--enable-external-acl-helpers=LDAP_group,time_quota,session,unix_group,wbinfo_group,kerberos_ldap_group' '--enable-storeid-rewrite-helpers=file' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' '--enable-delay-pools' '--enable-epoll' '--enable-icap-client' '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-ssl' '--enable-ssl-crtd' '--enable-storeio=aufs,diskd,ufs,rock' '--enable-diskio' '--enable-wccpv2' '--enable-esi' '--enable-ecap' '--with-aio' '--with-default-user=squid' '--with-dl' '--with-openssl' '--with-pthreads' '--disable-arch-native' '--disable-security-cert-validators' '--with-swapdir=/var/spool/squid' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld' 'CXXFLAGS=-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'


Alguém tem ideia do motivo desse MAC vir zerado no log?

Obrigado pela atenção!


  


2. Re: MAC Zerado no log do squid [RESOLVIDO]

William de Oliveira Ferreira
williamoferreira

(usa Debian)

Enviado em 10/12/2020 - 10:58h


Acho que descobri: Faixa de rede.
tabela arp não registra macs de outras redes.

obrigado!

PS.: O cloudstack está em outra rede com virtualização. Eu chego até a máquina via redirect

William de Oliveira Ferreira
Programador Web/Desktop
> https://www.facebook.com/williamoferreira