Re: [squid-users] Squid to Log DNS Querys

From: Amos Jeffries <squid3@dont-contact.us>
Date: Fri, 2 Nov 2007 10:53:50 +1300 (NZDT)

> When you install a name server on the box where Squid is and
> change /etc/resolv.conf you can see all queries of Squid
> (provided that no other software runs on the box).

Doesn't have to be on the same box as squid either.
It's still the NS logging not squid.

Amos

>
> -Marcus
>
> Thomas Raef wrote:
>>> Hello,
>>> I wonder is there a way to log all DNS requests that go out of our
>> network
>>> with Squid.
>>> Since I noticed that we had a Trojan Horse on our Company Network.
>>> And well it didnt send it self the data out.
>>> It did send DNS Querys to there DNS Server..
>>> And a Firewall doesnt detect that.
>>> Is there a way to Log the DNS Querys with Squid so I can Monitor that
>>> myself?
>>>
>>
>> [Tom replied with:]
>>
>> Squid doesn't ever see DNS queries from your network.
>>
>> Answer is no.
>>
>> Thomas J. Raef
>> e-Based Security, LLC
>> www.ebasedsecurity.com
>> 1-866-838-6108
>> "You're either hardened, or you're hacked!"
>>
>>
>
Received on Thu Nov 01 2007 - 15:53:54 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:01 MST