ME AJUDEM ANALISAR O LOG DO SQUID CACHE.LOG E ACCESS.LOG

[edenuncio]

Pessoal, Meu squid inicia normalmente e com a velocidade normal, mas dentro de pouco tempo ele morre a velocidade vai la em baixo.
Pensei que fosse virus na rede, mas acho não seja o caso, fiz um teste onde tirei todas as maquinas da rede deixei somente uma que não estava infectada por virus e a unica pagina que estava acessando nessa maquina era www.testepower.com.br e o squid morreu do mesmo jeito, depois tirei todas as maquinas da rede iniciei somente o squid sozinho, e virifiquei os log e tinham diversas saidas para endereços estranhos, não sei se são virus, por isso estou postando os log do cache.log e o access.log para que me ajudem analisar o caso.

ACCESS.log

Código HTML:

1307403946.079      1 87.226.105.100 TCP_DENIED/403 1351 CONNECT 64.12.202.1:433 - NONE/- text/html
1307403946.127    271 199.48.177.219 TCP_DENIED/403 1433 GET http://hmatt.com/blog/blog/2009/08/10/community-vlog-61/ - NONE/- text/html
1307403946.211    189 85.161.103.185 TCP_DENIED/403 1387 GET http://search.aol.com/aol/search? - NONE/- text/html
1307403946.241    748 174.142.214.74 TCP_MISS/200 4789 GET http://ad.yieldmanager.com/st? - DIRECT/98.139.225.42 -
1307403946.562    683 178.73.223.162 TCP_MISS/302 766 GET http://yandex.ru/yandsearch? - DIRECT/87.250.250.11 -
1307403946.717    863 65.52.186.197 TCP_MISS/404 1901 GET http://mu.viettri.vn/home/Index.php - DIRECT/112.78.2.108 text/html
1307403946.747    974 65.52.186.197 TCP_MISS/404 1901 GET http://mu.viettri.vn/home/index.php - DIRECT/112.78.2.108 text/html
1307403946.781    533 70.38.54.69 TCP_MISS/200 4995 GET http://ad.yieldmanager.com/st? - DIRECT/98.139.225.43 -
1307403946.807    407 174.142.214.74 TCP_MISS/302 569 GET http://ad.yieldmanager.com/imp? - DIRECT/98.139.225.42 -
1307403946.831    840 50.53.40.54 TCP_MISS/200 6879 GET http://portland.craigslist.org/ - DIRECT/208.82.238.129 text/html
1307403946.895   1218 175.42.198.44 TCP_MISS/999 2923 GET http://l02.member.re3.yahoo.com/? - DIRECT/68.142.241.129 text/html
1307403947.536    404 65.52.186.197 TCP_CLIENT_REFRESH_MISS/404 1901 GET http://mu.viettri.vn/home/Index.php - DIRECT/112.78.2.108 text/html
1307403947.554   1485 85.99.184.178 TCP_MISS/200 18124 POST http://fileserve.com/login.php - DIRECT/209.222.23.220 text/html
1307403947.750    398 24.107.2.209 TCP_DENIED/403 1403 GET http://www.oregontrailroasting.com/blog/? - NONE/- text/html
1307403947.894    407 70.38.54.69 TCP_MISS/302 606 GET http://ad.yieldmanager.com/imp? - DIRECT/98.139.225.43 -
1307403947.930    755 111.227.174.89 TCP_MISS/503 1409 GET http://69.163.33.146/Showya1.asp? - DIRECT/69.163.33.146 text/html
1307403948.199   1110 134.174.137.7 TCP_MISS/200 523 GET http://124.108.121.180/config/pwtoken_get? - DIRECT/124.108.121.180 application/octet-stream
1307403948.358    610 208.43.8.163 TCP_MISS/400 255 GET http://www.vodwu.com/tags.php - DIRECT/98.126.208.210 text/html
1307403948.503   1840 92.243.90.114 TCP_MISS/200 281 CONNECT 64.12.202.43:443 - DIRECT/64.12.202.43 -
1307403949.325   3742 94.241.29.23 TCP_MISS/200 283 CONNECT login.icq.com:443 - DIRECT/64.12.202.116 -
1307403949.363    764 111.227.174.89 TCP_MISS/503 1409 GET http://69.163.33.146/Showtu1.asp? - DIRECT/69.163.33.146 text/html
1307403949.432    764 55.96.190.134 TCP_MISS/200 10167 GET http://l18.member.sp1.yahoo.com/? - DIRECT/98.136.62.161 text/html
1307403949.501   3329 94.241.29.23 TCP_MISS/200 283 CONNECT login.icq.com:443 - DIRECT/64.12.202.116 -
1307403949.617   3336 94.241.29.23 TCP_MISS/200 283 CONNECT login.icq.com:443 - DIRECT/64.12.202.116 -
1307403949.672    887 94.241.29.23 TCP_MISS/200 185 CONNECT login.icq.com:443 - DIRECT/64.12.202.116 -
1307403949.720   3583 94.241.29.23 TCP_MISS/200 287 CONNECT login.icq.com:443 - DIRECT/64.12.202.116 -
1307403949.836   3714 94.41.254.39 TCP_MISS/200 168 CONNECT 205.188.251.21:443 - DIRECT/205.188.251.21 -
1307403949.899    895 174.139.17.242 TCP_MISS/503 252 GET http://www.baliov.com/ - DIRECT/180.178.56.106 text/html

CACHE.log

Código HTML:

2011/06/06 20:45:44| Starting Squid Cache version 2.6.STABLE1 for i586-mandriva-linux-gnu...
2011/06/06 20:45:44| Process ID 1797
2011/06/06 20:45:44| With 1024 file descriptors available
2011/06/06 20:45:44| DNS Socket created at 0.0.0.0, port 33808, FD 5
2011/06/06 20:45:44| Adding nameserver 208.67.222.222 from /etc/resolv.conf
2011/06/06 20:45:44| Adding nameserver 208.67.220.220 from /etc/resolv.conf
2011/06/06 20:45:44| User-Agent logging is disabled.
2011/06/06 20:45:44| Referer logging is disabled.
2011/06/06 20:45:44| Unlinkd pipe opened on FD 10
2011/06/06 20:45:44| Swap maxSize 2097152 KB, estimated 161319 objects
2011/06/06 20:45:44| Target number of buckets: 8065
2011/06/06 20:45:44| Using 8192 Store buckets
2011/06/06 20:45:44| Max Mem  size: 262144 KB
2011/06/06 20:45:44| Max Swap size: 2097152 KB
2011/06/06 20:45:44| Rebuilding storage in /var/spool/squid (CLEAN)
2011/06/06 20:45:44| Using Least Load store dir selection
2011/06/06 20:45:44| Current Directory is /var/log
2011/06/06 20:45:44| Loaded Icons.
2011/06/06 20:45:45| Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD 12.
2011/06/06 20:45:45| Accepting ICP messages at 0.0.0.0, port 3130, FD 13.
2011/06/06 20:45:45| Accepting HTCP messages on port 4827, FD 14.
2011/06/06 20:45:45| Accepting SNMP messages on port 3401, FD 15.
2011/06/06 20:45:45| WCCP Disabled.
2011/06/06 20:45:45| Pinger socket opened on FD 16
2011/06/06 20:45:45| Ready to serve requests.
2011/06/06 20:45:45| Store rebuilding is  5.0% complete
2011/06/06 20:45:45| Done reading /var/spool/squid swaplog (81882 entries)
2011/06/06 20:45:45| Finished rebuilding storage from disk.
2011/06/06 20:45:45|     81882 Entries scanned
2011/06/06 20:45:45|         0 Invalid entries.
2011/06/06 20:45:45|         0 With invalid flags.
2011/06/06 20:45:45|     81882 Objects loaded.
2011/06/06 20:45:45|         0 Objects expired.
2011/06/06 20:45:45|         0 Objects cancelled.
2011/06/06 20:45:45|         0 Duplicate URLs purged.
2011/06/06 20:45:45|         0 Swapfile clashes avoided.
2011/06/06 20:45:45|   Took 0.8 seconds (96674.7 objects/sec).
2011/06/06 20:45:45| Beginning Validation Procedure
2011/06/06 20:45:45|   Completed Validation Procedure
2011/06/06 20:45:45|   Validated 81882 Entries
2011/06/06 20:45:45|   store_swap_size = 1886752k
2011/06/06 20:45:45| icmpSend: send: (111) Connection refused
2011/06/06 20:45:45| Closing Pinger socket on FD 16
2011/06/06 20:45:45| storeLateRelease: released 0 objects
2011/06/06 20:45:49| sslReadServer: FD 90: read failure: (104) Connection reset by peer
2011/06/06 20:45:49| sslReadServer: FD 96: read failure: (104) Connection reset by peer
2011/06/06 20:45:50| sslReadServer: FD 99: read failure: (104) Connection reset by peer
2011/06/06 20:45:50| sslReadServer: FD 24: read failure: (104) Connection reset by peer
2011/06/06 20:45:53| clientReadRequest: FD 112 Invalid Request
2011/06/06 20:45:54| sslReadServer: FD 82: read failure: (104) Connection reset by peer
2011/06/06 20:45:54| sslReadServer: FD 113: read failure: (104) Connection reset by peer
2011/06/06 20:45:54| sslReadServer: FD 117: read failure: (104) Connection reset by peer
2011/06/06 20:45:54| sslReadServer: FD 115: read failure: (104) Connection reset by peer
2011/06/06 20:45:54| sslReadServer: FD 123: read failure: (104) Connection reset by peer
2011/06/06 20:45:55| sslReadServer: FD 125: read failure: (104) Connection reset by peer
2011/06/06 20:47:03| Shutting down...
2011/06/06 20:47:03| FD 13 Closing ICP connection
2011/06/06 20:47:03| FD 14 Closing HTCP socket
2011/06/06 20:47:03| FD 15 Closing SNMP socket
2011/06/06 20:47:03| WARNING: Closing client 174.139.17.242 connection due to lifetime timeout
2011/06/06 20:47:03|  http://gzhlxj.com/
2011/06/06 20:47:03| WARNING: Closing client 208.43.8.163 connection due to lifetime timeout
2011/06/06 20:47:03|  http://www.kf4.info/yiliaoshebei/1961.html
2011/06/06 20:47:03| WARNING: Closing client 208.43.8.163 connection due to lifetime timeout
2011/06/06 20:47:03|  http://www.kf4.info/yiliaoshebei/1961.html
2011/06/06 20:47:03| WARNING: Closing client 180.186.4.166 connection due to lifetime timeout
2011/06/06 20:47:03|  http://www.kf4.info/yiliaoshebei/1961.html
2011/06/06 20:47:03| WARNING: Closing client 180.193.144.196 connection due to lifetime timeout
2011/06/06 20:47:03|  http://e19.edit.cnb.yahoo.com/?.src=ym&login=yqpp&passwd=winter
2011/06/06 20:47:03| WARNING: Closing client 180.186.4.166 connection due to lifetime timeout
2011/06/06 20:47:03|  http://yy.vccgx.com/tags.php
2011/06/06 20:47:03| WARNING: Closing client 208.43.8.163 connection due to lifetime timeout
2011/06/06 20:47:03|  http://www.kf4.info/yiliaoshebei/1961.html
CPU Usage: 1.296 seconds = 0.636 user + 0.660 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
 total space in arena:   15912 KB
 Ordinary blocks:        12480 KB    686 blks
 Small blocks:               0 KB      6 blks
 Holding blocks:           224 KB      1 blks
 Free Small blocks:          0 KB
 Free Ordinary blocks:    3431 KB
 Total in use:           12704 KB 80%
 Total free:              3431 KB 22%
2011/06/06 20:47:03| Squid Cache (Version 2.6.STABLE1): Exiting normally.
 

[samuelrealnet]

cara vc já tentou usar o sarg ele te mostra os logs do squid bem detalhados pra vc poder analisar melhor, segue um link pra vc dar uma olhada e instalar ele se vc quiser.

Como instalar e configurar o SARG? | Vida TI


Se ajudei clique na *

[daniloneves]

O ideal é vc entender .
Segue uma dica SquidFaq/SquidLogs - Squid Web Proxy Wiki

Att
Danilo Neves