Roh*_*K D 4 ubuntu proxy cntlm
我在 Linux 机器上运行启用了网关的 CNTLM。同一网络上的许多其他计算机都配置为使用它作为代理。
我在Ubuntu中搜索cntlm.log并没有找到这样的文件。
我怎么能看到通过 CNTLM 发出的所有请求的日志(拦截请求)?
小智 5
如果您在启动时将 cntlm 作为系统服务启动,您可以调用sudo service cntlm status以查看当前状态并查看最后十条连接消息,这应该如下所示:
sschneid@sschneidschnee ~ $ sudo service cntlm status \n\xe2\x97\x8f cntlm.service - LSB: Authenticating HTTP accelerator for NTLM secured proxies\n Loaded: loaded (/etc/init.d/cntlm; bad; vendor preset: enabled)\n Active: active (running) since Mi 2018-04-04 08:29:25 CEST; 2h 7min ago\n Docs: man:systemd-sysv-generator(8)\n Process: 1483 ExecStart=/etc/init.d/cntlm start (code=exited, status=0/SUCCESS)\n Tasks: 11\n Memory: 3.1M\n CPU: 1.670s\n CGroup: /system.slice/cntlm.service\n \xe2\x94\x94\xe2\x94\x801620 /usr/sbin/cntlm -U cntlm -P /var/run/cntlm/cntlm.pid\n\nApr 04 10:35:06 M0024 cntlm[1620]: 127.0.0.1 CONNECT media-cdn.ubuntu-de.org:443\nApr 04 10:35:06 M0024 cntlm[1620]: 127.0.0.1 CONNECT media-cdn.ubuntu-de.org:443\nApr 04 10:35:06 M0024 cntlm[1620]: 127.0.0.1 CONNECT media-cdn.ubuntu-de.org:443\nApr 04 10:36:18 M0024 cntlm[1620]: 127.0.0.1 CONNECT krebsonsecurity.com:443\nApr 04 10:36:19 M0024 cntlm[1620]: 127.0.0.1 CONNECT www.youtube.com:443\nApr 04 10:36:20 M0024 cntlm[1620]: 127.0.0.1 CONNECT www.google.com:443\nApr 04 10:36:21 M0024 cntlm[1620]: 127.0.0.1 CONNECT i.ytimg.com:443\nApr 04 10:36:21 M0024 cntlm[1620]: 127.0.0.1 POST http://ocsp.pki.goog/GTSGIAG3\nApr 04 10:36:33 M0024 cntlm[1620]: 127.0.0.1 CONNECT tiles.services.mozilla.com:443\nApr 04 10:36:34 M0024 cntlm[1620]: 127.0.0.1 CONNECT img-getpocket.cdn.mozilla.net:443\n一般来说,CNTLM 会记录到 SYSLOG,因此这将是搜索记录信息的另一个位置。
\n除了@ SSchneid的答案之外,您还可以通过以下方式使用journalctl和按单位过滤-u:
[14:15:16][root@host]:~# journalctl -u cntlm.service
-- Logs begin at Fri 2018-06-22 13:42:39 CEST, end at Fri 2018-06-29 13:20:30 CEST. --
Jun 28 14:07:08 host.example.com systemd[1]: Starting CNTLM HTTP Accelerator For NTLM Secured Proxies Authenticator...
Jun 28 14:07:08 host.example.com systemd[1]: Started CNTLM HTTP Accelerator For NTLM Secured Proxies Authenticator.
Jun 28 14:07:08 host.example.com cntlm[45762]: Daemon ready
Jun 28 14:07:08 host.example.com cntlm[45762]: Changing uid:gid to 1000:1000 - Success
Jun 28 14:08:32 host.example.com cntlm[45762]: Using proxy proxy.example.com:8080
Jun 28 14:09:37 host.example.com cntlm[45762]: 127.0.0.1 GET http://www.example.com/
Jun 28 14:09:37 host.example.com cntlm[45762]: 127.0.0.1 CONNECT www.example.com:80
Jun 28 14:10:10 host.example.com systemd[1]: Stopping CNTLM HTTP Accelerator For NTLM Secured Proxies Authenticator...
Jun 28 14:10:10 host.example.com systemd[1]: Stopped CNTLM HTTP Accelerator For NTLM Secured Proxies Authenticator.