----- Original Message -----
From: "Andrej G. Zadorozhnyj"
To:
Sent: Friday, February 27, 2004 1:05 PM
Subject: access.log


> My problem: user "kgi" from NT domen "sdpmz" browses www.ya.ru. In
> access.log I see next information:
> 10.2.5.52 TCP_DENIED/407 1673 GET http://ya.ru/ - NONE/-
> 10.2.5.52 TCP_DENIED/407 1673 GET http://ya.ru/ - NONE/-
> 10.2.5.52 TCP_MISS/200 1566 GET http://ya.ru/ - DIRECT/213.180.194.129
> 10.2.5.52 TCP_DENIED/407 1730 GET http://www.yandex.ru/yandsearch? -NONE/-
> 10.2.5.52 TCP_DENIED/407 1730 GET http://www.yandex.ru/yandsearch? -NONE/-
> 10.2.5.52 TCP_MISS/200 5845 GET http://www.yandex.ru/yandsearch? sdpmz\kgi
> DIRECT/213.180.194.12
> First and second string say me about auth process and in third string I

want
> see "domain\user", but it is in sixth string only, after user "kgi"
> completed his find-request.
> I use FreeBSD 4.9, Squid 2.5.4 (last update) and Samba 2.2.8a with winbind
> and wb_group external_acl_helper.
> Can anybody explain me second string in access.log?
>