From 58a1a78ce5c984d3950055dedb66b12e1ab62df0 Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Mon, 28 Jul 2025 10:00:34 +0200
Subject: [PATCH] Update to 2025-07-28 10:00

---
 roles/squid/files/acl/software_various.domains | 1 +
 roles/squid/templates/vector.yml               | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/roles/squid/files/acl/software_various.domains b/roles/squid/files/acl/software_various.domains
index cd82a15..72a87d9 100644
--- a/roles/squid/files/acl/software_various.domains
+++ b/roles/squid/files/acl/software_various.domains
@@ -6,6 +6,7 @@ download.dokuwiki.org
 raw.githubusercontent.com
 objects.githubusercontent.com
 github-releases.githubusercontent.com
+release-assets.githubusercontent.com
 packagecloud.io
 .cloudfront.net
 packagist.org
diff --git a/roles/squid/templates/vector.yml b/roles/squid/templates/vector.yml
index 9f5ccbd..f1c8bd6 100644
--- a/roles/squid/templates/vector.yml
+++ b/roles/squid/templates/vector.yml
@@ -14,9 +14,12 @@ transforms:
     type: remap
     inputs: ["in_logs_squid"]
     source: |
+      .group = "proxy"
       if (.file == "/var/log/squid/access.log"){
         .squid = parse_grok!(
                    .message,
                    "%{HTTPDATE:timestamp}\\s+%{NUMBER:response_time} %{IPORHOST:src_ip} %{NOTSPACE:squid_request_status}/%{NUMBER:http_status_code} %{NUMBER:transfer_size} %{NOTSPACE:http_method} (%{URIPROTO:url_scheme}://)?(?<url_host>\\S+?)(:%{INT:url_port})?(/%{NOTSPACE:url_path})?\\s+%{NOTSPACE:client_identity}\\s+%{NOTSPACE:peer_code}/%{NOTSPACE:peerhost}\\s+%{NOTSPACE:content_type}"
                  )
+        .timestamp = parse_timestamp(del(.squid.timestamp), format: "%d/%h/%Y:%H:%M:%S %z") ?? now()
+        .service = "squid"
       }