# Proxy Notes

## Where are the logs?
`cat /var/log/squid/access.log | grep 10.20.0.81`

## Splunk Query on Moose
Where are the proxy logs?
`index=web sourcetype="squid:access:json"`

Is my traffic making it through the proxy?
`index=web sourcetype="squid:access:json" client_ip="10.2.2.17" request="reports.office365.com:443"`

## Troubleshoot Proxy Issues

Remove environmental variables and hit it with curl.

`env -u http_proxy -u https_proxy -u HTTP_PROXY -u HTTPS_PROXY -u no_proxy -u NO_PROXY curl --verbose https://dynamodb.us-gov-east-1.amazonaws.com/`

What variables are in the actual process environment (2289 process ID)
`tr '\000' '\n' < /proc/2289/environ`
`cat /proc/2289/environ | tr '\000' '\n'`

Check connections. See the TCP state diagram
`netstat -pant | egrep SYN_SENT`
Alternate command?
`ss -4 | egrep SYN`
SYN_SENT is the state waiting for the destination. 

Look for the pid in the output and see if it matches your process.  
`ps -fp <pid from above>`

See where the IPs are
`host <IP from previous SYN_SENT>`


### Splunk App Proxy Troubleshooting
Is this a Splunk app? Does it support a proxy? Is this a modular input like DGI HF Duo_splunkapp?

In XDR the Splunk-launch.conf file SHOULD be wiping out the proxy settings for all Splunk Apps. Each Splunk App should set the proxy within the App. 

check the version of python
`splunk cmd /bin/which python3`


## Where are the OS proxy configurations?

`cat /etc/profile.d/proxy.sh`