I look after an IPCop firewall in a remote office for a small company. Yesterday I noticed some odd internal IP addresses appearing in some categories of the squidguard logs. These addresses don’t appear anywhere else on the network or logs so I was somewhat puzzled.

turns out that these were entries from the same day of the month but one, or even two years ago. logrotate is set to rotate the squidguard log files, but only once they reach a size of 100k. The least found categories will obviously have fewer entries so may well cover a period longer than a year.

When viewed in the web gui, only the day and month is searched, and subsequently listed, so today I see entries for 03 March – but, of course, not just for this year.