Hi there,
The 127.0.0.1 access comes from dansguardian content filtering (filter policies), then you cannot know with external tools the HTTP proxy usage.
If you check Squid logs in (Logs --> Query logs --> HTTP proxy) you will see the source working properly.
If you check HTTP proxy reports in Zentyal Cloud (the link is in a previous post) you will see the data in the report is properly sourced by username/IP address even with content filtering enabled.
Best regards,