[squid-users] What do the bytes and duration fields in squid log count for https (CONNECT)?
Henry S. Thompson
ht at inf.ed.ac.uk
Mon Jul 25 12:04:43 UTC 2016
Amos Jeffries writes:
> On 25/07/2016 10:34 p.m., Henry S. Thompson wrote:
>> Standard squid config only logs one CONNECT line for any https
>> transaction. What is being counted/timed by the reported bytes and
>> duration fields in that line?
>>
>> I'm guessing it's the total time taken and total bytes delivered to the
>> client by any and all transactions in the course of the TLS connection
>> established by that CONNECT, but I can't find anything in the log
>> documentation which confirms that.
>
> Yes. There is no HTTPS or TLS as far as Squid is concerned. (In modern
> traffic you are also very likely to be wrong about it being HTTPS or TLS
> on port 443. The (browser?) URL saying "https://" does not make it HTTPS
> inside the tunnel).
Indeed, understood
> An HTTP CONNECT message with opaque data is all Squid sees. Its duration
> is how long it takes, and the opaque data is the size it is.
Thanks for your reply, but this part leaves me confused. The CONNECT
message itself is short, as is the likely reply, and presumably doesn't
take long to process. But the times and sizes I'm seeing are long/big,
so it doesn't seem likely that they are the time and size of the
response to the CONNECT as such, which is what you appear to be saying
above...
That is, what is the 'it' you refer to in your final sentence?
ht
--
Henry S. Thompson, School of Informatics, University of Edinburgh
10 Crichton Street, Edinburgh EH8 9AB, SCOTLAND -- (44) 131 650-4440
Fax: (44) 131 650-4587, e-mail: ht at inf.ed.ac.uk
URL: http://www.ltg.ed.ac.uk/~ht/
[mail from me _always_ has a .sig like this -- mail without it is forged spam]
More information about the squid-users
mailing list