[squid-users] Data usage reported in log files
Alex Rousskov
rousskov at measurement-factory.com
Fri Mar 10 20:57:25 UTC 2017
On 03/10/2017 01:37 PM, Marcus Kool wrote:
> Squid has no idea how many bytes go through the (HTTPS) tunnels.
Actually, Squid knows the number of raw (encrypted) TCP payload bytes
inside a tunnel and should log that.
Squid also knows and logs the number of HTTP (decrypted) bytes if the
SSL tunnel is bumped. In that case, the logged number is often smaller
but could also be larger than the corresponding TCP payload, depending
on whether SSL uses compression.
In any case, Squid numbers do not contain TCP/IP/Ethernet headers and
control messages. They may also lack HTTP chunked encoding overheads.
Failed Squid-to-server connections are not logged if they were
successfully retried.
There are also logging/accounting bugs because there is currently no
automated system to detect them. For a recent example, see our fix at
http://bazaar.launchpad.net/~squid/squid/trunk/revision/14838
If you use the latest release and see a disparity (between Squid-logged
numbers and other sources of information) that cannot be explained by
known factors, consider reporting it.
Thank you,
Alex.
More information about the squid-users
mailing list