[squid-users] Logging in squid
Yuri Voinov
yvoinov at gmail.com
Tue Apr 26 19:32:31 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Read squid.cache.documented carefully again:
# LOGFILE OPTIONS
#
-----------------------------------------------------------------------------
# TAG: logformat
# Usage:
#
# logformat <name> <format specification>
#
# Defines an access log format.
#
# The <format specification> is a string with embedded % format codes
#
# % format codes all follow the same basic structure where all but
# the formatcode is optional. Output strings are automatically escaped
# as required according to their context and the output format
# modifiers are usually not needed, but can be specified if an explicit
# output format is desired.
#
# % ["|[|'|#] [-] [[0]width] [{argument}] formatcode
#
# " output in quoted string format
# [ output in squid text log format as used by log_mime_hdrs
# # output in URL quoted format
# ' output as-is
#
# - left aligned
#
# width minimum and/or maximum field width:
# [width_min][.width_max]
# When minimum starts with 0, the field is zero-padded.
# String values exceeding maximum width are truncated.
#
# {arg} argument such as header name etc
#
# Format codes:
#
# % a literal % character
# sn Unique sequence number per log line entry
# err_code The ID of an error response served by Squid or
# a similar internal error identifier.
# err_detail Additional err_code-dependent error information.
# note The annotation specified by the argument. Also
# logs the adaptation meta headers set by the
# adaptation_meta configuration parameter.
# If no argument given all annotations logged.
# The argument may include a separator to use with
# annotation values:
# name[:separator]
# By default, multiple note values are separated with ","
# and multiple notes are separated with "\r\n".
# When logging named notes with %{name}note, the
# explicitly configured separator is used between note
# values. When logging all notes with %note, the
# explicitly configured separator is used between
# individual notes. There is currently no way to
# specify both value and notes separators when logging
# all notes with %note.
#
# Connection related format codes:
#
# >a Client source IP address
# >A Client FQDN
# >p Client source port
# >eui Client source EUI (MAC address, EUI-48 or EUI-64
identifier)
# >la Local IP address the client connected to
# >lp Local port number the client connected to
# >qos Client connection TOS/DSCP value set by Squid
# >nfmark Client connection netfilter mark set by Squid
#
# la Local listening IP address the client connection was
connected to.
# lp Local listening port number the client connection was
connected to.
#
# <a Server IP address of the last server or peer connection
# <A Server FQDN or peer name
# <p Server port number of the last server or peer connection
# <la Local IP address of the last server or peer connection
# <lp Local port number of the last server or peer connection
# <qos Server connection TOS/DSCP value set by Squid
# <nfmark Server connection netfilter mark set by Squid
#
# Time related format codes:
#
# ts Seconds since epoch
# tu subsecond time (milliseconds)
# tl Local time. Optional strftime format argument
# default %d/%b/%Y:%H:%M:%S %z
# tg GMT time. Optional strftime format argument
# default %d/%b/%Y:%H:%M:%S %z
# tr Response time (milliseconds)
# dt Total time spent making DNS lookups (milliseconds)
# tS Approximate master transaction start time in
# <full seconds since epoch>.<fractional seconds> format.
# Currently, Squid considers the master transaction
# started when a complete HTTP request header initiating
# the transaction is received from the client. This is
# the same value that Squid uses to calculate transaction
# response time when logging %tr to access.log. Currently,
# Squid uses millisecond resolution for %tS values,
# similar to the default access.log "current time" field
# (%ts.%03tu).
#
# Access Control related format codes:
#
# et Tag returned by external acl
# ea Log string returned by external acl
# un User name (any available)
# ul User name from authentication
# ue User name from external acl helper
# ui User name from ident
# un A user name. Expands to the first available name
# from the following list of information sources:
# - authenticated user name, like %ul
# - user name supplied by an external ACL, like %ue
# - SSL client name, like %us
# - ident user name, like %ui
# credentials Client credentials. The exact meaning depends on
# the authentication scheme: For Basic authentication,
# it is the password; for Digest, the realm sent by the
# client; for NTLM and Negotiate, the client challenge
# or client credentials prefixed with "YR " or "KK ".
#
# HTTP related format codes:
#
# REQUEST
#
# [http::]rm Request method (GET/POST etc)
# [http::]>rm Request method from client
# [http::]<rm Request method sent to server or peer
# [http::]ru Request URL from client (historic, filtered for
logging)
# [http::]>ru Request URL from client
# [http::]<ru Request URL sent to server or peer
# [http::]>rs Request URL scheme from client
# [http::]<rs Request URL scheme sent to server or peer
# [http::]>rd Request URL domain from client
# [http::]<rd Request URL domain sent to server or peer
# [http::]>rP Request URL port from client
# [http::]<rP Request URL port sent to server or peer
# [http::]rp Request URL path excluding hostname
# [http::]>rp Request URL path excluding hostname from client
# [http::]<rp Request URL path excluding hostname sent to
server or peer
# [http::]rv Request protocol version
# [http::]>rv Request protocol version from client
# [http::]<rv Request protocol version sent to server or peer
#
# [http::]>h Original received request header.
# Usually differs from the request header sent by
# Squid, although most fields are often preserved.
# Accepts optional header field name/value filter
# argument using name[:[separator]element] format.
# [http::]>ha Received request header after adaptation and
# redirection (pre-cache REQMOD vectoring point).
# Usually differs from the request header sent by
# Squid, although most fields are often preserved.
# Optional header name argument as for >h
#
#
# RESPONSE
#
# [http::]<Hs HTTP status code received from the next hop
# [http::]>Hs HTTP status code sent to the client
#
# [http::]<h Reply header. Optional header name argument
# as for >h
#
# [http::]mt MIME content type
#
#
# SIZE COUNTERS
#
# [http::]st Total size of request + reply traffic with client
# [http::]>st Total size of request received from client.
# Excluding chunked encoding bytes.
# [http::]<st Total size of reply sent to client (after
adaptation)
#
# [http::]>sh Size of request headers received from client
# [http::]<sh Size of reply headers sent to client (after
adaptation)
#
# [http::]<sH Reply high offset sent
# [http::]<sS Upstream object size
#
# [http::]<bs Number of HTTP-equivalent message body bytes
# received from the next hop, excluding chunked
# transfer encoding and control messages.
# Generated FTP/Gopher listings are treated as
# received bodies.
#
#
# TIMING
#
# [http::]<pt Peer response time in milliseconds. The timer starts
# when the last request byte is sent to the next hop
# and stops when the last response byte is received.
# [http::]<tt Total time in milliseconds. The timer
# starts with the first connect request (or write I/O)
# sent to the first selected peer. The timer stops
# with the last I/O with the last peer.
#
# Squid handling related format codes:
#
# Ss Squid request status (TCP_MISS etc)
# Sh Squid hierarchy status (DEFAULT_PARENT etc)
#
# SSL-related format codes:
#
# ssl::bump_mode SslBump decision for the transaction:
#
# For CONNECT requests that initiated bumping of
# a connection and for any request received on
# an already bumped connection, Squid logs the
# corresponding SslBump mode ("server-first" or
# "client-first"). See the ssl_bump option for
# more information about these modes.
#
# A "none" token is logged for requests that
# triggered "ssl_bump" ACL evaluation matching
# either a "none" rule or no rules at all.
#
# In all other cases, a single dash ("-") is
# logged.
#
# ssl::>sni SSL client SNI sent to Squid. Available only
# after the peek, stare, or splice SSL bumping
# actions.
#
# If ICAP is enabled, the following code becomes available (as
# well as ICAP log codes documented with the icap_log option):
#
# icap::tt Total ICAP processing time for the HTTP
# transaction. The timer ticks when ICAP
# ACLs are checked and when ICAP
# transaction is in progress.
#
# If adaptation is enabled the following three codes become available:
#
# adapt::<last_h The header of the last ICAP response or
# meta-information from the last eCAP
# transaction related to the HTTP transaction.
# Like <h, accepts an optional header name
# argument.
#
# adapt::sum_trs Summed adaptation transaction response
# times recorded as a comma-separated list in
# the order of transaction start time. Each time
# value is recorded as an integer number,
# representing response time of one or more
# adaptation (ICAP or eCAP) transaction in
# milliseconds. When a failed transaction is
# being retried or repeated, its time is not
# logged individually but added to the
# replacement (next) transaction. See also:
# adapt::all_trs.
#
# adapt::all_trs All adaptation transaction response times.
# Same as adaptation_strs but response times of
# individual transactions are never added
# together. Instead, all transaction response
# times are recorded individually.
#
# You can prefix adapt::*_trs format codes with adaptation
# service name in curly braces to record response time(s) specific
# to that service. For example: %{my_service}adapt::sum_trs
#
# If SSL is enabled, the following formating codes become available:
#
# %ssl::>cert_subject The Subject field of the received client
# SSL certificate or a dash ('-') if Squid has
# received an invalid/malformed certificate or
# no certificate at all. Consider encoding the
# logged value because Subject often has spaces.
#
# %ssl::>cert_issuer The Issuer field of the received client
# SSL certificate or a dash ('-') if Squid has
# received an invalid/malformed certificate or
# no certificate at all. Consider encoding the
# logged value because Issuer often has spaces.
#
# The default formats available (which do not need re-defining) are:
#
#logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un
%Sh/%<a %mt
#logformat common %>a %[ui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st
%Ss:%Sh
#logformat combined %>a %[ui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st
"%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
#logformat referrer %ts.%03tu %>a %{Referer}>h %ru
#logformat useragent %>a [%tl] "%{User-Agent}>h"
#
# NOTE: When the log_mime_hdrs directive is set to ON.
# The squid, common and combined formats have a safely encoded copy
# of the mime headers appended to each line within a pair of
brackets.
#
# NOTE: The common and combined formats are not quite true to the
Apache definition.
# The logs from Squid contain an extra status and hierarchy code
appended.
#
#Default:
# The format definitions squid, common, combined, referrer, useragent
are built in.
# TAG: access_log
# Configures whether and how Squid logs HTTP and ICP transactions.
# If access logging is enabled, a single line is logged for every
# matching HTTP or ICP request. The recommended directive formats are:
#
# access_log <module>:<place> [option ...] [acl acl ...]
# access_log none [acl acl ...]
#
# The following directive format is accepted but may be deprecated:
# access_log <module>:<place> [<logformat name> [acl acl ...]]
#
# In most cases, the first ACL name must not contain the '='
character
# and should not be equal to an existing logformat name. You can always
# start with an 'all' ACL to work around those restrictions.
#
# Will log to the specified module:place using the specified format
(which
# must be defined in a logformat directive) those entries which match
# ALL the acl's specified (which must be defined in acl clauses).
# If no acl is specified, all requests will be logged to this
destination.
#
# ===== Available options for the recommended directive format =====
#
# logformat=name Names log line format (either built-in or
# defined by a logformat directive). Defaults
# to 'squid'.
#
# buffer-size=64KB Defines approximate buffering limit for log
# records (see buffered_logs). Squid should not
# keep more than the specified size and, hence,
# should flush records before the buffer becomes
# full to avoid overflows under normal
# conditions (the exact flushing algorithm is
# module-dependent though). The on-error option
# controls overflow handling.
#
# on-error=die|drop Defines action on unrecoverable errors. The
# 'drop' action ignores (i.e., does not log)
# affected log records. The default 'die' action
# kills the affected worker. The drop action
# support has not been tested for modules other
# than tcp.
#
# ===== Modules Currently available =====
#
# none Do not log any requests matching these ACL.
# Do not specify Place or logformat name.
#
# stdio Write each log line to disk immediately at the completion of
# each request.
# Place: the filename and path to be written.
#
# daemon Very similar to stdio. But instead of writing to disk the log
# line is passed to a daemon helper for asychronous handling instead.
# Place: varies depending on the daemon.
#
# log_file_daemon Place: the file name and path to be written.
#
# syslog To log each request via syslog facility.
# Place: The syslog facility and priority level for these entries.
# Place Format: facility.priority
#
# where facility could be any of:
# authpriv, daemon, local0 ... local7 or user.
#
# And priority could be any of:
# err, warning, notice, info, debug.
#
# udp To send each log line as text data to a UDP receiver.
# Place: The destination host name or IP and port.
# Place Format: //host:port
#
# tcp To send each log line as text data to a TCP receiver.
# Lines may be accumulated before sending (see buffered_logs).
# Place: The destination host name or IP and port.
# Place Format: //host:port
#
# Default:
# access_log daemon:/usr/local/squid/var/logs/access.log squid
#Default:
# access_log daemon:/usr/local/squid/var/logs/access.log squid
You can define any custom access.log, for example, and write this custom
log at the same time.
27.04.16 1:20, Aashima Madaan пишет:
> Hey,
>
> I have kept squid between a proxy and a server. Requests and response
pass from proxy to squid to server and back.
>
> Does squid has any other logs except cache.log and access.log? are
there any ways to improve squid logging or enable any debug logs?
>
> Thanks
> Aashima
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXH8JPAAoJENNXIZxhPexGB88H/2wnTr0o3K/A9hkHcMHzE/fj
CzOOL5B0YYijwk4m+8UBqmBkt6WQVc5AeWASmzHsxjh6/wqRK8up8dOmgS7uSbI+
wM+5c8AhvcBQlMkHQB58bMbcBKjxZVFeo/YYD8iglZ/o95Fflv+6d+Tv2Wh0s7Bb
iKN2riLryC244OciEiNTjU9TpaofsmOAGvTddoJerZse43Az9av7B4xLWfhs6NRs
LY6zk1Rj/QXF/U1CH9Lnxs84LfyuPDXuC1q+/jfYgbr7f1UZPrOV7wuQo7DksmHi
V3T53mfg2qRqShjo/Ezxc+YMkfgmouGR4Nz2UQekOfphFqrHNCuB6Jmyh3NkaiA=
=rx3x
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160427/ebcc8d44/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160427/ebcc8d44/attachment-0001.key>
More information about the squid-users
mailing list