[squid-users] auth, ssl bump and analyzing logs
Amos Jeffries
squid3 at treenet.co.nz
Thu Jul 14 08:23:03 UTC 2016
On 14/07/2016 7:45 p.m., Marko Cupać wrote:
> Hi,
>
> is there a way to parse squid access.log in a way that only traffic
> that was served to clients count?
Unless you are using a custom log. That is the only data that gets
logged in the size field of access.log.
> I used to parse access.log with
> calamaris, and I was getting useful info from it, but since I introduced
> authentication and ssl bumping I suspect I am getting very large
> numbers for ERRORs (I guess as a result of auth 407's etc.)
Perhapse. Or...
>
> # Incoming TCP-requests by status
> status request % Byte % sec kB/sec
> ------------- --------- ------ -------- ------ ---- -------
> HIT 89540 6.20 1703M 4.07 0 182.82
> MISS 698904 48.37 18055M 43.13 2 16.34
> ERROR 656402 45.43 22105M 52.80 1 49.58
> ------------- --------- ------ -------- ------ ---- -------
> Sum 1444846 100.00 41862M 100.00 1 26.83
>
There are several more types of transaction status than HIT, MISS, ERROR
in modern Squid logs. Perhapse the problem is that your Calamaris does
not handle those other transaction types.
Amos
More information about the squid-users
mailing list