[squid-users] Huge Parent Log Lines

Alex Rousskov rousskov at measurement-factory.com
Tue Feb 28 15:28:36 UTC 2017


On 02/28/2017 05:53 AM, Robert Gabriel wrote:

> We have below single log entry, which is HUGE!

That does not look like a single log entry produced by Squid. It looks
like multiple log entries concatenated using '#' symbol and
post-processed by something outside Squid:

* The first field of the first entry starts with an imprecise
"human-friendly" time stamp (Feb 22 09:50:05) while the other
concatenated entries (after the '#' symbols) start with a Unix timestamp
(e.g., 0121487749813.453)

* The Unix timestamps increase.

* The request methods and URLs change.

* The last entry is incomplete.


Most likely, you have some custom log processing/analysis software that
mishandles Squid logs (possibly by mistreating everything it receives
from a file or a socket in a single read call as a single log entry).


HTH,

Alex.



> "Feb 22 09:50:05 3 3424 CONNECT 62.128.100.163:443 - HIER_NONE/- text/html#0121487749813.453 8317 10.224.101.132 TCP_MISS/206 89734 GET http://r3---sn-woc7en7z.gvt1.com/edgedl/release2/4ll88res6i0k5vapkhxf60lcld1qqdg1mkgbbvwg5rn8zp1tchc8np86upupsfhvasco4o167pdub21gpbtpemweza1t7u07u7i/24.0.0.221_win_PepperFlashPlayer.crx? - FIRSTUP_PARENT/10.231.221.74 application/octet-stream#0121487749813.695 225 10.224.101.132 TCP_MISS/302 1702 GET http://redirector.gvt1.com/edgedl/release2/4ll88res6i0k5vapkhxf60lcld1qqdg1mkgbbvwg5rn8zp1tchc8np86upupsfhvasco4o167pdub21gpbtpemweza1t7u07u7i/24.0.0.221_win_PepperFlashPlayer.crx - FIRSTUP_PARENT/10.231.221.74 text/html#0121487749813.764 375 10.224.100.68 TCP_MISS/200 1063 CONNECT googleads.g.doubleclick.net:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749813.822 15113 10.224.101.250 TCP_MISS/200 74954 GET http://dnl-03.geo.kaspersky.com/updates/kdb/i386/pef057.kdc - FIRSTUP_PARENT/10.231.221.74 application/octet-stream#0121487749813.851 764 10.224.100.68 TCP_MISS/200 3177 CONNECT r.turn.com:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749813.929 2006 10.224.100.68 TCP_MISS/200 4821 CONNECT 4922511.fls.doubleclick.net:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749814.021 184 10.224.101.250 TCP_MISS/200 694 GET http://dnl-03.geo.kaspersky.com/updates/wmuf/diffs/wmuf0002.dat.guh - FIRSTUP_PARENT/10.231.221.74 application/octet-stream#0121487749814.045 1084 10.224.100.68 TCP_MISS/200 664 CONNECT r.turn.com:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749814.695 644 10.224.100.68 TCP_MISS/200 4762 CONNECT maps-api-ssl.google.com:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749814.771 270 10.224.100.221 TCP_MISS/200 519 OPTIONS http://otf.msn.com/c.gif? - FIRSTUP_PARENT/10.231.221.74 text/plain#0121487749814.874 2915 10.224.100.68 TCP_MISS/200 1511 CONNECT cm.g.doubleclick.net:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749814.883 952 10.224.100.68 TCP_MISS/200 5401 CONNECT pixel.mathtag.com:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749814.893 1595 10.224.100.68 TCP_MISS/200 3177 CONNECT r.turn.com:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749814.894 806 10.224.101.250 TCP_MISS/200 684 GET http://dnl-03.geo.kaspersky.com/updates/wmuf/diffs/wmuf0004.dat.nlg - FIRSTUP_PARENT/10.231.221.74 application/octet-stream#0121487749815.056 5236 10.224.100.68 TCP_MISS/200 551 CONNECT cm.g.doubleclick.net:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749815.058 2070 10.224.100.68 TCP_MISS/200 3177 CONNECT r.turn.com:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749815.114 179 10.224.101.250 TCP_MISS/200 796 GET http://dnl-03.geo.kaspersky.com/updates/wmuf/diffs/wmuf0008.dat.ols - FIRSTUP_PARENT/10.231.221.74 application/octet-stream#0121487749815.326 176 10.224.101.250 TCP_MISS/200 735 GET http://dnl-03.geo.kaspersky.com/updates/wmuf/diffs/wmuf0009.dat.6qv - FIRSTUP_PARENT/10.231.221.74 application/octet-stream#0121487749815.384 607 10.224.100.221 TCP_MISS/200 578 POST http://otf.msn.com/c.gif? - FIRSTUP_PARENT/10.231.221.74 text/plain#0121487749815.659 241715 10.224.100.139 TCP_MISS/200 24163 CONNECT gm1.ggpht.com:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749815.726 0 10.229.71.30 TCP_DENIED/403 3435 GET http://www.google.com// - HIER_NONE/- text/html#0121487749815.757 1158 10.224.100.68 TCP_MISS/200 7896 CONNECT maps-api-ssl.google.com:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749815.862 976 10.224.100.68 TCP_MISS/200 7882 CONNECT maps-api-ssl.google.com:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749815.955 340 10.224.100.68 TCP_MISS/200 1319 CONNECT www.google.com:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749815.970 222 10.224.101.63 TCP_MISS/200 5840 CONNECT helpyouefile.sarsefiling.co.za:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749816.044 2959 10.224.100.68 TCP_MISS/200 3177 CONNECT r.turn.com:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749816.084 712 10.224.101.126 TCP_MISS/200 412 GET http://ping.chartbeat.net/ping? - FIRSTUP_PARENT/10.231.221.74 image/gif#0121487749816.084 2319 10.224.100.68 TCP_MISS/200 7092 CONNECT secure.adnxs.com:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749816.147 59 10.224.100.68 TCP_MISS/200 271 CONNECT ak1s.abmr.net:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749816.247 6550 10.224.100.68 TCP_MISS/200 5396 CONNECT secure.adnxs.com:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749816.428 570 10.224.101.250 TCP_MISS/200 658 GET http://dnl-16.geo.kaspersky.com/updaters/updater.xml.dif - FIRSTUP_PARENT/10.231.221.74 application/octet-stream#0121487749816.505 0 10.224.100.176 TCP_DENIED/403 3680 CONNECT qrtm1.instaforex.com:8443 - HIER_NONE/- text/html#0121487749816.548 0 10.224.100.176 TCP_DENIED/403 3680 CONNECT qrtm1.instaforex.com:8443 - HIER_NONE/- text/html#0121487749816.675 3414 10.224.101.129 TCP_MISS/200 7511 CONNECT login.live.com:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749816.747 596 10.224.100.68 TCP_MISS/200 647 CONNECT www.google.co.za:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749817.249 159614 10.224.100.103 TCP_MISS/200 379 GET http://su.ff.avast.com/R/A3kKIDljOWVkMmYzMGYyNzRmMDZhNWJjYjE3NGE0NjJjMzdmEgQAFQIXGNsBIgEAKgcIBBD_v7ZNKgcIAxDyvpJNMgoIBBD_v7ZNGIAKOO6RhIgBQiANFKxt1nDDEXHliIvCKJ259oVqZazWSw60wTp8jKzNwUiAg5gI - FIRSTUP_PARENT/10.231.221.74 application/octet-stream#0121487749817.328 243477 10.224.100.139 TCP_MISS/200 19261 CONNECT gm1.ggpht.com:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749817.408 241348 10.224.100.139 TCP_MISS/200 6810 CONNECT gm1.ggpht.com:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749817.489 3789 10.224.101.132 TCP_MISS/206 78226 GET http://r3---sn-woc7en7z.gvt1.com/edgedl/release2/4ll88res6i0k5vapkhxf60lcld1qqdg1mkgbbvwg5rn8zp1tchc8np86upupsfhvasco4o167pdub21gpbtpemweza1t7u07u7i/24.0.0.221_win_PepperFlashPlayer.crx? - FIRSTUP_PARENT/10.231.221.74 application/octet-stream#0121487749817.508 265 10.224.100.154 TCP_MISS/200 412 GET http://ping.chartbeat.net/ping? - FIRSTUP_PARENT/10.231.221.74 image/gif#0121487749817.653 1079 10.224.100.208 TCP_MISS/200 5566 CONNECT cupdates.trusteer.com:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749817.986 242880 10.224.100.139 TCP_MISS/200 1482 CONNECT gm1.ggpht.com:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749818.027 2952 10.224.100.68 TCP_MISS/200 5230 CONNECT beacon.krxd.net:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749818.032 4177 10.224.100.68 TCP_MISS/200 7204 CONNECT secure.adnxs.com:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749819.081 244916 10.224.100.139 TCP_MISS/200 1479 CONNECT gm1.ggpht.com:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749819.156 241146 10.224.100.139 TCP_MISS/200 793 CONNECT ssl.gstatic.com:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749819.207 4609 10.224.100.68 TCP_MISS/200 6619 CONNECT maps-api-ssl.google.com:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749819.335 560 10.224.100.154 TCP_MISS/200 577 POST http://otf.msn.com/c.gif? - FIRSTUP_PARENT/10.231.221.74 text/plain#0121487749819.396 37 10.224.100.79 TCP_MISS/200 1309 CONNECT translate.google.com:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749819.656 338 10.224.101.132 TCP_MISS/302 1702 GET http://redirector.gvt1.com/edgedl/release2/4ll88res6i0k5vapkhxf60lcld1qqdg1mkgbbvwg5rn8zp1tchc8np86upupsfhvasco4o167pdub21gpbtpemweza1t7u07u7i/24.0.0.221_win_PepperFlashPlayer.crx - FIRSTUP_PARENT/10.231.221.74 text/html#0121487749820.130 454 10.229.71.27 TCP_DENIED/403 3420 CONNECT 81.19.104.57:443 - HIER_NONE/- text/html#0121487749820.134 3527 10.224.101.250 TCP_MISS/200 844 GET http://dnl-18.geo.kaspersky.com/index/u0607g.xml.dif - FIRSTUP_PARENT/10.231.221.74 application/octet-stream#0121487749820.446 4398 10.224.100.68 TCP_MISS/200 7529 CONNECT ck.solocpm.com:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749820.532 241320 10.224.101.123 TCP_MISS/200 5966 CONNECT accounts.google.com:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749820.733 5119 10.224.100.68 TCP_MISS/200 8541 CONNECT aud.boostadvtracking.com:443 - FIRSTUP_PARENT/10.231.221.74 -#0121487749820.734 5658 10.224.100.68 TCP_MISS/200 5982 CONNECT beacon.krxd.net:443"



More information about the squid-users mailing list