[squid-users] logformat for squid5 ?

--Ahmad-- ahmed.zaeem at netstream.ps
Thu Aug 1 15:40:13 UTC 2019 

ok in squid 3.x
>> logformat squid %tl %6tr %>a %>p %>la %>lp %Ss/%03Hs %<st %rm %ru %un %Sh/ %<A %<a %<la

check the syntax :

01/Aug/2019:11:29:11 -0400    837 11.11.81.74 50223 22.158.182 11961 TCP_TUNNEL/200 3205 CONNECT www.googletagservices.com:443 mwckpf HIER_DIRECT/ www.googletagservices.com 172.217.15.66 22.22.158.182


lets analyse above .:

1st thing i see the time/date of the request .

then the source ip and source port who hit squid ————>   11.11.81.74 50223
then destination ip and port of squid sender connected to ————> 22.158.182 11961
Dst URL  —>www.googletagservices.com:443 <http://www.googletagservices.com:443/> 
User of the connection ——> mwckpf
IP resolution of the destination ——————> www.googletagservices.com 172.217.15.66
last thing the external ip address for that connection ———————> 22.22.158.182



Now on squid5.x
i add 
>> logformat squid %tl %6tr %>a %>p %>la %>lp %Ss/%03Hs %<st %rm %ru %un %Sh/ %<A %<a %<la

but the result is as :
1564669418.690    770 18.212.116.217 TCP_TUNNEL/200 40757 CONNECT www.bing.com:443 abc HIER_DIRECT/204.79.197.200 -

as you see , there is no date , so src port no dst ip/dst port .
no external ip 

i would like as possible to see results as the results in 3.5 .

hope that is clear 

Thanks Alex :)



> On 1 Aug 2019, at 16:55, Alex Rousskov <rousskov at measurement-factory.com> wrote:
> 
> On 8/1/19 9:23 AM, --Ahmad-- wrote:
>> i use :
>> logformat squid %tl %6tr %>a %>p %>la %>lp %Ss/%03Hs %<st %rm %ru %un %Sh/ %<A %<a %<la
>> 
>> in squid 3.x and its working fine , but in 5.x it dont work as i want 
> 
> We still do not have enough information to understand the problem you
> are trying to solve. Please be specific. For example, describe a
> transaction that logs X in v3.5 and Y in v5, and, unless it is really
> obvious from X and Y, please explain why you want X and not Y.
> 
> Alex.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190801/5d327523/attachment.html>

More information about the squid-users mailing list