[squid-users] override the "combined" logformat
mj
lists at merit.unu.edu
Thu Jun 30 09:34:56 UTC 2022
Hi,
We have set the following in /etc/squid/squid.conf, and it doesn't take
effect:
> logformat combined %>a %ui %un [%{%d/%b/%Y:%H:%M:%S +0100}tl] \
> "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh "remote ip" %>a
> access_log syslog:local2.notice combined
With the above, the defined "remote ip" %>a is NOT logged.
Changing *only* the logformat name from "combined" to "test", like:
> logformat test %>a %ui %un [%{%d/%b/%Y:%H:%M:%S +0100}tl] \
> "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh "remote ip" %>a
> access_log syslog:local2.notice test
has the result that "remote ip" 1.2.3.4 starts appearing in the logs
immediately.
I would like to understand why. Is it not possible to make changes to
the "combined" log format..? Or is the fact that logs go through syslog
causing this?
Is this expected?
This is RHEL8, with it's stock squid.
Thanks for any insights :-)
MJ
More information about the squid-users
mailing list