Friday, July 7, 2017

/var/log/squid/access.log

http://www.labtestproject.com/linux_network/understand_and_monitor_squid_access_log_file_accesslog.html

1265939281.764      1 172.16.167.228 TCP_DENIED/403 734 POST http://lbcore1.metacafe.com/test/SystemInfoManager.php - NONE/- text/html

Understand squid access.log:

Columns
1.        1265939281.764  ==>   Time in Unix timestamp format, if convert its look like Fri, 12 Feb 2010 01:48:01 GMT
2.                     1  ==>   Duration the elapsed time received, request and response from squid
3.        172.16.167.228  ==>   Client IP Address
4.        TCP_DENIED/403  ==>   Result Codes Squid result code and HTTP status code separated by slash
5.                    734  ==>   Size in bytes the size/amount of data delivered to client
6.                  POST  ==>   Request Method request method made by client
7.  http://lbcore1.metacafe.com/test/SystemInfoManager.php  ==>  URL URL address requested by client
8.                    -  ==>   rfc931 ident lookups for the requesting client, default value for ident lookups is turn off because performance issue so usually you get the " - "
9.                NONE/-  ==>   Hierarchy Code
10.           text/html  ==>    Type content type of the object seen in the HTTP reply header

Display selected item or columns from squid access log.

   The tail command and awk command in example below show only selected columns from the squid access.log log file.  The command below display only client IP Address and URL address request by client from squid access.log.
[root@fedora10 squid]# tail -f /var/log/squid/access.log | awk '{print$3 " " $8 " " $7}'
172.16.169.227 - http://www.japaneseclassiccarshow.com/jccs-banner510.jpg

   The command example below display client IP Address, Squid result code/HTTP status code, Request method and URL address request by client from squid access.log file.
[root@fedora10 squid]# tail -f /var/log/squid/access.log | awk '{print$3 " " $4 " " $6 " " $8 " " $7}'
172.16.164.32 TCP_MISS/301 GET - http://us.update.companion.yahoo.com/slv/v6/not?

   The command example below display client IP Address, Squid result code/HTTP status code, Request method, URL address request by client and content type from squid access.log file.
[root@fedora10 squid]# tail -f /var/log/squid/access.log | awk '{print$3 " " $4 " " $6 " " $8 " " $7 " " $10}'
172.16.164.24 TCP_MISS/200 GET - http://apps.facebook.com/premierfootball/Results.aspx? text/html

Keywords: understand squid access.log, squid access.log, squid access log file, squid log, monitor squid log, monitor squid access.log, squid log file, understand squid log file
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)