Understand and Monitor Squid Access Log File access.log.

   The example below show step by step monitor squid access.log the access log file for squid proxy server.  To understand squid access.log (squid log file) the command tail is use to display the example output of squid access.log, you may not get the same access.log output as show on the example below... but the command and output from squid access,log only there as an example to show and explain the 10 columns from native access.log entries.

Monitor Squid access.log using tail command.

   The tail command with -f option below display updated contents from squid access log file.  The ouput from the squid access.log log for native access.log entries usually contain at least 10 columns that separated by one or more spaces.  Please note that on the example below, we use color to highlight and mark each access.log columns.

Command and access.log output example:

[root@fedora10 squid]# tail -f /var/log/squid/access.log

1265939281.764      1 172.16.167.228 TCP_DENIED/403 734 POST http://lbcore1.metacafe.com/test/SystemInfoManager.php - NONE/- text/html

Understand squid access.log:

Columns

1.        1265939281.764  ==>   Time in Unix timestamp format, if convert its look like Fri, 12 Feb 2010 01:48:01 GMT

2.                     1  ==>   Duration the elapsed time received, request and response from squid

3.        172.16.167.228  ==>   Client IP Address

4.        TCP_DENIED/403  ==>   Result Codes Squid result code and HTTP status code separated by slash

5.                    734  ==>   Size in bytes the size/amount of data delivered to client

6.                  POST  ==>   Request Method request method made by client

7.  http://lbcore1.metacafe.com/test/SystemInfoManager.php  ==>  URL URL address requested by client

8.                    -  ==>   rfc931 ident lookups for the requesting client, default value for ident lookups is turn off because performance issue so usually you get the " - "

9.                NONE/-  ==>   Hierarchy Code

10.           text/html  ==>    Type content type of the object seen in the HTTP reply header

Display selected item or columns from squid access log.

   The tail command and awk command in example below show only selected columns from the squid access.log log file.  The command below display only client IP Address and URL address request by client from squid access.log.

[root@fedora10 squid]# tail -f /var/log/squid/access.log | awk '{print$3 " " $8 " " $7}'

172.16.169.227 - http://www.japaneseclassiccarshow.com/jccs-banner510.jpg

   The command example below display client IP Address, Squid result code/HTTP status code, Request method and URL address request by client from squid access.log file.

[root@fedora10 squid]# tail -f /var/log/squid/access.log | awk '{print$3 " " $4 " " $6 " " $8 " " $7}'

172.16.164.32 TCP_MISS/301 GET - http://us.update.companion.yahoo.com/slv/v6/not?

   The command example below display client IP Address, Squid result code/HTTP status code, Request method, URL address request by client and content type from squid access.log file.

[root@fedora10 squid]# tail -f /var/log/squid/access.log | awk '{print$3 " " $4 " " $6 " " $8 " " $7 " " $10}'

172.16.164.24 TCP_MISS/200 GET - http://apps.facebook.com/premierfootball/Results.aspx? text/html

Keywords: understand squid access.log, squid access.log, squid access log file, squid log, monitor squid log, monitor squid access.log, squid log file, understand squid log file