Squid Log Classification and parameters
Squid The default log file is very many, the most important log log has three, respectively, Access.log, Store.log, Cache.log. The contents of the three log records are as follows:
Access. Log; The client uses the proxy server's record file store. Log; Stores the cached object's state record file cache. Log; CACHE startup and record files of various statuses
The path of three logs can be defined by cache_access_log,cache_store_log,cache_log three parameters in squid.conf. Use the three parameters as follows:
#用法: Cache_access_log Path#说明: Log Current proxy server activity contains all HTTP requests, and ICP query resultsCache_access_log/Var/Log/Squid/Access.Log;SquidDefault value#用法: Cache_log path [NONE]#说明: This file records information about squid proxy startup, shutdown, and proxy server systems, including system activity recordsCache_log/Var/log/squid/cachelog; #用法: Cache_store_log path [None]< Span class= "com" > #说明: This record file is used to record buffer object additions, deletions cache_store_log / var/log/squid /store. due to store.cache_store_log none
Access log output format adjustment and log filtering
Squid logs are defined by default in several log formats, which do not need to be redefined (see official notes for each parameter):
Logformat Squid%Ts.%03tu %6tr %>A%Ss/%03>Hs %<St%Rm%Ru%[Un%Sh/%<A%Mtlogformat Common%>A%[Ui%[Un[%Tl] "%rm%ru Http/%rv" %>Hs %<St%Ss:%ShLogformat combined%>A%[Ui%[Un[%Tl] "%rm%ru Http/%rv" %>hs %<st "%{referer} >h " "%{user-agent}>h " % ss:%shlogformat referrer %ts.%03tu%>a %{referer}> h %rulogformat useragent %> a [%tl] "%{user-agent}>h"
Squid access logs are measured in milliseconds by default, and when you want to redefine them, you can define and invoke them in squid.conf in the following ways:
Vim/App/Squid/etc/Squid.Conflogformat combined%>A%Ui%Un[%tl] "%RM%ru HTTP/%RV " %hs %< st "%{referer}>h" %{user-agent}>h " %ss:%sh %{host}>haccess_ Log /var/log/ squid/access. Log combined
Note: The above log format is not considered, squid before the paragraph has nginx or Apache and other front-end cases recorded in the log. And when the squid front-end has Nginx and other Web servers, will not record the customer's real IP, this time it is necessary to replace the%>a with%{x-real-ip}>h, note that the premise is nginx in the front-end to do the X-REAL-IP header settings. You can record the real IP of the visitor. The changed log format is as follows:
Logformat combined %{x-real-ip}>h%ui%un [%tl] "%rm%ru http/%rv"%Hs%<st"%{referer}>H" "%{ User-agent}>h "%ss:%sh
Note When you have a problem with the Logformat formatting, the following prompt will appear when you check the configuration file by Squid-k parse or use the Squid-k reconfigure to reload the wrong configuration file (at this point, simply reset it according to the official parameter hint):
[[Email protected]~]#/app/squid/sbin/squid-k ParseFATAL: Can' t parse configuration token: '%>hs %<st "%{referer}>h" "%{user-agent}>h" %ss:%sh ' Squid Cache (Version 2.7.STABLE9): Terminated abnormally. CPU usage:0.003 seconds = 0.001 user + 0.002 Sysmaximum resident size:6656 kbpage faults with physical I/O: 0/app/squid/ sbin/squid[0x47ae69]/app/squid/sbin/squid[0x47b240]/app/squid/sbin/squid[0x47b352]/app/squid/sbin/squid[ 0x40584b]/app/squid/sbin/squid[0x405bd7]/app/squid/sbin/squid[0x413722]/app/squid/sbin/squid[0x4178e8]/app/ Squid/sbin/squid[0x4181e0]/app/squid/sbin/squid[0x4527e1]/lib64/libc.so.6 (__LIBC_START_MAIN+0XF4) [0x323121d994 ]/APP/SQUID/SBIN/SQUID[0X403D49] Abandoned (core dumped)
In addition to defining the format of squid logs, you can easily filter the contents of the log by using ACL rules, such as the following two examples.
1. Set the log according to the domain name filter
361way^http://blog. 361way. 361way/log/access/361way-access. Log combined
The above configuration is to blog.361way.com the domain name of the access log, separate write to a log file.
2, filter According to the file type
-.. . /var/Log/squid/access.! nolog
The above configuration will not record in the log CSS, JS, swf three format access records.
Log polling
There are three types of logs mentioned above that can be polled by executing the squid-k rotate command. Each time this command is executed, squid will be based on the value defined by the Logfile_rotate command inside the squid.conf, which is the number of the rotated file name, Log_rotate 10 by default. The Logfile_rotat command uses the following:
#用法: logfile_rotate 0~10
If set to 0, the polling is never done. If set to Log_rotate 10, take access.log as an example, indicating that the log file name is rotated to: Access.log, access.log.0 ~access.log.9 its 11 files. Each time a squid-k rotate command is executed, three log files are then polled. This parameter, it is recommended that the small network is set to 10, the medium network is set to 4-5, and the large network is set to 1-2. For large networks, you should do a log file rotation every day, the rotation of the files need not be retained for a long time, only need to retain 1-2 days of log.
Note that it is not necessary to adjust this parameter to restart Squid can do log file rotation, but also need to execute squid-k rotate command. However, after Squid 3.1, this parameter is no longer useful for cache.log files, Cache.log can be automatically polled through the Debug_options parameter settings. See the official logfile_rotate for details. In order for it to be automatically polled, it may cooperate with the crontab command. Specific as follows:
#crontab-E3 * * */App/squid/sbin/-k rotate
Every morning, the Crondeamon automatically executes the rotation command.
Squid Log configuration and polling