=Start=<\/p>\n\n\n\n
\u7b80\u5355\u8bb0\u5f55\u4e00\u4e0b Squid \u65e5\u5fd7\u7684\u76f8\u5173\u5185\u5bb9\uff0c\u65b9\u4fbf\u6709\u9700\u8981\u7684\u65f6\u5019\u53c2\u8003\u3002<\/p>\n\n\n\n
# Squid \u7684\u9ed8\u8ba4\u7684 access.log \u65e5\u5fd7\u683c\u5f0f\n\"%9d.%03d %6d %s %s\/%03d %d %s %s %s %s%s\/%s %s\"\n\n# \u56e0\u6b64\uff0caccess.log \u6761\u76ee\u901a\u5e38\u7531\uff08\u81f3\u5c11\uff0910 \u5217\u7ec4\u6210\uff0c\u4e2d\u95f4\u7528\u4e00\u4e2a\u6216\u591a\u4e2a\u7a7a\u683c\u9694\u5f00\uff1a\n\n1. time #Unix \u65f6\u95f4\u6233\uff0c\u4ee5 UTC \u79d2\u4e3a\u5355\u4f4d\uff0c\u5206\u8fa8\u7387\u4e3a\u6beb\u79d2\uff0c\u8fd9\u662f Squid \u5f00\u59cb\u8bb0\u5f55\u4e8b\u52a1\u7684\u65f6\u95f4\u3002\n2. duration #\u6301\u7eed\u65f6\u95f4\uff0c\u65f6\u95f4\u7684\u957f\u77ed\u53d6\u51b3\u4e8e\u4e8b\u52a1\u5360\u7528\u7f13\u5b58\u7684\u6beb\u79d2\u6570\u3002TCP \u548c UDP \u5bf9\u5b83\u7684\u89e3\u91ca\u4e0d\u540c\u3002\n3. client_ip #\u5ba2\u6237\u7aef IP \u5730\u5740\u3002\n4. result_codes #\u7ed3\u679c\u4ee3\u7801\uff0c\u8fd9\u4e00\u680f\u7531\u4e24\u4e2a\u6761\u76ee\u7ec4\u6210\uff0c\u4e2d\u95f4\u7528\u659c\u7ebf\u9694\u5f00\u3002\n5. bytes #\u5b57\u8282\u5927\u5c0f\uff0c\u8fd9\u662f\u8fd4\u56de\u7ed9\u5ba2\u6237\u7aef\u7684\u6570\u636e\u91cf\u3002\u8bf7\u6ce8\u610f\uff0c\u8fd9\u5e76\u4e0d\u6784\u6210\u5bf9\u8c61\u7684\u51c0\u5927\u5c0f\uff0c\u56e0\u4e3a\u6807\u9898\u4e5f\u88ab\u8ba1\u7b97\u5728\u5185\u3002\u6b64\u5916\uff0c\u5931\u8d25\u7684\u8bf7\u6c42\u53ef\u80fd\u4f1a\u53d1\u9001\u4e00\u4e2a\u9519\u8bef\u9875\u9762\uff0c\u5176\u5927\u5c0f\u4e5f\u4f1a\u8bb0\u5f55\u5728\u8fd9\u91cc\u3002\n6. req_method #\u8bf7\u6c42\u65b9\u6cd5\u3002\n7. url #\u8bf7\u6c42\u7684 URL \u3002\n8. user #\u8bf7\u6c42\u5ba2\u6237\u7aef\u7684\u7528\u6237\u8eab\u4efd\uff0c\u7528\u6237\u8eab\u4efd\u4fe1\u606f\u53ef\u4ee5\u6765\u81ea HTTP \u8eab\u4efd\u9a8c\u8bc1\u3001\u5916\u90e8 ACL \u8f85\u52a9\u7a0b\u5e8f\u3001TLS \u8eab\u4efd\u9a8c\u8bc1\u6216 IDENT \u67e5\u627e\uff08RFC 931\uff09\uff0c\u6309\u6b64\u987a\u5e8f\u8fdb\u884c\u68c0\u67e5\uff0c\u663e\u793a\u6700\u5148\u63d0\u4f9b\u4fe1\u606f\u7684\u7528\u6237\u8eab\u4efd\u4fe1\u606f\u3002\u5982\u679c\u6ca1\u6709\u53ef\u7528\u7684\u7528\u6237\u8eab\u4efd\uff0c\u5c06\u8bb0\u5f55\"-\"\u3002\n9. hierarchy_code #\u5c42\u6b21\u7ed3\u6784\u4ee3\u7801(Hierarchy\/From)\uff0c\u5982\u4f55\u83b7\u53d6\u5bf9\u8c61\u4ee5\u53ca\u4ece\u54ea\u91cc\u83b7\u53d6\u5bf9\u8c61(How the object is fetched and from where)\u3002\n10. type #\u7c7b\u578b\uff0cHTTP\u56de\u590d\u5934\u4e2d\u663e\u793a\u7684\u5bf9\u8c61\u5185\u5bb9\u7c7b\u578b\u3002\u8bf7\u6ce8\u610f\uff0cICP\u4ea4\u6362\u901a\u5e38\u6ca1\u6709\u4efb\u4f55\u5185\u5bb9\u7c7b\u578b\uff0c\u56e0\u6b64\u8bb0\u5f55\u4e3a\"-\"\u3002\u6b64\u5916\uff0c\u6709\u4e9b\u5947\u602a\u7684\u56de\u590d\u5185\u5bb9\u7c7b\u578b\u4e3a\":\"\uff0c\u751a\u81f3\u4e3a\u7a7a\u3002\n\n# \u6837\u4f8b\n1715135750.962 26 172.12.13.48 TCP_MISS\/200 671 GET http:\/\/172.12.13.57:8080\/ - HIER_DIRECT\/172.12.13.57 text\/html\n\n1715140512.772 1 172.12.13.57 TCP_DENIED\/407 4136 GET http:\/\/172.12.13.57:8080\/1.txt - HIER_NONE\/- text\/html<\/code><\/pre>\n\n\n\n
\n\n\n\nquestion:
Squid\u4ee3\u7406\u670d\u52a1\u5668\u7684\u65e5\u5fd7\u5e94\u8be5\u5982\u4f55\u67e5\u770b\u548c\u5206\u6790\uff1f<\/p>\n\n\n\n
answer:
Squid\u662f\u4e00\u79cd\u5e38\u7528\u7684\u4ee3\u7406\u670d\u52a1\u5668\u8f6f\u4ef6\uff0c\u7528\u4e8e\u7f13\u5b58\u548c\u63a7\u5236\u7528\u6237\u5bf9\u4e92\u8054\u7f51\u8d44\u6e90\u7684\u8bbf\u95ee\u3002Squid\u4ee3\u7406\u670d\u52a1\u5668\u7684\u65e5\u5fd7\u8bb0\u5f55\u4e86\u7528\u6237\u7684\u8bbf\u95ee\u8bf7\u6c42\u3001\u54cd\u5e94\u4fe1\u606f\u7b49\u91cd\u8981\u6570\u636e\uff0c\u5bf9\u4e8e\u7f51\u7edc\u7ba1\u7406\u548c\u5b89\u5168\u76d1\u63a7\u975e\u5e38\u91cd\u8981\u3002\u4ee5\u4e0b\u662f\u5982\u4f55\u67e5\u770b\u548c\u5206\u6790Squid\u4ee3\u7406\u670d\u52a1\u5668\u7684\u65e5\u5fd7\u7684\u4e00\u822c\u6b65\u9aa4\uff1a<\/p>\n\n\n\n
\u67e5\u770bSquid\u65e5\u5fd7\u6587\u4ef6\uff1a<\/h3>\n\n\n\n\n- \u627e\u5230Squid\u65e5\u5fd7\u6587\u4ef6\u4f4d\u7f6e<\/strong>\uff1a\u901a\u5e38Squid\u7684\u65e5\u5fd7\u6587\u4ef6\u4f4d\u4e8e
\/var\/log\/squid\/<\/code> \u76ee\u5f55\u4e0b\uff0c\u5177\u4f53\u6587\u4ef6\u540d\u53ef\u80fd\u662f access.log<\/code> \u6216\u7c7b\u4f3c\u7684\u540d\u79f0\u3002<\/li>\n\n\n\n- \u4f7f\u7528\u547d\u4ee4\u884c\u67e5\u770b\u65e5\u5fd7<\/strong>\uff1a\u53ef\u4ee5\u4f7f\u7528\u547d\u4ee4\u884c\u5de5\u5177\u5982
cat<\/code>\u3001tail<\/code> \u6216 less<\/code> \u6765\u67e5\u770b\u65e5\u5fd7\u6587\u4ef6\u5185\u5bb9\u3002\u4f8b\u5982\uff0c\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u67e5\u770b\u6700\u540e\u51e0\u884c\u7684\u65e5\u5fd7\u5185\u5bb9\uff1a<\/li>\n<\/ol>\n\n\n\n tail -n 100 \/var\/log\/squid\/access.log<\/code><\/pre>\n\n\n\n\u5206\u6790Squid\u65e5\u5fd7\uff1a<\/h3>\n\n\n\n\n- \u65e5\u5fd7\u683c\u5f0f<\/strong>\uff1a\u4e86\u89e3Squid\u65e5\u5fd7\u7684\u683c\u5f0f\uff0c\u901a\u5e38\u53ef\u4ee5\u5728Squid\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u6307\u5b9a\u65e5\u5fd7\u683c\u5f0f\uff0c\u5e38\u89c1\u7684\u65e5\u5fd7\u683c\u5f0f\u5305\u62ec Combined Log Format\u3001Common Log Format \u7b49\u3002<\/li>\n\n\n\n
- \u4f7f\u7528\u5de5\u5177\u5206\u6790<\/strong>\uff1a\u53ef\u4ee5\u4f7f\u7528\u65e5\u5fd7\u5206\u6790\u5de5\u5177\u5982 AWStats\u3001SARG\uff08Squid Analysis Report Generator\uff09\u7b49\u6765\u5206\u6790Squid\u65e5\u5fd7\uff0c\u8fd9\u4e9b\u5de5\u5177\u53ef\u4ee5\u751f\u6210\u62a5\u8868\u3001\u56fe\u8868\uff0c\u5e2e\u52a9\u66f4\u76f4\u89c2\u5730\u4e86\u89e3\u7528\u6237\u7684\u8bbf\u95ee\u60c5\u51b5\u3002<\/li>\n\n\n\n
- \u5173\u6ce8\u91cd\u8981\u4fe1\u606f<\/strong>\uff1a\u5728\u5206\u6790\u65e5\u5fd7\u65f6\uff0c\u53ef\u4ee5\u5173\u6ce8\u4ee5\u4e0b\u4fe1\u606f\uff1a<\/li>\n<\/ol>\n\n\n\n
\n- \u7528\u6237\u8bbf\u95ee\u7684URL<\/li>\n\n\n\n
- \u8bbf\u95ee\u65f6\u95f4<\/li>\n\n\n\n
- \u8bbf\u95ee\u7ed3\u679c\u72b6\u6001\u7801<\/li>\n\n\n\n
- \u7528\u6237IP\u5730\u5740<\/li>\n\n\n\n
- \u8bbf\u95ee\u6d41\u91cf<\/li>\n\n\n\n
- \u7f13\u5b58\u547d\u4e2d\u7387\u7b49\u6307\u6807<\/li>\n<\/ul>\n\n\n\n
\n- \u76d1\u63a7\u8bbf\u95ee\u884c\u4e3a<\/strong>\uff1a\u901a\u8fc7\u5206\u6790\u65e5\u5fd7\uff0c\u53ef\u4ee5\u76d1\u63a7\u7528\u6237\u7684\u8bbf\u95ee\u884c\u4e3a\uff0c\u8bc6\u522b\u5f02\u5e38\u8bbf\u95ee\u3001\u5b89\u5168\u5a01\u80c1\u7b49\uff0c\u6709\u52a9\u4e8e\u7f51\u7edc\u7ba1\u7406\u548c\u5b89\u5168\u76d1\u63a7\u3002<\/li>\n\n\n\n
- \u5b9a\u671f\u5206\u6790\u548c\u62a5\u544a<\/strong>\uff1a\u5efa\u8bae\u5b9a\u671f\u5bf9Squid\u7684\u65e5\u5fd7\u8fdb\u884c\u5206\u6790\uff0c\u751f\u6210\u62a5\u544a\uff0c\u53ca\u65f6\u53d1\u73b0\u95ee\u9898\u5e76\u91c7\u53d6\u76f8\u5e94\u63aa\u65bd\u3002<\/li>\n<\/ol>\n\n\n\n
\u901a\u8fc7\u67e5\u770b\u548c\u5206\u6790Squid\u4ee3\u7406\u670d\u52a1\u5668\u7684\u65e5\u5fd7\uff0c\u53ef\u4ee5\u66f4\u597d\u5730\u4e86\u89e3\u7528\u6237\u7684\u8bbf\u95ee\u884c\u4e3a\uff0c\u4f18\u5316\u7f51\u7edc\u6027\u80fd\uff0c\u52a0\u5f3a\u7f51\u7edc\u5b89\u5168\u3002<\/p>\n\n\n\n
\n\n\n\nquestion:
Squid\u7684access.log\u65e5\u5fd7\u4e2d\u90fd\u5305\u542b\u54ea\u4e9b\u5b57\u6bb5\uff0c\u5206\u522b\u662f\u4ec0\u4e48\u542b\u4e49\uff1f<\/p>\n\n\n\n
answer:
Squid\u662f\u4e00\u79cd\u6d41\u884c\u7684\u7f13\u5b58\u4ee3\u7406\u670d\u52a1\u5668\u8f6f\u4ef6\uff0c\u7528\u4e8e\u63d0\u9ad8\u7f51\u7edc\u6027\u80fd\u548c\u5b89\u5168\u6027\u3002\u5728Squid\u7684access.log\u65e5\u5fd7\u6587\u4ef6\u4e2d\uff0c\u901a\u5e38\u5305\u542b\u4ee5\u4e0b\u5b57\u6bb5\uff1a<\/p>\n\n\n\n
\n- \u65f6\u95f4\u6233 (timestamp)\uff1a\u8bb0\u5f55\u8bf7\u6c42\u53d1\u751f\u7684\u65f6\u95f4\u3002<\/li>\n\n\n\n
- \u54cd\u5e94\u65f6\u95f4 (response time)\uff1a\u8bf7\u6c42\u5b8c\u6210\u6240\u82b1\u8d39\u7684\u65f6\u95f4\u3002<\/li>\n\n\n\n
- \u5ba2\u6237\u7aefIP\u5730\u5740 (client IP address)\uff1a\u53d1\u8d77\u8bf7\u6c42\u7684\u5ba2\u6237\u7aefIP\u5730\u5740\u3002<\/li>\n\n\n\n
- HTTP\u72b6\u6001\u7801 (HTTP status code)\uff1a\u670d\u52a1\u5668\u8fd4\u56de\u7684HTTP\u72b6\u6001\u7801\uff0c\u7528\u4e8e\u6307\u793a\u8bf7\u6c42\u7684\u5904\u7406\u7ed3\u679c\u3002<\/li>\n\n\n\n
- \u8bf7\u6c42\u65b9\u6cd5 (request method)\uff1aHTTP\u8bf7\u6c42\u4f7f\u7528\u7684\u65b9\u6cd5\uff0c\u5982GET\u3001POST\u7b49\u3002<\/li>\n\n\n\n
- \u8bf7\u6c42\u7684URL (requested URL)\uff1a\u5ba2\u6237\u7aef\u8bf7\u6c42\u7684URL\u5730\u5740\u3002<\/li>\n\n\n\n
- \u5927\u5c0f (size)\uff1a\u8bf7\u6c42\u7684\u5927\u5c0f\uff0c\u901a\u5e38\u662f\u4ee5\u5b57\u8282\u4e3a\u5355\u4f4d\u3002<\/li>\n\n\n\n
- \u7f13\u5b58\u547d\u4e2d\u60c5\u51b5 (cache status)\uff1a\u6307\u793a\u8bf7\u6c42\u662f\u5426\u547d\u4e2d\u7f13\u5b58\u3002<\/li>\n\n\n\n
- \u7528\u6237\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f (user authentication)\uff1a\u5982\u679c\u8bf7\u6c42\u9700\u8981\u7528\u6237\u8eab\u4efd\u9a8c\u8bc1\uff0c\u5219\u8bb0\u5f55\u7528\u6237\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u3002<\/li>\n\n\n\n
- \u7528\u6237\u4ee3\u7406 (user agent)\uff1a\u53d1\u8d77\u8bf7\u6c42\u7684\u7528\u6237\u4ee3\u7406\u4fe1\u606f\uff0c\u901a\u5e38\u662f\u6d4f\u89c8\u5668\u7684\u6807\u8bc6\u4fe1\u606f\u3002<\/li>\n<\/ol>\n\n\n\n
\u8fd9\u4e9b\u5b57\u6bb5\u63d0\u4f9b\u4e86\u5173\u4e8e\u8bf7\u6c42\u548c\u54cd\u5e94\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u6709\u52a9\u4e8e\u7ba1\u7406\u5458\u76d1\u63a7\u548c\u5206\u6790Squid\u670d\u52a1\u5668\u7684\u6027\u80fd\u548c\u8bbf\u95ee\u60c5\u51b5\u3002<\/p>\n\n\n\n
\n\n\n\n\/var\/log\/squid\/access.log #\u5927\u591a\u6570\u65e5\u5fd7\u6587\u4ef6\u5206\u6790\u7a0b\u5e8f\u90fd\u57fa\u4e8eaccess.log\u4e2d\u7684\u5185\u5bb9\u3002\u4f60\u53ef\u4ee5\u4f7f\u7528\u8fd9\u4e2a\u6587\u4ef6\u6765\u627e\u51fa\u8c01\u5728\u4f7f\u7528Squid\u670d\u52a1\u5668\uff0c\u4ed6\u4eec\u5728\u505a\u4ec0\u4e48\u7b49\u7b49<\/p>\n\n\n\n
\/var\/log\/squid\/cache.log #cache.log \u6587\u4ef6\u5305\u542b Squid \u751f\u6210\u7684\u8c03\u8bd5\u548c\u9519\u8bef\u4fe1\u606f\u3002\u5982\u679c\u4f7f\u7528 -s \u547d\u4ee4\u884c\u9009\u9879\u542f\u52a8 Squid\uff0c\u67d0\u4e9b\u4fe1\u606f\u7684\u526f\u672c\u4f1a\u8fdb\u5165 syslog \u8bbe\u65bd\u3002\u4f7f\u7528\u5355\u72ec\u7684\u6587\u4ef6\u6765\u4fdd\u5b58 Squid \u65e5\u5fd7\u6570\u636e\u662f\u4e2a\u4eba\u559c\u597d\u95ee\u9898\u3002<\/p>\n\n\n\n
\/var\/log\/squid\/store.log #store.log\u6587\u4ef6\u5305\u542b\u5f53\u524d\u4fdd\u5b58\u5728\u78c1\u76d8\u4e0a\u6216\u5df2\u5220\u9664\u7684\u5bf9\u8c61\u3002\u4f5c\u4e3a\u4e00\u79cd\u4e8b\u52a1\u65e5\u5fd7\uff0c\u5b83\u901a\u5e38\u7528\u4e8e\u8c03\u8bd5\u76ee\u7684\u3002\u53ea\u6709\u5728\u5206\u6790\u4e86\u5b8c\u6574\u7684\u65e5\u5fd7\u6587\u4ef6\u4e4b\u540e\uff0c\u624d\u80fd\u786e\u5b9a\u5bf9\u8c61\u662f\u5426\u9a7b\u7559\u5728\u78c1\u76d8\u4e0a\u3002\u5bf9\u8c61\u7684\u91ca\u653e(\u5220\u9664)\u53ef\u80fd\u4f1a\u5728\u4ea4\u6362(\u4fdd\u5b58\u5230\u78c1\u76d8)\u4e4b\u540e\u8bb0\u5f55\u3002<\/p>\n\n\n\n
\n\n\n\n#\u7c97\u7565\u6574\u7406\u4e86\u4e00\u4e2a\u7ecf\u9a8c\u5c31\u662f\uff0c\u683c\u5f0f\u4ee3\u7801\u524d\u9762\u7684\u3010>\u3011\u4ee3\u8868\u4ece\u5ba2\u6237\u7aef\u8fc7\u6765\u7684\uff0c\u3010<\u3011\u4ee3\u8868\u53d1\u9001\u5230\u670d\u52a1\u5668\u7684\uff08sent to server or peer\uff09\n\nConnection related format codes: \u8fde\u63a5\u76f8\u5173\u7684\u683c\u5f0f\u4ee3\u7801\n\n >a Client source IP address \uff08\u5ba2\u6237\u7aef\u6e90IP\uff09\n >A Client FQDN\n >p Client source port \uff08\u5ba2\u6237\u7aef\u6e90\u7aef\u53e3\uff09\n >eui Client source EUI (MAC address, EUI-48 or EUI-64 identifier) \uff08\u5ba2\u6237\u7aef\u6e90mac\u5730\u5740\uff09\n >la Local IP address the client connected to\n >lp Local port number the client connected to\n >qos Client connection TOS\/DSCP value set by Squid\n >nfmark Client connection netfilter packet MARK set by Squid\n\n transport::>connection_id Identifies a transport connection\n accepted by Squid (e.g., a connection carrying the\n logged HTTP request). Currently, Squid only supports\n TCP transport connections.\n\n The logged identifier is an unsigned integer. These\n IDs are guaranteed to monotonically increase within a\n single worker process lifetime, with higher values\n corresponding to connections that were accepted later.\n Many IDs are skipped (i.e. never logged). Concurrent\n workers and restarted workers use similar, partially\n overlapping sequences of IDs.\n\n la Local listening IP address the client connection was connected to.\n lp Local listening port number the client connection was connected to.\n\n <a Server IP address of the last server or peer connection\n <A Server FQDN or peer name\n <p Server port number of the last server or peer connection\n <la Local IP address of the last server or peer connection\n <lp Local port number of the last server or peer connection\n <qos Server connection TOS\/DSCP value set by Squid\n <nfmark Server connection netfilter packet MARK set by Squid\n\n >handshake Raw client handshake\n Initial client bytes received by Squid on a newly\n accepted TCP connection or inside a just established\n CONNECT tunnel. Squid stops accumulating handshake\n bytes as soon as the handshake parser succeeds or\n fails (determining whether the client is using the\n expected protocol).\n\n For HTTP clients, the handshake is the request line.\n For TLS clients, the handshake consists of all TLS\n records up to and including the TLS record that\n contains the last byte of the first ClientHello\n message. For clients using an unsupported protocol,\n this field contains the bytes received by Squid at the\n time of the handshake parsing failure.\n\n See the on_unsupported_protocol directive for more\n information on Squid handshake traffic expectations.\n\n Current support is limited to these contexts:\n - http_port connections, but only when the\n on_unsupported_protocol directive is in use.\n - https_port connections (and CONNECT tunnels) that\n are subject to the ssl_bump peek or stare action.\n\n To protect binary handshake data, this field is always\n base64-encoded (RFC 4648 Section 4). If logformat\n field encoding is configured, that encoding is applied\n on top of base64. Otherwise, the computed base64 value\n is recorded as is.\n\nTime related format codes: \u65f6\u95f4\u76f8\u5173\u7684\u683c\u5f0f\u4ee3\u7801\n\n ts Seconds since epoch \uff08\u7eaa\u5143\u4ee5\u6765\u7684\u79d2\u6570\uff09\n tu subsecond time (milliseconds) \uff08\u4e9a\u79d2\u65f6\u95f4(\u6beb\u79d2)\uff09\n tl Local time. Optional strftime format argument\n default %d\/%b\/%Y:%H:%M:%S %z\n tg GMT time. Optional strftime format argument\n default %d\/%b\/%Y:%H:%M:%S %z\n tr Response time (milliseconds)\n dt Total time spent making DNS lookups (milliseconds) \uff08\u5728DNS\u67e5\u8be2\u4e0a\u82b1\u8d39\u7684\u65f6\u95f4\uff09\n\nHTTP related format codes: HTTP\u76f8\u5173\u7684\u683c\u5f0f\u4ee3\u7801\n\n REQUEST\n\n [http::]rm Request method (GET\/POST etc) \uff08\u8bf7\u6c42\u65b9\u6cd5\uff09\n [http::]>rm Request method from client\n [http::]<rm Request method sent to server or peer\n\n [http::]ru Request URL received (or computed) and sanitized\n\n Logs request URI received from the client, a\n request adaptation service, or a request\n redirector (whichever was applied last).\n\n Computed URLs are URIs of internally generated\n requests and various \"error:...\" URIs.\n\n Honors strip_query_terms and uri_whitespace.\n\n This field is not encoded by default. Encoding\n this field using variants of %-encoding will\n clash with uri_whitespace modifications that\n also use %-encoding.\n\n [http::]>ru Request URL received from the client (or computed)\n\n Computed URLs are URIs of internally generated\n requests and various \"error:...\" URIs.\n\n Unlike %ru, this request URI is not affected\n by request adaptation, URL rewriting services,\n and strip_query_terms.\n\n Honors uri_whitespace.\n\n This field is using pass-through URL encoding\n by default. Encoding this field using other\n variants of %-encoding will clash with\n uri_whitespace modifications that also use\n %-encoding.\n\n [http::]<ru Request URL sent to server or peer\n [http::]>rs Request URL scheme from client\n [http::]<rs Request URL scheme sent to server or peer\n [http::]>rd Request URL domain from client\n [http::]<rd Request URL domain sent to server or peer\n [http::]>rP Request URL port from client\n [http::]<rP Request URL port sent to server or peer\n [http::]rp Request URL path excluding hostname\n [http::]>rp Request URL path excluding hostname from client\n [http::]<rp Request URL path excluding hostname sent to server or peer\n [http::]rv Request protocol version\n [http::]>rv Request protocol version from client\n [http::]<rv Request protocol version sent to server or peer\n\n [http::]>h Original received request header.\n Usually differs from the request header sent by\n Squid, although most fields are often preserved.\n Accepts optional header field name\/value filter\n argument using name[:[separator]element] format.\n [http::]>ha Received request header after adaptation and\n redirection (pre-cache REQMOD vectoring point).\n Usually differs from the request header sent by\n Squid, although most fields are often preserved.\n Optional header name argument as for >h\n\n RESPONSE\n\n [http::]<Hs HTTP status code received from the next hop\n [http::]>Hs HTTP status code sent to the client\n\n [http::]<h Reply header. Optional header name argument\n as for >h\n\n [http::]mt MIME content type\n\n\n SIZE COUNTERS \uff08\u5927\u5c0f\u8ba1\u6570\u5668\uff09\n\n [http::]st Total size of request + reply traffic with client\n [http::]>st Total size of request received from client. Excluding chunked encoding bytes.\n [http::]<st Total size of reply sent to client (after adaptation)\n\n [http::]>sh Size of request headers received from client\n [http::]<sh Size of reply headers sent to client (after adaptation)\n\n [http::]<sH Reply high offset sent\n [http::]<sS Upstream object size\n\n [http::]<bs Number of HTTP-equivalent message body bytes\n received from the next hop, excluding chunked\n transfer encoding and control messages.\n Generated FTP listings are treated as\n received bodies.\n\n TIMING\n\n [http::]<pt Peer response time in milliseconds. The timer starts\n when the last request byte is sent to the next hop\n and stops when the last response byte is received.\n [http::]<tt Total time in milliseconds. The timer\n starts with the first connect request (or write I\/O)\n sent to the first selected peer. The timer stops\n with the last I\/O with the last peer.\n\nSquid handling related format codes: Squid\u5904\u7406\u76f8\u5173\u7684\u683c\u5f0f\u4ee3\u7801\n\n Ss Squid request status (TCP_MISS etc)\n Sh Squid hierarchy status (DEFAULT_PARENT etc)\n\n [http::]request_attempts Number of request forwarding attempts\n\n See forward_max_tries documentation that details what Squid counts\n as a forwarding attempt. Pure cache hits log zero, but cache hits\n that triggered HTTP cache revalidation log the number of attempts\n made when sending an internal revalidation request. DNS, ICMP,\n ICP, HTCP, ESI, ICAP, eCAP, helper, and other secondary requests\n sent by Squid as a part of a master transaction do not increment\n the counter logged for the received request.\n\n\nThe default formats available (which do not need re-defining) are:\n\u53ef\u7528\u7684\u9ed8\u8ba4\u683c\u5f0f(\u4e0d\u9700\u8981\u91cd\u65b0\u5b9a\u4e49)\u662f:\n\nlogformat squid %ts.%03tu %6tr %>a %Ss\/%03>Hs %<st %rm %ru %[un %Sh\/%<a %mt\nlogformat common %>a %[ui %[un [%tl] \"%rm %ru HTTP\/%rv\" %>Hs %<st %Ss:%Sh\nlogformat combined %>a %[ui %[un [%tl] \"%rm %ru HTTP\/%rv\" %>Hs %<st \"%{Referer}>h\" \"%{User-Agent}>h\" %Ss:%Sh\nlogformat referrer %ts.%03tu %>a %{Referer}>h %ru\nlogformat useragent %>a [%tl] \"%{User-Agent}>h\"<\/code><\/pre>\n\n\n\n
\n\n\n\n\u5f53\u901a\u8fc7Squid\u4ee3\u7406\u670d\u52a1\u5668\u6765\u6536\u655b\u5185\u90e8\u670d\u52a1\u5668\u7684\u51fa\u7f51\u8bbf\u95ee\u9700\u6c42\u65f6\uff0c\u5bf9\u4e8e\u6570\u636e\u5b89\u5168\u6765\u8bf4\uff0c\u8981\u5173\u6ce8\u5b83\u65e5\u5fd7\u91cc\u7684\u4e00\u4e9b\u548c\u4e0a\u4f20\u884c\u4e3a\u6709\u5173\u7684\u64cd\u4f5c\uff0c\u6700\u7b80\u5355\u7684\u6bd4\u5982 HTTP POST \u53d1\u9001\u672c\u5730\u6587\u4ef6\u5230\u5916\u7f51\uff0c\u8fd9\u65f6\u8bf7\u6c42\u65b9\u6cd5\u4e3a POST \uff0c\u8bf7\u6c42\u5927\u5c0f\u53c8\u5f88\u5927\uff08\u65e5\u5fd7\u91cc\u7684\u5b57\u6bb5\u5e94\u8be5\u662f[http::]>st Total size of request received from client. Excluding chunked encoding bytes.\uff09\u3002<\/p>\n\n\n\n
\u8bf7\u6c42\u7684\u57df\u540d\u53c8\u662f pastebin.com \u8fd9\u6837\u7684\u7528\u4e8e\u5171\u4eab\u4ee3\u7801\u3001\u6587\u672c\u548c\u6587\u4ef6\u7684\u5e73\u53f0\u3002<\/p>\n\n\n\n
\n\n\n\n##### Step 1: Locating the Squid Logs\n\nSquid logs are typically located in the \/var\/log\/squid\/ directory. The main log files are access.log, cache.log, and store.log.\n\n$ cd \/var\/log\/squid\/\n$ ls\n\n##### Step 2: Understanding the Squid Logs\n\nEach of the log files serves a different purpose:\n* access.log: This file records all the requests processed by the Squid proxy server.\n* cache.log: This is the main Squid log file where general information, warnings, and error messages are logged.\n* store.log: This file contains information about the objects stored and retrieved from the Squid cache.\n\n##### Step 3: Monitoring the Squid Logs\n\nYou can use the tail command to monitor the logs in real-time:\n\n$ tail -f \/var\/log\/squid\/access.log\n\n##### Step 4: Analyzing the Squid Logs\n\nTo analyze the logs, you can use various command-line tools like grep, awk, cut, sort, uniq, etc. For example, to find the top 10 most visited websites, you can use the following command:\n\n$ awk '{print $7}' \/var\/log\/squid\/access.log | sort | uniq -c | sort -nr | head -10\n\n##### Step 5: Setting Up Log Rotation\n\nTo prevent the log files from growing too large, you can set up log rotation using the logrotate utility. You can create a new configuration file for Squid in the \/etc\/logrotate.d\/ directory:\n\n$ nano \/etc\/logrotate.d\/squid\n\nAnd add the following content:\n\n\/var\/log\/squid\/*.log {\n daily\n rotate 7\n compress\n missingok\n notifempty\n sharedscripts\n postrotate\n \/usr\/sbin\/squid -k rotate\n endscript\n}\n\nThis configuration will rotate the logs daily, keep 7 days of logs, compress the old logs, and send a signal to Squid to close and reopen the log files.<\/code><\/pre>\n\n\n\n\u53c2\u8003\u94fe\u63a5\uff1a<\/h5>\n\n\n\n
Squid Log Files
https:\/\/wiki.squid-cache.org\/SquidFaq\/SquidLogs<\/a><\/p>\n\n\n\nSquid Web Cache wiki #nice
https:\/\/wiki.squid-cache.org\/Features\/LogFormat<\/a><\/p>\n\n\n\nSquid configuration directive access_log
https:\/\/www.squid-cache.org\/Doc\/config\/access_log\/<\/a><\/p>\n\n\n\nSquid configuration directive logformat
https:\/\/www.squid-cache.org\/Doc\/config\/logformat\/<\/a><\/p>\n\n\n\nSquid Access.log Meaning Explained #nice
https:\/\/www.roshankarki.com\/2008\/01\/analyze-accesslog.html<\/a><\/p>\n\n\n\nPlease, explain this lines of Squid access.log:
https:\/\/stackoverflow.com\/questions\/52531916\/please-explain-this-lines-of-squid-access-log<\/a><\/p>\n\n\n\nHow to Monitor and Analyze Squid Proxy Server Logs (with Examples)
https:\/\/webhostinggeeks.com\/howto\/monitor-analyze-squid-proxy-server-logs\/<\/a><\/p>\n\n\n\nSquid \u4ee3\u7406\u670d\u52a1\u4e4b\u4f20\u7edf\u4ee3\u7406\u670d\u52a1\u5668\u67b6\u6784\u642d\u5efa
https:\/\/blog.csdn.net\/shenyuanhaojie\/article\/details\/121128443<\/a><\/p>\n\n\n\nSquid \u7f13\u5b58\u4ee3\u7406\uff08\u539f\u7406 + \u5b89\u88c5\u914d\u7f6e\uff09
https:\/\/blog.csdn.net\/shenyuanhaojie\/article\/details\/121123525<\/a><\/p>\n\n\n\nsquid\u4ee3\u7406\u53ca\u5e38\u89c1\u7684\u4ee3\u7406\u4e0a\u7f51
https:\/\/www.ssgeek.com\/post\/squid-dai-li-ji-chang-jian-de-dai-li-shang-wang\/<\/a><\/p>\n\n\n\nsquid\u4ee3\u7406\u4e0e\u7f13\u5b58\uff08\u4e0a\uff09
https:\/\/www.cnblogs.com\/ywb123\/p\/11395954.html<\/a><\/p>\n\n\n\nsquid\u4ee3\u7406\u4e0e\u7f13\u5b58\uff08\u4e0b\uff09
https:\/\/www.cnblogs.com\/ywb123\/p\/11396059.html<\/a><\/p>\n\n\n\n