logformat for squid5 ?

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

logformat for squid5 ?

--Ahmad--
Hello folks

any news for logformat directive for squid 5.x ?
or any alternative thing to it ?
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: logformat for squid5 ?

Alex Rousskov
On 8/1/19 8:55 AM, --Ahmad-- wrote:

> any news for logformat directive for squid 5.x ?

There were many logformat-related changes in v5. What specifically are
you looking for?

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: logformat for squid5 ?

--Ahmad--
In reply to this post by --Ahmad--
i use :
logformat squid %tl %6tr %>a %>p %>la %>lp %Ss/%03Hs %<st %rm %ru %un %Sh/ %<A %<a %<la

in squid 3.x and its working fine , but in 5.x it dont work as i want

Thanks


> On 1 Aug 2019, at 15:55, --Ahmad-- <[hidden email]> wrote:
>
> Hello folks
>
> any news for logformat directive for squid 5.x ?
> or any alternative thing to it ?
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: logformat for squid5 ?

Alex Rousskov
On 8/1/19 9:23 AM, --Ahmad-- wrote:
> i use :
> logformat squid %tl %6tr %>a %>p %>la %>lp %Ss/%03Hs %<st %rm %ru %un %Sh/ %<A %<a %<la
>
> in squid 3.x and its working fine , but in 5.x it dont work as i want

We still do not have enough information to understand the problem you
are trying to solve. Please be specific. For example, describe a
transaction that logs X in v3.5 and Y in v5, and, unless it is really
obvious from X and Y, please explain why you want X and not Y.

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: logformat for squid5 ?

--Ahmad--
ok in squid 3.x
logformat squid %tl %6tr %>a %>p %>la %>lp %Ss/%03Hs %<st %rm %ru %un %Sh/ %<A %<a %<la
check the syntax :

01/Aug/2019:11:29:11 -0400    837 11.11.81.74 50223 22.158.182 11961 TCP_TUNNEL/200 3205 CONNECT www.googletagservices.com:443 mwckpf HIER_DIRECT/ www.googletagservices.com 172.217.15.66 22.22.158.182


lets analyse above .:

1st thing i see the time/date of the request .

then the source ip and source port who hit squid ————>   11.11.81.74 50223
then destination ip and port of squid sender connected to ————> 22.158.182 11961
User of the connection ——> mwckpf
IP resolution of the destination ——————> www.googletagservices.com 172.217.15.66
last thing the external ip address for that connection ———————> 22.22.158.182



Now on squid5.x
i add 
logformat squid %tl %6tr %>a %>p %>la %>lp %Ss/%03Hs %<st %rm %ru %un %Sh/ %<A %<a %<la

but the result is as :
1564669418.690    770 18.212.116.217 TCP_TUNNEL/200 40757 CONNECT www.bing.com:443 abc HIER_DIRECT/204.79.197.200 -

as you see , there is no date , so src port no dst ip/dst port .
no external ip 

i would like as possible to see results as the results in 3.5 .

hope that is clear 

Thanks Alex :)



On 1 Aug 2019, at 16:55, Alex Rousskov <[hidden email]> wrote:

On 8/1/19 9:23 AM, --Ahmad-- wrote:
i use :
logformat squid %tl %6tr %>a %>p %>la %>lp %Ss/%03Hs %<st %rm %ru %un %Sh/ %<A %<a %<la

in squid 3.x and its working fine , but in 5.x it dont work as i want

We still do not have enough information to understand the problem you
are trying to solve. Please be specific. For example, describe a
transaction that logs X in v3.5 and Y in v5, and, unless it is really
obvious from X and Y, please explain why you want X and not Y.

Alex.


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: logformat for squid5 ?

Alex Rousskov
On 8/1/19 11:40 AM, --Ahmad-- wrote:

> logformat squid %tl %6tr %>a %>p %>la %>lp %Ss/%03Hs %<st %rm %ru %un
> %Sh/ %<A %<a %<la

I suspect your Squid v5 is not using your custom logformat. Squid is
using the default logformat. IIRC, Squid v5 warns if you are trying to
redefine the default logformat called "squid" (which is not supported)
instead of adding and using your own. Check Squid output and cache.log
for WARNING and ERROR messages.

Redefining the default logformat may have "worked" in v3, but you should
not do that (in any Squid version). Instead, define and use your own
logformat. For example:

  logformat myAccessLogFormat %tl %6tr ...
  access_log ... logformat=myAccessLogFormat


HTH,

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users