squid 日志详解

 
在squid设置有日志格式设置
 logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
 参数解释如下
 Field name syntax keys:
      {} modifier or argument. Also used to specify header names
      >  request (client)  客户请求
      <  reply (server)    服务端回应
      a  address           访问用户ip地址
      A  address name  访问用户电脑名称
      h  all headers       浏览器头信息
      i  ident                
      p  port                 端口
      r  request line (no query)
      t  time   访问时间
      u  user
      l  local address/port (where request was accepted)

• %>a

• Client source IP address

• %>A

• Client FQDN

• %>p

• Client source port

• %<a

• Server or peer IP address

• %<p

• Server or peer port number

• %<A

• Server IP address or peer name

• %la

• Local IP address where the request was accepted

• %lp

• Local port where the request was accepted

• %lA

• Local port name where the request was accepted

• %ts

• Date of request, seconds since epoch

• %{format}tl

• Date of request, strftime format (localtime)

• %{format}tg

• Date of request, strftime format (gmt)

• %tu

• Date of request, sub-second component

• %tr

• Time to serve the request, in milliseconds

• %{header}>h

• Request header

• %{header:element}>h

• Named request header field element (list headers)

• %{header:separator element}>h

• Named request header field element, using "separator" as field separator (it can be any non-alphanumeric single character)

• %>h

• All request header

• %{header}<h

• Request headers, as for <..h above

• %un

• Authenticated user name or dash

• %ur

• Authenticated user realm or dash

• %us

• Authenticated user scheme or dash

• %ui

• Ident user name

• %Hs

• HTTP status code (200, 404, 407, etc)

• %Ht

• HTTP status text (Not found, etc)

• %Ss

• Squid status code (TCP_HIT, TCP_MISS etc)

• %Se

• Squid error code (ERR_DENIED, ERR_...)

• %Sh

• Squid hierarchy code (FIRST_UP_PARENT, etc)

• %mt

• MIME type of the request

• %rm

• Request method

• %ru

• Request URL, without the query string

• %rq

• Request query string, including ?

• %rp

• Request protocol (i.e. HTTP/1.1)

• %ps

• Peer selection status (DIRECT, PARENT, CD_PARENT_HIT, etc. including the TIMEDOUT_ variant)

• %>sl

• Size of request line

• %>sh

• Size of request headers, including request line

• %>sH

• Size of request headers, excluding request line

• %>sb

• Size of request body, raw received bytes

• %>sB

• Size of request body, excluding transfer encoding

• %>st

• Total size of request

• %<sl

• Size of reply status line

• %<sh

• Size of reply headers, including status line

• %<sH

• Size of reply headers, excluding status line

• %<sb

• Size of reply body, raw transmitted bytes

• %<sB

• Size of reply body, excluding transfer encoding

• %<st

• Total size of reply

• %%

• A literal %

• 
  

• 不记图片类访问日志设置
  acl nolog urlpath_regex \\.gif \\.jpg \\.css \\.js \\.swf
  access_log /data/squid/var/logs/access.log common !nolog