The proxy logs and proxy reports can be overviewed via the web interface. But if own insights about the logs are desired, you can find them under /var/log/squid.
By default Squid on IPFire offers, if enabled, 3 different sorts of logs. The access.log, cache.log and the useragent.log.
The access.log
The access.log does not only log all requests to the proxy, but also includes the content of each page.
To get a complete output of the whole log, the following command can be used:
cat /var/log/squid/access.log
# -or-
perl -pe 's/^\d+\.\d+/localtime($&)/e;' /var/log/squid/access.log
To get a realtime output of the Squid log, the following command can be used:
tail -f /var/log/squid/access.log
# -or-
tail -f /var/log/squid/access.log | perl -pe 's/^\d+\.\d+/localtime($&)/e;'
Example:
1332418493.692 138 192.168.5.2 TCP_MISS/200 3853 GET http://wiki.ipfire.org/ ummeegge DIRECT/178.63.73.246 text/html
- time = Specifies the request in millisecond accuracy in the UNIX timestamp format.
- elapsed = The required response time, also measured in milliseconds.
- remotehost = The IP address of the requesting client, this option can be disabled via the proxy WUI.
- code/status = Returns the HTTP-status code/status value of the request. The first value indicates the status code, the second value after the / specifies the associated status value. Wikipedia has here a nice overview on this topic :-) .
- bytes = Returns the delivered size in bytes.
- method = Specifies the kind of the request. An overview of the request methods can be found in here.
- URL = The address of the requested URL.
- User (only with authentication) = If the proxy uses authentication, the user name of the request will be displayed in here.
- peerstatus/peerhost = Here, the return value is specified, on one hand how the request was made and on the other where the request was directed to.
- type = Displays the content-type.
The cache.log
This log is useful to take a look for error and debugging reports which are generated while Squid is running. If there is a misconduct in Squid, this log might be a good place for the first look. The cache.log may also include references to impending problems before they occur.
To get a complete output of the whole log, the following command can be used:
cat /var/log/squid/cache.log
To get a realtime output of the Squid log, the following command can be used:
tail -f /var/log/squid/cache.log
Example of a cache.log output, with modified date edition:
filename = /var/log/squid/cache.log
2012/04/23 13:01:00| storeDirWriteCleanLogs: Starting...
2012/04/23 13:01:00| Finished. Wrote 0 entries.
2012/04/23 13:01:00| Took 0.00 seconds ( 0.00 entries/sec).
2012/04/23 13:01:00| logfileRotate: /var/log/squid/store.log
2012/04/23 13:01:00| logfileRotate: /var/log/squid/access.log
2012/04/23 13:01:00| logfileRotate: /var/log/squid/user_agent.log
2012/04/23 13:01:00| helperOpenServers: Starting 10/10 'redirect_wrapper' processes
2012/04/23 13:01:00| helperOpenServers: Starting 5/5 'ncsa_auth' processes
2012/04/23 13:02:36| Killing master process, pid 14939
2012/04/23 13:02:36| Preparing for shutdown after 180 requests
2012/04/23 13:02:36| Waiting 5 seconds for active connections to finish
2012/04/23 13:02:36| FD 46 Closing HTTP connection
2012/04/23 13:02:36| FD 47 Closing HTTP connection
2012/04/23 13:02:42| Shutting down...
2012/04/23 13:02:42| basic/auth_basic.cc(97) done: Basic authentication Shutdown.
2012/04/23 13:02:42| Closing unlinkd pipe on FD 44
2012/04/23 13:02:42| storeDirWriteCleanLogs: Starting...
2012/04/23 13:02:42| Finished. Wrote 0 entries.
2012/04/23 13:02:42| Took 0.00 seconds ( 0.00 entries/sec).
CPU Usage: 1.603 seconds = 1.127 user + 0.477 sys
Maximum Resident Size: 30672 KB
Page faults with physical i/o: 23
Memory usage for squid via mallinfo():
total space in arena: 3164 KB
Ordinary blocks: 2890 KB 89 blks
Small blocks: 0 KB 1 blks
Holding blocks: 1952 KB 4 blks
Free Small blocks: 0 KB
Free Ordinary blocks: 273 KB
Total in use: 4842 KB 153%
Total free: 273 KB 9%
2012/04/23 13:02:42| Open FD UNSTARTED 7 DNS Socket IPv6
2012/04/23 13:02:42| Open FD READ/WRITE 8 DNS Socket IPv4
2012/04/23 13:02:42| Open FD READ/WRITE 9 Waiting for next request
2012/04/23 13:02:42| Open FD READ/WRITE 18 redirect_wrapper #1
2012/04/23 13:02:42| Open FD UNSTARTED 22 redirect_wrapper #2
2012/04/23 13:02:42| Open FD UNSTARTED 26 redirect_wrapper #3
2012/04/23 13:02:42| Open FD UNSTARTED 30 redirect_wrapper #4
2012/04/23 13:02:42| Open FD UNSTARTED 34 redirect_wrapper #5
2012/04/23 13:02:42| Open FD UNSTARTED 38 redirect_wrapper #6
2012/04/23 13:02:42| Open FD UNSTARTED 40 redirect_wrapper #7
2012/04/23 13:02:42| Open FD UNSTARTED 43 redirect_wrapper #8
2012/04/23 13:02:42| Open FD UNSTARTED 48 redirect_wrapper #9
2012/04/23 13:02:42| Open FD UNSTARTED 50 redirect_wrapper #10
2012/04/23 13:02:42| Open FD UNSTARTED 52 ncsa_auth #1
2012/04/23 13:02:42| Open FD UNSTARTED 54 ncsa_auth #2
2012/04/23 13:02:42| Open FD UNSTARTED 56 ncsa_auth #3
2012/04/23 13:02:42| Open FD UNSTARTED 58 ncsa_auth #4
2012/04/23 13:02:42| Open FD UNSTARTED 60 ncsa_auth #5
2012/04/23 13:02:42| Squid Cache (Version 3.1.19): Exiting normally.
2012/04/23 13:02:49| Creating Swap Directories
2012/04/23 13:02:49| Starting Squid Cache version 3.1.19 for i586-pc-linux-gnu...
2012/04/23 13:02:49| Process ID 17853
2012/04/23 13:02:49| With 4096 file descriptors available
2012/04/23 13:02:49| Initializing IP Cache...
2012/04/23 13:02:49| DNS Socket created at [::], FD 7
2012/04/23 13:02:49| DNS Socket created at 0.0.0.0, FD 8
2012/04/23 13:02:49| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2012/04/23 13:02:49| helperOpenServers: Starting 10/10 'redirect_wrapper' processes
2012/04/23 13:02:49| helperOpenServers: Starting 5/5 'ncsa_auth' processes
2012/04/23 13:02:49| Referer logging is disabled.
2012/04/23 13:02:50| Unlinkd pipe opened on FD 44
2012/04/23 13:02:50| Swap maxSize 0 + 25600 KB, estimated 1969 objects
2012/04/23 13:02:50| Target number of buckets: 98
2012/04/23 13:02:50| Using 8192 Store buckets
2012/04/23 13:02:50| Max Mem size: 25600 KB
2012/04/23 13:02:50| Max Swap size: 0 KB
2012/04/23 13:02:50| Using Least Load store dir selection
2012/04/23 13:02:50| Current Directory is /etc/squid
2012/04/23 13:02:51| Loaded Icons.
2012/04/23 13:02:51| Accepting HTTP connections at 192.168.145.1:800, FD 46.
2012/04/23 13:02:51| Accepting HTTP connections at 192.168.87.1:800, FD 47.
2012/04/23 13:02:51| HTCP Disabled.
2012/04/23 13:02:51| Squid plugin modules loaded: 0
2012/04/23 13:02:51| Ready to serve requests.
2012/04/23 13:02:51| storeLateRelease: released 0 objects
The user_agent.log
This log provides information about the clients, their operating systems and their browsers. The output is divided into 3 segments.
To get a complete output of the whole log, the following command can be used:
cat /var/log/squid/user_agent.log
To get a realtime output of the Squid log, the following command can be used:
tail -f /var/log/squid/user_agent.log
Example:
192.168.57.2 1335178337.240 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:11.0) Gecko/20100101 Firefox/11.0"
- IP Adresse = 192.168.57.2
- UNIX timestamp = 1335178337.240
- Operating system; browser = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:11.0) Gecko/20100101 Firefox/11.0"
Additional logs
Squid still has several logging options which aren´t preconfigured on IPFire per default. To enable them, you have to do a manual configuration.
The store.log
Note - To prevent a high, unnecessary log amount, this log should be turned off after troubleshooting.
The store.log records the disk cache and gives a view into the deposition and the removal of objects. The information in this log is primarily used for debugging. The store.log can be created by adjusting the squid.conf accordingly. How to do this can be read in here. Furthermore, the file store.log must be created first, this can be done in the Squid log directory at /var/log/squid.
touch /var/log/squid/store.log
Take care of the file permissions.
8409 329 -rw-r--r-- 1 squid squid 333540 2012-04-23 13:53 store.log
To activate the store.log the following entry must be done. Example entry in /var/ipfire/proxy/advanced/acls/include.acl:
# Error cache log
cache_store_log /var/log/squid/store.log
Then go to the Advanced web proxy configuration WebGUI page at https://ipfire.localdomain:444/cgi-bin/proxy.cgi, scroll down and click Save and Restart. The use of the WebGUI is necessary, as a simple restart of squid over the console will not propagate the entry to squid.conf.
To get a complete output of the whole log, the following command can be used:
cat /var/log/squid/store.log
# -or-
perl -pe 's/(^\d+)\.\d+/localtime($1)/e;' /var/log/squid/store.log
To get a realtime output of the Squid log, the following command can be used:
tail -f /var/log/squid/store.log
# -or-
tail -f /var/log/squid/store.log | perl -pe 's/(^\d+)\.\d+/localtime($1)/e;'
Example output for the store.log:
[root@ipfire ~] # cat /var/log/squid/store.log
1335181731.212 RELEASE -1 FFFFFFFF 99DB11FB3AF0F128A436C9DF473AF9A3 200 1335181732 -1 375007920 text/html -1/62 POST http://wiki.ipfire.org/lib/exe/ajax.php
1335181763.555 RELEASE -1 FFFFFFFF D7918217B92634040CBB08357DD31A51 200 1335181764 -1 375007920 text/html -1/62 POST http://wiki.ipfire.org/lib/exe/ajax.php
1335181799.926 RELEASE -1 FFFFFFFF AEDEBC70B6CEB9DC73155FBFADD68538 200 1335181801 -1 375007920 text/html -1/62 POST http://wiki.ipfire.org/lib/exe/ajax.php
- time = Specifies the request in millisecond accuracy in the UNIX timestamp format.
- action = Describes the action applied on the object.
- dir_number = Defines the cache_dir stored object number. The first cache_dir number starts with 0
- file_number = Defines the file number of the object. Here, the objects held in memory are described (only memory objects).
- hash = Squid uses a MD5 hash to index the cached object.
- status = Specifies the HTTP response status code.
- datehdr = Reads the date from the header.
- lastmod = Reads the last modification (last modified) part from the header.
- expires = Returns the value of Expires from the HTTP response.
- type = Specifies the name of the "Content-type".
- sizes = Includes two values separated by a slash. The first value stats the "Content-Length" value, the 2nd reads the actual size of the object.
- method = Gives the access method used for the object.
- key = Defines the kind of object, usually the URL.