KB No. 2559: Understanding the Access.log File Generated by the HTTP Proxy
The access.log file generated by the Squid proxy contains all access to the server. It is therefore very useful.
What is the access.log file?
The access.log file is used to log all access to the server, i.e., all HTTP requests received and how they were processed. The format of this file can be configured using the access_log option in the squid3.conf file.
Example query and its description
Here is an example of an entry in the access.log file:
1265939281.764 1 174.6.170.78 TCP_DENIED/403 734 POST http://lbcore1.metacafe.com/test/SystemInfoManager.php – NONE/- text/html
| 1265939281.764 | Time in Unix format (Fri, 12 Feb 2010 01:48:01 GMT) |
| 1 |
The time taken by the server to process the request (in ms). This processing time varies depending on the mode used (connected or disconnected). For TCP, this is the time elapsed between when the server received the request and when it responded to the client. For UDP, this is the time calculated between when the server plans to respond to the client and when it actually responds. |
| 174.6.170.78 | The client's IP address. This data can be masked to make the logs anonymous. |
| TCP_DENIED/403 | The code resulting from the transaction. This field consists of two entries separated by a slash: the Squid status code and the HTTP code of the origin server's response. Most of these codes are detailed below. |
| 734 | The size of the data delivered to the customer. |
| POST | The method used to retrieve the resource (GET, HEAD, etc.). |
| http://lbcore1.metacafe.com/test/SystemInfoManager.php | The URL of the requested resource. |
| – | User information (disabled by default). |
| NONE/- | A code that indicates how the request was processed. This code may be followed by the IP address to which the request was redirected. |
| text/html | The type of content from the HTTP header of the response (ICP exchanges do not contain this information). |
Main status codes returned by the proxy:
| Code | Meaning |
|---|---|
| TCP_HIT | A valid copy of the requested object was found in the cache. |
| TCP_MISS | The requested object was not found in the cache. |
| TCP_ REFRESH_HIT | The requested object was found in the cache but is considered stale. The IMS request returned a 304-Not Modified code and the cached resource was returned. |
| TCP_REFRESH_FAIL_HIT | The requested object was found in the cache but is considered stale. The IMS request failed and the stale content was delivered to the client. |
| TCP_REFRESH_MISS | The requested object was found in the cache but is considered stale. The IMS request returned the new object. |
| TCP_DENIED | Access has been denied for this request. |
| UDP_HIT | A valid copy of the object was found in the cache. |
| UDP_MISS | The requested object was not in the cache. |
| UDP_DENIED | Access has been denied for this request. |
| UDP_INVALID | An invalid request was received. |
Main HTTP codes encountered
| Code | Message | Meaning |
|---|---|---|
| 200 | OK | Request successfully processed. |
| 204 | Created | Request successfully processed with document creation. |
| 301 | Moved Permanently | Document permanently moved. |
| 302 | Moved Temporarily | Document temporarily moved. |
| 304 | Not Modified | Document unchanged since the last request. |
| 400 | Bad request | The syntax of the query is incorrect. |
| 401 | Unauthorized | Authentication is required to access the resource. |
| 403 | Forbidden | The server understood the request, but refuses to execute it. Unlike error 401, authenticating will make no difference. On servers where authentication is required, this usually means that authentication was accepted but the access rights do not allow the client to access the resource. |
| 404 | Not Found | Page not found. |
| 407 | Proxy Authentication Required | Access to the resource authorized by identification with the proxy. |
| 502 | Bad Gateway or Proxy Error | Incorrect response sent to an intermediate server by another server. |
| 503 | Service Not Available | Service temporarily unavailable or undergoing maintenance. |