Blog
The Blog

KB N° 2559: UNDERSTANDING THE ACCESS.LOG FILE GENERATED BY THE HTTP PROXY

KB Olfeo On-Premise
June 2, 2023

The access.log file generated by the Squid proxy contains all accesses to the server. It is therefore very useful.

What is the access.log file?

The access.log file is used to log all accesses to the server, i.e. all HTTP requests received and how they were processed. The format of this file can be set via the access_log option in the squid3.conf file.

Example query and description

Here's an example of an entry in the access.log file:

1265939281.764 1 174.6.170.78 TCP_DENIED/403 734 POST http://lbcore1.metacafe.com/test/SystemInfoManager.php - NONE/- text/html

1265939281.764 Weather in Unix format (Fri, 12 Feb 2010 01:48:01 GMT)
1

The time taken by the server to process the request (in ms). This processing time differs according to the mode used (connected or disconnected).

For TCP, this is the time elapsed between the server receiving the request and responding to the client.

For UDP, this is the calculated time between when the server plans to respond to the client and when it actually does.

174.6.170.78 The client's IP address. This data can be masked to make the logs anonymous.
TCP_DENIED/403 The code resulting from the transaction. This field is made up of two entries separated by a slash: the Squid status code and the HTTP code of the origin server's response. Most of these codes are described below.
734 The size of the data delivered to the customer.
POST The method used to retrieve the resource (GET, HEAD, etc.).
http://lbcore1.metacafe.com/test/SystemInfoManager.php The URL of the requested resource.
- User information (disabled by default).
NONE/- A code indicating how the request was processed. This code can be followed by the IP address to which the request was redirected.
text/html The content type from the HTTP header of the response (ICP exchanges do not contain this information).

Main status codes returned by the proxy :

Code Meaning
TCP_HIT A valid copy of the requested object has been found in the cache.
TCP_MISS The requested object was not found in the cache.
TCP_ REFRESH_HIT  The requested object was found in the cache but is considered out of date. The IMS request returned a 304-Not Modified code and the cached resource is returned.
TCP_REFRESH_FAIL_HIT The requested object was found in the cache but is considered out of date. The IMS request failed and the expired content was delivered to the client.
TCP_REFRESH_MISS The requested object was found in the cache but is considered out of date. The IMS request returned the new object.
TCP_DENIED Access was refused for this request.
UDP_HIT A valid copy of the object has been found in the cache.
UDP_MISS The requested object was not in the cache.
UDP_DENIED Access was refused for this request.
UDP_INVALID An invalid request has been received.

Main HTTP codes encountered

Code Message Meaning
200 OK Request processed successfully.
204 Created Request successfully processed with document creation.
301 Moved Permanently Document moved permanently.
302 Moved Temporarily Document moved temporarily.
304 Not Modified Document not modified since the last request.
400 Bad request The query syntax is incorrect.
401 Unauthorized Authentication is required to access the resource.
403 Forbidden The server has understood the request, but refuses to execute it. Unlike error 401, authenticating will make no difference. On servers where authentication is required, this usually means that authentication has been accepted, but that access rights do not allow the client to access the resource.
404 Not Found Page not found.
407 Proxy Authentication Required Access to resource authorized by proxy identification.
502 Bad Gateway or Proxy Error Wrong response sent to an intermediate server by another server.
503 Service Unavailable Service temporarily unavailable or under maintenance.