KB N° 2559: UNDERSTANDING THE ACCESS.LOG FILE GENERATED BY THE HTTP PROXY
The access.log file generated by the Squid proxy contains all accesses to the server. It is therefore very useful.
What is the access.log file?
The access.log file is used to log all accesses to the server, i.e. all HTTP requests received and how they were processed. The format of this file can be set via the access_log option in the squid3.conf file.
Example query and description
Here's an example of an entry in the access.log file:
1265939281.764 1 174.6.170.78 TCP_DENIED/403 734 POST http://lbcore1.metacafe.com/test/SystemInfoManager.php - NONE/- text/html
1265939281.764 | Weather in Unix format (Fri, 12 Feb 2010 01:48:01 GMT) |
1 |
The time taken by the server to process the request (in ms). This processing time differs according to the mode used (connected or disconnected). For TCP, this is the time elapsed between the server receiving the request and responding to the client. For UDP, this is the calculated time between when the server plans to respond to the client and when it actually does. |
174.6.170.78 | The client's IP address. This data can be masked to make the logs anonymous. |
TCP_DENIED/403 | The code resulting from the transaction. This field is made up of two entries separated by a slash: the Squid status code and the HTTP code of the origin server's response. Most of these codes are described below. |
734 | The size of the data delivered to the customer. |
POST | The method used to retrieve the resource (GET, HEAD, etc.). |
http://lbcore1.metacafe.com/test/SystemInfoManager.php | The URL of the requested resource. |
- | User information (disabled by default). |
NONE/- | A code indicating how the request was processed. This code can be followed by the IP address to which the request was redirected. |
text/html | The content type from the HTTP header of the response (ICP exchanges do not contain this information). |
Main status codes returned by the proxy :
Code | Meaning |
---|---|
TCP_HIT | A valid copy of the requested object has been found in the cache. |
TCP_MISS | The requested object was not found in the cache. |
TCP_ REFRESH_HIT | The requested object was found in the cache but is considered out of date. The IMS request returned a 304-Not Modified code and the cached resource is returned. |
TCP_REFRESH_FAIL_HIT | The requested object was found in the cache but is considered out of date. The IMS request failed and the expired content was delivered to the client. |
TCP_REFRESH_MISS | The requested object was found in the cache but is considered out of date. The IMS request returned the new object. |
TCP_DENIED | Access was refused for this request. |
UDP_HIT | A valid copy of the object has been found in the cache. |
UDP_MISS | The requested object was not in the cache. |
UDP_DENIED | Access was refused for this request. |
UDP_INVALID | An invalid request has been received. |
Main HTTP codes encountered
Code | Message | Meaning |
---|---|---|
200 | OK | Request processed successfully. |
204 | Created | Request successfully processed with document creation. |
301 | Moved Permanently | Document moved permanently. |
302 | Moved Temporarily | Document moved temporarily. |
304 | Not Modified | Document not modified since the last request. |
400 | Bad request | The query syntax is incorrect. |
401 | Unauthorized | Authentication is required to access the resource. |
403 | Forbidden | The server has understood the request, but refuses to execute it. Unlike error 401, authenticating will make no difference. On servers where authentication is required, this usually means that authentication has been accepted, but that access rights do not allow the client to access the resource. |
404 | Not Found | Page not found. |
407 | Proxy Authentication Required | Access to resource authorized by proxy identification. |
502 | Bad Gateway or Proxy Error | Wrong response sent to an intermediate server by another server. |
503 | Service Unavailable | Service temporarily unavailable or under maintenance. |