KB No. 2598: Understanding the access.log file
The access.log file generated by the squid proxy contains a list of all server access events. This makes it a very useful tool.
What does the access.log file do?
Theaccess.logfile keeps a log of all server access events, i.e. all HTTP requests received, and the way in which they are processed. The format of this file can be configured using the access_log option for thesquid3.conffile.
Example of an access.log entry
1265939281.764 1 174.6.170.78 TCP_DENIED/403 734 POST http://lbcore1.metacafe.com/test/SystemInfoManager.php – NONE/- text/html
Description of the request:
| 1265939281.764 | Time in Unix format (Fri, February 12, 2010 01:48:01 GMT) |
| 1 |
Time required for the server to process the request (in milliseconds). This processing time will vary depending on the mode used (connected or not connected). For TCP: It is calculated based on the time the server receives the request and the time it responds to the client. For UDP: It is calculated based on the time the server triggers the response to the client and the time the response actually occurs. |
| 174.6.170.78 | Client IP address. This data can be hidden to ensure logs are anonymous. |
| TCP_DENIED/403 | Code resulting from the transaction. This field consists of two entries separated by a slash: the Squid status code and the HTTP code corresponding to the response from the original server. Most of these codes are explained in further detail below. |
| 734 | The size of the data delivered to the client. |
| POST | The method used to retrieve the resource (GET, HEAD, etc.). |
| http://lbcore1.metacafe.com/test/SystemInfoManager.php | The URL of the requested resource. |
| – | User data (disabled by default). |
| NONE/- | Code that indicates how the request was processed. This code may be followed by the IP address to which the request was redirected. |
| text/html | The content type generated by the HTTP header of the response (ICP exchanges do not include this data). |
Main status codes returned by the proxy
| Code | Meaning |
|---|---|
| TCP_HIT | A valid copy of the requested object was found in the cache. |
| TCP_MISS | The requested object was not found in the cache. |
| TCP_ REFRESH_HIT | The requested object was found in the cache but is considered invalid. The IMS request returned a 304-Not Modified code and the cached resource was returned. |
| TCP_REFRESH_FAIL_HIT | The requested object was found in the cache but is considered invalid. The IMS request failed and the invalid content was delivered to the client. |
| TCP_REFRESH_MISS | The requested object was found in the cache but is considered invalid. The IMS request returned the new object. |
| TCP_DENIED | Access was denied for this request. |
| UDP_HIT | A valid copy of the requested object was found in the cache. |
| UDP_MISS | The requested object was not found in the cache. |
| UDP_DENIED | Access was denied for this request. |
| UDP_INVALID | An invalid request was received. |
Main HTTP codes used
| Code | Message | Meaning |
|---|---|---|
| 200 | OK | Request processed successfully. |
| 204 | Created | Request processed successfully and document created. |
| 301 | Moved Permanently | Document has been permanently moved. |
| 302 | Moved Temporarily | Document has been temporarily moved. |
| 304 | Not Modified | Document has not been modified since the last request. |
| 400 | Bad request | The request syntax is incorrect. |
| 401 | Unauthorized | Authentication is required to access the resource. |
| 403 | Forbidden | The server understands the request, but refuses to process it. Unlike a 401 error, authentication will not make any difference. For servers requiring authentication, this generally means that authentication has been accepted but that the corresponding access rights do not allow the client to access the resource. |
| 404 | Not Found | Page not found. |
| 407 | Proxy Authentication Required | Access to resources authorized via proxy identification. |
| 502 | Bad Gateway or Proxy Error | Bad response sent to an intermediate server by another server. |
| 503 | Service Not Available | Service is temporarily unavailable or undergoing maintenance. |