Blog
The Blog

KB N°2598: UNDERSTANDING THE ACCESS.LOG FILE

Olfeo On-Premise knowledge base
June 2, 2023

The access.log file generated by the squid proxy contains a list of all server access events. This makes it a very useful tool.

What does the access.log file do?

The access.log file keeps a log of all server access events, i.e. all HTTP requests received, and the way in which they are processed. The format of this file can be configured using the access_log option for the squid3.conf file.

Example of an access.log entry

1265939281.764 1 174.6.170.78 TCP_DENIED/403 734 POST http://lbcore1.metacafe.com/test/SystemInfoManager.php - NONE/- text/html

Request description:

1265939281.764 Time in Unix format (Fri, 12 Feb 2010 01:48:01 GMT)
1

Time required for server to process request (in ms). This processing time will vary according to the mode used (connected or not connected).

For TCP: It is calculated according to the time the server receives the request and the time it responds to the client.

For UDP: It is calculated according to the time the server triggers the response to the client and the time the response actually occurs.

174.6.170.78 Client IP address. This data can be hidden to ensure logs are anonymous.
TCP_DENIED/403 Code resulting from the transaction. This field consists of two entries separated by a slash: the Squid status code and the HTTP code corresponding to the response from the original server. Most of these codes are explained in further detail below.
734 The size of the data delivered to the client.
POST The method used to retrieve the resource (GET, HEAD, etc.).
http://lbcore1.metacafe.com/test/SystemInfoManager.php The URL of the requested resource.
- User data (deactivated by default).
NONE/- Code that indicates how the request was processed. This code may be followed by the IP address to which the request was redirected.
text/html The content type generated by the HTTP header of the response (ICP exchanges do not include this data).

Main status codes returned by the proxy

Code Meaning
TCP_HIT A valid copy of the requested object was found in the cache.
TCP_MISS The requested object was not found in the cache.
TCP_ REFRESH_HIT  The requested object was found in the cache but is considered invalid. The IMS request returned a 304-Not Modified code and the cached resource was returned.
TCP_REFRESH_FAIL_HIT The requested object was found in the cache but is considered invalid. The IMS request failed and the invalid content was delivered to the client.
TCP_REFRESH_MISS The requested object was found in the cache but is considered invalid. The IMS request returned the new object.
TCP_DENIED Access was refused for this request.
UDP_HIT A valid copy of the requested object was found in the cache.
UDP_MISS The requested object was not found in the cache.
UDP_DENIED Access was refused for this request.
UDP_INVALID An invalid request was received.

Main HTTP codes used

Code Message Meaning
200 OK Request processed successfully.
204 Created Request processed successfully and document created.
301 Moved Permanently Document has been permanently moved.
302 Moved Temporarily Document has been temporarily moved.
304 Not Modified Document has not been modified since the last request.
400 Bad request Request syntax is incorrect.
401 Unauthorized Authentication required in order to access resource.
403 Forbidden The server understands the request, but refuses to process it. Unlike a 401 error, authentication will not make any difference. For servers requiring authentication, this generally means that authentication has been accepted but that the corresponding access rights do not allow the client to access the resource.
404 Not Found Page not found.
407 Proxy Authentication Required Access to resource authorised via proxy identification.
502 Bad Gateway or Proxy Error Bad response sent to an intermediate server by another server.
503 Service Unavailable Service is temporarily unavailable or undergoing maintenance.