Saturday, January 15, 2011

Squid - logging in regular date and time format, and other options

If you use Squid, you'll know that for the longest time it used Unix epoch system for its logs. There are various ways to convert to readable form such as using SARG, though thats not very elegant. With v2 there was an option to log in regular httpd format, by using the option "emulate_httpd_log", but that no longer works.

Now with Squid v3.x, you can choose your logging format, and you can log different detail to different logs. Great!

In your squid.conf file, add the following:
    # log formats

    access_log /usr/local/squid/var/logs/access.log squid

    access_log /usr/local/squid/var/logs/access-GMTtime.log customformat
    logformat customformat %tg.%03tu response:%tr %>a server:%Hs size:%

The line "# log formats" just tells the reader of the config file, most likely you but you never know, that this bit is to set log file options.

The next line tells squid to log in the old Squid manner, and default details.

The third line tells squid that you want to do something custom: we tell squid to also log to an additional log "access-localtime.log".

The final line defines the options we want. My example uses options chosen pretty much the old defaults details, but using GMT for human readable date / time, and I added some of the new options. For a full list consult the squid manual.

No comments: