Custom Log Formats with Squid

[The first in a series of posts to help me (and hopefully others) remember how to get `Zope <http://zope.org>`_ running behind Squid.]

In a world where lots and lots of tools have been written to analyze Apache httpd logs, it’s a little annoying we can’t use the same tools for Squid, especially if we’re using it to accelerate our website. Luckily the kind folks at Zope Corp have written a handy patch for Squid to enable custom log formats. Unluckily the documentation is, well, a little terse. We wanted to generate Squid access logs in Apache’s “combined” format. So here’s what you do:

  1. Build a patched version of Squid 2.5. The patch is available at http://devel.squid-cache.org/customlog/

  2. Modify squid.conf. In our case we added two lines:

    logformat httpd %>a - %un [%{%d/%b/%Y:%H:%M:%S %z}tl] "%rm %ru" %Hs %&lt;st "%{Referer}>h" "%{User-agent}>h"
    access_log /usr/local/squid/var/logs/combined.log httpd
    
  3. Restart Squid.

For something so simple, its amazing how long you can flounder trying to figure out what needs to be quoted, which direction the greater than or less than signs need to go, etc. Note that in this case we’ve defined an entirely new access_log. Once you’re convinced that the new log is what you want, you can disable the standard one by setting cache_access_log none.

For those who want a different format, the complete list of fields available to the logformat directive is available at http://devel.squid-cache.org/customlog/logformat.html.

date:2005-11-08 09:53:54
wordpress_id:349
layout:post
slug:custom-log-formats-with-squid
comments:
category:General