Re: [squid-users] Squid 3.1 access_log and log module syslog sets program-name as (squid)
On 25/06/2015 6:49 p.m., YogiBearNL aka Ronald wrote: Squid v2.7: Jun 25 08:36:37 proxy SQUID[16271]: 192.168.2.85 - - [25/Jun/2015:08:36:37 +0200] GET http://tpc.googlesyndication.com/safeframe/1-0-2/html/container.html HTTP/1.1 200 2439 http://tweakers.net/; Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_0) AppleWebKit/400.5.3 (KHTML, like Gecko) Version/5.2.3 Safari/427.8.5 TCP_MISS:DIRECT Squid v3.1.6: Jun 24 21:47:56 proxy (SQUID): 192.168.2.85 - - [24/Jun/2015:21:47:56 +0200] GET http://cdn.viglink.com/images/pixel.gif? HTTP/1.1 200 639 http://www.zdnet.com/blog/central-europe/; Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_0) AppleWebKit/400.5.3 (KHTML, like Gecko) Version/5.2.3 Safari/427.8.5 TCP_MISS:DIRECT When I try to parse the syslog lines, the ones with the (squid) as a program name fail because there are not normal syslog lines. Why is this happening ? And is this fixed in a later release ? Or maybe it's some configuration problem ? Squid (both versions) is using the OS syslog() API to deliver these log entries. The bits up to and inluding the '(SQUID):' and 'SQUID[16271]:' are all generated by the syslog kernel daemon. This is weird output, but I think its due to a change in the syslog application. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Squid 3.1 access_log and log module syslog sets program-name as (squid)
Dear Squid users,
I have a problem with Squid 3.1 on Debian
Squeeze.
squid3 -v
Squid Cache: Version 3.1.6
When I use the syslog
Log module for access_log the syslog lines have a funky program name
called (squid) i.s.o. squid.
This is different from syslog lines of
Squid v2. ( Squid Cache: Version 2.7.STABLE9 ).
I will provide an
example here:
Squid v2.7:
Jun 25 08:36:37 proxy SQUID[16271]:
192.168.2.85 - - [25/Jun/2015:08:36:37 +0200] GET
http://tpc.googlesyndication.com/safeframe/1-0-2/html/container.html
HTTP/1.1 200 2439 http://tweakers.net/; Mozilla/5.0 (Macintosh; Intel
Mac OS X 10_8_0) AppleWebKit/400.5.3 (KHTML, like Gecko) Version/5.2.3
Safari/427.8.5 TCP_MISS:DIRECT
Squid v3.1.6:
Jun 24 21:47:56 proxy
(SQUID): 192.168.2.85 - - [24/Jun/2015:21:47:56 +0200] GET
http://cdn.viglink.com/images/pixel.gif? HTTP/1.1 200 639
http://www.zdnet.com/blog/central-europe/; Mozilla/5.0 (Macintosh;
Intel Mac OS X 10_8_0) AppleWebKit/400.5.3 (KHTML, like Gecko)
Version/5.2.3 Safari/427.8.5 TCP_MISS:DIRECT
When I try to parse the
syslog lines, the ones with the (squid) as a program name fail because
there are not normal syslog lines.
Why is this happening ? And is this
fixed in a later release ? Or maybe it's some configuration problem
?
squid.conf (interesting parts only)
logformat combined %a %ui %un
[%tl] %rm %ru HTTP/%rv %Hs %st %{Referer}h %{User-Agent}h
%Ss:%Sh
access_log syslog:local7 combined
I've googled around and some
other guy had the same issue:
http://serverdown.ttwait.com/que/410957
Thanks,
Ronald
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
