Unfortunately output of emulate_httpd_log is not providing enough information (lack of user agent). This is why I'm struggling to get logformat working. It seems that timestamp output is different with emulate_httpd_log. How to force squid to log time in this way without emulating httpd logs? M. -----Original Message----- From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Sent: 27 June 2008 13:47 To: Maciek Iwanowski Cc: squid-users@xxxxxxxxxxxxxxx Subject: Re: Squid 3.0 - log analysis Maciek Iwanowski wrote: > Hello, > > I'm trying to force Urchin to understand Squid combined log files. I > created custom logformat that should match typical Apache combined log > perfectly: > > logformat combined %>a %ui %un [%tl] "%rm %rp HTTP/%rv" %Hs %<st > "%{Referer}>h" "%{User-Agent}>h" > > At the moment I'm trying to make AWStats reading the logs and > unfortunately it keeps complaining about log format. File is readable > however for some unknown reason cannot be parsed properly. > > This is the example line from the log file: > > 172.16.5.143 - - [27/Jun/2008:11:35:14] "GET /modules/system/system.css > HTTP/1.1" 304 463 "http://gls-tleo.dev/news/current"; "Mozilla/5.0 (X11; > U; Linux i686; en-GB; rv:1.9) Gecko/2008061015 Firefox/3.0" > > Has anyone come across this sort of problem? The Apache combined format is built into squid. You can get it properly by just setting: emulate_httpd_log on access_log /file/path It also appears to be available for any single log file under the built-in format name "combined" even if emulate_httpd_log is turned off in general. Your format has %rp where apache has %ru, and is missing the %Ss:%Sh terminating details. Amos -- Please use Squid 2.7.STABLE3 or 3.0.STABLE7
