Re: logformat for squid5 ?

[--Ahmad-- <ahmed.zaeem@xxxxxxxxxxxx>]

ok in squid 3.x

logformat squid %tl %6tr %>a %>p %>la %>lp %Ss/%03Hs %<st %rm %ru %un %Sh/ %<A %<a %<la

check the syntax :

01/Aug/2019:11:29:11 -0400    837 11.11.81.74 50223 22.158.182 11961 TCP_TUNNEL/200 3205 CONNECT www.googletagservices.com:443 mwckpf HIER_DIRECT/ www.googletagservices.com 172.217.15.66 22.22.158.182

lets analyse above .:

1st thing i see the time/date of the request .

then the source ip and source port who hit squid ————>   11.11.81.74 50223

then destination ip and port of squid sender connected to ————> 22.158.182 11961

Dst URL  —>www.googletagservices.com:443 

User of the connection ——> mwckpf

IP resolution of the destination ——————> www.googletagservices.com 172.217.15.66

last thing the external ip address for that connection ———————> 22.22.158.182

Now on squid5.x

i add 

logformat squid %tl %6tr %>a %>p %>la %>lp %Ss/%03Hs %<st %rm %ru %un %Sh/ %<A %<a %<la

but the result is as :

1564669418.690    770 18.212.116.217 TCP_TUNNEL/200 40757 CONNECT www.bing.com:443 abc HIER_DIRECT/204.79.197.200 -

as you see , there is no date , so src port no dst ip/dst port .

no external ip 

i would like as possible to see results as the results in 3.5 .

hope that is clear 

Thanks Alex :)

On 1 Aug 2019, at 16:55, Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> wrote:

On 8/1/19 9:23 AM, --Ahmad-- wrote:

i use :
logformat squid %tl %6tr %>a %>p %>la %>lp %Ss/%03Hs %<st %rm %ru %un %Sh/ %<A %<a %<la

in squid 3.x and its working fine , but in 5.x it dont work as i want

We still do not have enough information to understand the problem you
are trying to solve. Please be specific. For example, describe a
transaction that logs X in v3.5 and Y in v5, and, unless it is really
obvious from X and Y, please explain why you want X and not Y.

Alex.

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users