Home / server / Questions / 819963
Accepted
xendi
Asked: 2016-12-11 06:00:20 +0800 CST

Where is the response size in Squid's access.log?

  • 772

I need to make a program that logs bandwidth usage per-user of a squid proxy. In my access.log I see output such as...

1481377143.042      0 104.123.25.183 TCP_DENIED/407 3829 CONNECT scontent.xx.fbcdn.net:443 - HIER_NONE/- text/html
1481377143.403      0 104.123.25.183 TCP_DENIED/407 3793 CONNECT cx.atdmt.com:443 - HIER_NONE/- text/html
1481377277.865 134623 104.123.25.183 TCP_MISS/200 4118 CONNECT scontent.xx.fbcdn.net:443 star7 HIER_DIRECT/2a03:2880:f022:b:face:b00c:0:3 -
1481377277.868 134626 104.123.25.183 TCP_MISS/200 4116 CONNECT scontent.xx.fbcdn.net:443 star7 HIER_DIRECT/2a03:2880:f022:b:face:b00c:0:3 -

I believe the response size in bytes is supposed to be in there but which entry is it? I realize header size isn't logged so the accuracy won't be perfect but it should be accurate enough. I don't know any better way to keep track of squid user bandwidth usage so this will have to do but I need to know which is the size entry.

logging proxy squid bandwidth

2 Answers

  1. Looks like here http://wiki.squid-cache.org/Features/LogFormat#http_status_codes they say it's the entry right after the http status code so 3829, 3793, etc.

    • 1
  2. Best Answer

    The native log format is:

    "%9d.%03d %6d %s %s/%03d %d %s %s %s %s%s/%s %s"

    With the 5th part (%d after %s/%03d) being:

    bytes The size is the amount of data delivered to the client. Mind that this does not constitute the net object size, as headers are also counted. Also, failed requests may deliver an error page, the size of which is also logged here.

    ref: http://wiki.squid-cache.org/Features/LogFormat

    • 1