squid-cache.org

	Usage:

	logformat <name> <format specification>

	Defines an access log format.

	The <format specification> is a string with embedded % format codes

	% format codes all follow the same basic structure where all but
	the formatcode is optional. Output strings are automatically escaped
	as required according to their context and the output format
	modifiers are usually not needed, but can be specified if an explicit
	output format is desired.

		% ["|[|'|#] [-] [[0]width] [{argument}] formatcode

		"	output in quoted string format
		[	output in squid text log format as used by log_mime_hdrs
		#	output in URL quoted format
		'	output as-is

		-	left aligned
		width	field width. If starting with 0 the
			output is zero padded
		{arg}	argument such as header name etc

	Format codes:

		%	a literal % character
		>a	Client source IP address
		>A	Client FQDN
		>p	Client source port
		<A	Server IP address or peer name
		la	Local IP address (http_port)
		lp	Local port number (http_port)
		<lp     Local port number of the last server or peer connection
		sn	Unique sequence number per log line entry
		ts	Seconds since epoch
		tu	subsecond time (milliseconds)
		tl	Local time. Optional strftime format argument
				default %d/%b/%Y:%H:%M:%S %z
		tg	GMT time. Optional strftime format argument
				default %d/%b/%Y:%H:%M:%S %z
		tr	Response time (milliseconds)
		dt	Total time spent making DNS lookups (milliseconds)

	HTTP cache related format codes:

		[http::]>h	Original request header. Optional header name argument
				on the format header[:[separator]element]
		[http::]>ha	The HTTP request headers after adaptation and redirection. 
				Optional header name argument as for >h
		[http::]<h	Reply header. Optional header name argument
				as for >h
		[http::]un	User name
		[http::]ul	User name from authentication
		[http::]ui	User name from ident
		[http::]us	User name from SSL
		[http::]ue	User name from external acl helper
		[http::]>Hs	HTTP status code sent to the client
		[http::]<Hs	HTTP status code received from the next hop
		[http::]<bs	Number of HTTP-equivalent message body bytes 
				received from the next hop, excluding chunked
				transfer encoding and control messages.
				Generated FTP/Gopher listings are treated as
				received bodies.
		[http::]Ss	Squid request status (TCP_MISS etc)
		[http::]Sh	Squid hierarchy status (DEFAULT_PARENT etc)
		[http::]mt	MIME content type
		[http::]rm	Request method (GET/POST etc)
		[http::]ru	Request URL
		[http::]rp	Request URL-Path excluding hostname
		[http::]rv	Request protocol version
		[http::]et	Tag returned by external acl
		[http::]ea	Log string returned by external acl
		[http::]<st	Sent reply size including HTTP headers
		[http::]>st	Received request size including HTTP headers. In the
				case of chunked requests the chunked encoding metadata
				are not included
		[http::]>sh	Received HTTP request headers size
		[http::]<sh	Sent HTTP reply headers size
		[http::]st	Request+Reply size including HTTP headers
		[http::]<sH	Reply high offset sent
		[http::]<sS	Upstream object size
		[http::]<pt	Peer response time in milliseconds. The timer starts
				when the last request byte is sent to the next hop
				and stops when the last response byte is received.
		[http::]<tt	Total server-side time in milliseconds. The timer 
				starts with the first connect request (or write I/O)
				sent to the first selected peer. The timer stops
				with the last I/O with the last peer.

	If ICAP is enabled, the following two codes become available (as
	well as ICAP log codes documented with the icap_log option):

		icap::tt        Total ICAP processing time for the HTTP
				transaction. The timer ticks when ICAP
				ACLs are checked and when ICAP
				transaction is in progress.

		icap::<last_h	The header of the last ICAP response
				related to the HTTP transaction. Like
				<h, accepts an optional header name
				argument.  Will not change semantics
				when multiple ICAP transactions per HTTP
				transaction are supported.

	If adaptation is enabled the following two codes become available:

		adapt::sum_trs Summed adaptation transaction response
				times recorded as a comma-separated list in
				the order of transaction start time. Each time
				value is recorded as an integer number,
				representing response time of one or more
				adaptation (ICAP or eCAP) transaction in
				milliseconds.  When a failed transaction is
				being retried or repeated, its time is not
				logged individually but added to the
				replacement (next) transaction. See also:
				adapt::all_trs.

		adapt::all_trs All adaptation transaction response times.
				Same as adaptation_strs but response times of
				individual transactions are never added
				together. Instead, all transaction response
				times are recorded individually.

	You can prefix adapt::*_trs format codes with adaptation
	service name in curly braces to record response time(s) specific
	to that service. For example: %{my_service}adapt::sum_trs

	The default formats available (which do not need re-defining) are:

logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt
logformat squidmime %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt [%>h] [%<h]
logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st %Ss:%Sh
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh