Robert wrote:
> 192.168.254.14 <User Removed> - [10/Jan/2003:17:05:35 -0500] "GET <snip>
This is in the excellent FAQ under "Squid Log Files? Check here:
http://www.squid-cache.org/Doc/FAQ/FAQ-6.html#ss6.6 - it explains the
differences between the common log format (that you include above) and the
native log format (shown below).
> 1042457104.208 194 192.168.254.14 TCP_MISS/200 2109 GET
The FAQ entry above also shows you how to convert the date in a native log
format line like this one to a readable date using a line like this:
#! /usr/bin/perl -p
s/^\d+\.\d+/localtime $&/e;
Feeding it the line you included above, I get "Mon Jan 13 03:25:04 2003...."
> I am unsure why there are what appears to be two different kinds
> of logging lines located in the logfile. This change appears sometime in
> January of 2003 and I am at a loss as to how to read Snipped 2.
Sounds plausible given the above timestamp. It looks like the server was
running with the emulate_httpd_log tag set to on, then in January someone
either commented it out or switched it to off. The FAQ recommends you keep
the native format (which you apparently now have) and just use the above
type of perl code to convert to human readable format when/if you need it.
I've got an alias so it's a no-brainer. They suggest keeping the native log
format because it has more info than the common log format. As of 3.0 and
with a patch to 2.5Sx you can get enhanced and customizable logging via
Henriks patch (see the post Henrik just made for the 3 things it does - I'm
looking forward to trying it out in 3!).
hth
Adam
Received on Wed Jul 30 2003 - 15:34:14 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:21 MST