Re: [squid-users] Parsing access.log - newbie questions from Henrik Nordstrom on 2003-07-31 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 31 Jul 2003 19:28:13 +0200

On Thursday 31 July 2003 15.59, Sergio Chaves wrote:
> Hi everybody.
>
> We installed squid 2.5 a few months ago and we are in need of help.
> Using Perl, I am trying to determine the time a user spent per site
> visited by parsing access.log.
>
> For example: This particular user had 12 "hits" on the same site.
>
> <1st line> 1059393881.234 104 <ourserverIP> TCP_REFRESH_HIT/304
> 296 GET
> http://cdn.netscape.com/wpt_tonr_03/200304221104_db_h1_i1_1_0
> <user> DIRECT/64.12.54.217 -
>
> <10more lines in between>
>
> <last line> 1059393881.453 99 <ourserverIP> TCP_REFRESH_HIT/304
> 296 GET http://cdn.netscape.com/wpton_03/dot_d2c9ab <user>
> DIRECT/64.12.54.249 -
>
>
> My questions are :
> 1 - Is the elapsed time - 104 (first line) - the amount of time the
> user spent when connected or, is it just the time taken to
> establish the connection?

It is the amount of milliseconds it took to deliver that request to
the user.

HTTP is stateless. There is no sessions. The user just sends a request
for a object and receives the object back to be used as pleased by
the browser.

> 2 - For this purpose, is it better/more accurate to use the
> timestamps - 1059393881.234 (line one) - and go from there?

This is what you have to use.

> 3 - Some of the "hits" - same http - do not contain the user (want
> to parse using username) in it. Why? I read the FAQ about the
> rfc931 but what puzzles is that when the user is visiting the same
> site, squid sometimes does not record username; ident_lookups is
> on.

Because Squid does not wait for the ident lookup to complete unless it
has to by your access controls.

Cache hits are usually very fast, and the request is very often
finished before the ident lookup has completed.

> 4 - Is there a way to have the individual<workstationIP> logged as
> the client request ip instead of <ourserverIP>?

???

The Squid logs always have the individual client IP.

To the rest of the worls your Squid is the client, per the nature of
being a proxy.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com

Received on Thu Jul 31 2003 - 11:28:35 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:22 MST