Maciek Iwanowski wrote:
> Hello,
>
> I'm trying to force Urchin to understand Squid combined log files. I
> created custom logformat that should match typical Apache combined log
> perfectly:
>
> logformat combined %>a %ui %un [%tl] "%rm %rp HTTP/%rv" %Hs %<st
> "%{Referer}>h" "%{User-Agent}>h"
>
> At the moment I'm trying to make AWStats reading the logs and
> unfortunately it keeps complaining about log format. File is readable
> however for some unknown reason cannot be parsed properly.
>
> This is the example line from the log file:
>
> 172.16.5.143 - - [27/Jun/2008:11:35:14] "GET /modules/system/system.css
> HTTP/1.1" 304 463 "http://gls-tleo.dev/news/current" "Mozilla/5.0 (X11;
> U; Linux i686; en-GB; rv:1.9) Gecko/2008061015 Firefox/3.0"
>
> Has anyone come across this sort of problem?
The Apache combined format is built into squid. You can get it properly
by just setting:
emulate_httpd_log on
access_log /file/path
It also appears to be available for any single log file under the
built-in format name "combined" even if emulate_httpd_log is turned off
in general.
Your format has %rp where apache has %ru, and is missing the %Ss:%Sh
terminating details.
Amos
-- Please use Squid 2.7.STABLE3 or 3.0.STABLE7Received on Fri Jun 27 2008 - 12:46:44 MDT
This archive was generated by hypermail 2.2.0 : Fri Jun 27 2008 - 12:00:05 MDT