Thursday, October 25, 2012

Informasi access.log

Ini pertama kalinya saya install proxy. Saya install squid LUSCA_HEAD-r14809. Sebagai nubie saya asal ngikut tutorial aja dan tidak paham teori-teorinya :D Jadinya, pas terjadi eror, pusinglah saya tak tau harus berbuat apa (halah lebay).
Oke, cukup curhatnya, intinya sekarang saya mau share saja informasi-informasi yang ada di access.log. untuk listening proxy kita. Untuk listening kita bisa pakai perintah tail -f. Misalnya file access.log saya ada di directory  var/log/squid, maka saya masukan perintah berikut :
  tail -f /var/log/squid/access.log
biar informasi yang ditampilkan bisa warna-warni indah dipandang mata dan lebih utama yaitu mudah membacanya, maka tambahkan ccze, jadi seperti ini
tail -f /var/log/squid/access.log | ccze
tp sebelumnya install ccze nya bisa dari packagenya langsung. Tapi apa itu ccze? lain kali insyaAlloh saya juga postingin itu biar saya ga lupa. tapi kali ini, access.log dulu deh.
Setelah masukkan perintah tadi kita dapat informasi misalnya seperti gambar berikut
klik gambar untuk memperbesar

 nah, karena masih neubie, saya bingung membaca informasi-informasi tersebut.
Akhirnya saya dapat informasi keterangan dari informasi-informasi tersebut dari sini
Berikut saya tempelkan informasinya

Native Format (emulate_httpd_log off) 
Timestamp Elapsed Client Action/Code Size Method URI Ident Hierarchy/From Content
 
Common Format (emulate_httpd_log on) 
Client Ident - [Timestamp1] "Method URI" Type Size
with:

dengan keterangan sebagai berikut:
Timestamp
The time when the request is completed (socket closed). The format is "Unix time" (seconds since Jan 1, 1970) with millisecond resolution.
Timestamp1
When the request is completed (Day/Month/CenturyYear:Hour:Minute:Second GMT-Offset)
Elapsed
The elapsed time of the request, in milliseconds. This is the time between the accept() and close() of the client socket.
Client
The IP address of the connecting client, or the FQDN if the 'log_fqdn' option is enabled in the config file.
Action
The Action describes how the request was treated locally (hit, miss, etc). All the tags are described below.
Code
The HTTP reply code taken from the first line of the HTTP reply header. For ICP requests this is always "000." If the reply code was not given, it will be logged as "555."
Size
For TCP requests, the amount of data written to the client. For UDP requests, the size of the request. (in bytes)
Method
The HTTP request method (GET, POST, etc), or ICP_QUERY for ICP requests.
URI
The requested URI.
Ident
The result of the RFC931/ident lookup of the client username. If RFC931/ident lookup is disabled (default: `ident_lookup off'), it is logged as - .
Hierarchy
A description of how and where the requested object was fetched.
From
Hostname of the machine where we got the object.
Content
Content-type of the Object (from the HTTP reply header).
 
Action
"TCP_" refers to requests on the HTTP port (3128)
TCP_HIT A valid copy of the requested object was in the cache.
TCP_MISS The requested object was not in the cache.
TCP_REFRESH_HIT An expired copy of the requested object was in the cache. Squid made an If-Modified-Since request and the response was "Not Modified."
TCP_REFRESH_FAIL_HIT An expired copy of the requested object was in the cache. Squid attempted to make an If-Modified-Since request, but it failed. The old (stale) object was delivered to the client.
TCP_REFRESH_MISS An expired copy of the requested object was in the cache. Squid made an If-Modified-Since request and received a new, different object.
TCP_CLIENT_REFRESH The client issued a request with the "no-cache" pragma. ("reload" - handled as MISS)
TCP_IMS_HIT An If-Modified-Since GET request was received from the client. A valid copy of the object was in the cache (fresh).
TCP_IMS_MISS An If-Modified-Since GET request was received from the client. The requested object was not in the cache (stale).
TCP_SWAPFAIL The object was believed to be in the cache, but could not be accessed.
TCP_DENIED Access was denied for this request.
 
"UDP_" refers to requests on the ICP port (3130)
UDP_HIT A valid copy of the requested object was in the cache
UDP_HIT_OBJ Same as UDP_HIT, but the object data was small enough to be sent in the UDP reply packet. Saves the following TCP request.
UDP_MISS The requested object was not in the cache
UDP_DENIED Access was denied for this request
UDP_INVALID An invalid request was received.
UDP_RELOADING The neighbor cache is reloading its disk store metadata and does not want any TCP requests for MISSES until it is finished.
 
Errors
ERR_READ_TIMEOUT The remote site or network is unreachable - may be down.
ERR_LIFETIME_EXP The remote site or network may be too slow or down.
ERR_NO_CLIENTS_BIG_OBJ All Clients went away before tranmission completed and the object is too big to cache.
ERR_READ_ERROR The remote site or network may be down.
ERR_CLIENT_ABORT Client dropped connection before transmission completed. Squid fetches the Object according to its settings for `quick_abort'.
ERR_CONNECT_FAIL The remote site or server may be down.
ERR_INVALID_REQ Invalid HTTP request
ERR_UNSUP_REQ Unsupported request
ERR_INVALID_URL Invalid URL syntax
ERR_NO_FDS Out of file descriptors
ERR_DNS_FAIL DNS name lookup failure
ERR_NOT_IMPLEMENTED Protocol Not Supported
ERR_CANNOT_FETCH The requested URL can not currently be retrieved.
ERR_NO_RELAY There is no WAIS relay host defined for this cache.
ERR_DISK_IO The system disk is out of space or failing.
ERR_ZERO_SIZE_OBJECT The remote server closed the connection before sending any data.
ERR_FTP_DISABLED This cache is configured to NOT retrieve FTP objects.
ERR_PROXY_DENIED Access Denied. The user must authenticate himself before accessing this cache.
 
Methodes
GET Request URL
HEAD Request only HTTP headers of the supplied URL and no document body
POST Transfer data to the supplied URL
PUT Store data under the supplied URL
CONNECT Forward data to SSL-Server:Port
ICP_QUERY Request from a Parent/Neighbor for the supplied URL
NONE Request of an unsupported method
 
Hierarchy
NONE The object requested by a sibling, was not in my cache.
DIRECT The object has been requested from the origin server.
SIBLING_HIT The object was requested from a neighbor cache which replied with a UDP_HIT (formerly logged as NEIGHBOR_HIT).
PARENT_HIT The object was requested from a parent cache which replied with a UDP_HIT.
DEFAULT_PARENT The object was requested from a default parent cache appropriate for this URL.
SINGLE_PARENT The object was requested from the only parent cache appropriate for this URL.
FIRST_UP_PARENT The object has been requested from the first available parent in your list.
NO_PARENT_DIRECT The object was requested from the origin server because no parent caches exist for the URL.
FIRST_PARENT_MISS The object has been requested from the parent cache with the fastest weighted round trip time.
ROUNDROBIN_PARENT No ICP queries were received from any parent caches. This parent was chosen because it was marked as 'default' in the config file and it had the lowest round-robin use count.
CLOSEST_PARENT_MISS This parent was selected because it included the lowest RTT measurement to the origin server. This only appears with 'query_icmp on' set in the config file.
CLOSEST_DIRECT The object was fetched directly from the origin server because this cache measured a lower RTT than any of the parent caches.
LOCAL_IP_DIRECT The object has been requested from the origin server because the origin host IP address matched your 'local_ip' list.
FIREWALL_IP_DIRECT The object has been requested from the origin server because the origin host IP address is inside your firewall.
NO_DIRECT_FAIL The object could not be requested because of firewall restrictions and no parent caches were available.
SOURCE_FASTEST The object was requested from the origin server because the 'source_ping' reply arrived first.
SIBLING_UDP_HIT_OBJ The object was received in a UDP_HIT_OBJ reply from a neighbor cache (formerly logged as UDP_HIT_OBJ).
PARENT_UDP_HIT_OBJ The object was received in a UDP_HIT_OBJ reply from a parent cache (formerly logged as UDP_HIT_OBJ).
PASSTHROUGH_PARENT The neighbor or proxy defined in the config option 'passthrough_proxy' was used.
SSL_PARENT_MISS The neighbor or proxy defined in the config option 'ssl_proxy' was used.
 
 
Semoga bermanfaat ^_^
 
    

No comments:

Post a Comment