System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

how to check the squid logs of a specific date

 
SOLVED
Go to solution
Maaz
Valued Contributor

how to check the squid logs of a specific date

# tail /var/log/squid/access.log
Print the last 10 lines.

how to check the squid logs of a specific date ?
say I wana print last 10 lines from logs of 25-july-2007

Second should I delete the
access.log, store.log, cache.log
I am asking to delete these files because, these files consumes a lot of disk space, after only 29 days.

# du -h access.log
89M access.log
# du -h store.log
380M store.log
# du -h cache.log
175M cache.log


Regards
3 REPLIES
Rob Leadbeater
Honored Contributor

Re: how to check the squid logs of a specific date

Hi,

You'll probably want to use grep of some form.

# grep "25-july-2007" /var/log/squid/access.log | tail -10

That's assuming of course that that is how the date format is stored in the file. grep is case sensitive, so you might need to change the bit between the "".

Hope this helps,

Regards,

Rob
Stuart Browne
Honored Contributor
Solution

Re: how to check the squid logs of a specific date

Err, no Rob. The date in the squid Access log is an Epoch time.

Maaz, set up logrotate to rotate squid logs as normal, making sure to 'sharedscripts' a 'squid -k rotate' to get squid to let 'em go.

A standard Redhat (well Fedora) distribution for squid should include the following in '/etc/logrotate.d/squid':

--
/var/log/squid/access.log {
weekly
rotate 5
copytruncate
compress
notifempty
missingok
}
/var/log/squid/cache.log {
weekly
rotate 5
copytruncate
compress
notifempty
missingok
}

/var/log/squid/store.log {
weekly
rotate 5
copytruncate
compress
notifempty
missingok
# This script asks squid to rotate its logs on its own.
# Restarting squid is a long process and it is not worth
# doing it just to rotate logs
postrotate
/usr/sbin/squid -k rotate
endscript
}
--

Now, as for searching for a particular date, that's a bit more difficult.

You can use 'date -d "July 25 2007 23:59" +%s' to get you your end time (between 1185371940 and 1185372000 I'd guess). Using 'grep' to search on specific values or just subsets of that, i.e. 'grep "^11853719[0-9][0-9]" /var/log/squid/access.log'.

Anyway, hope this helps you a bit.
One long-haired git at your service...
Geert Van Pamel
Regular Advisor

Re: how to check the squid logs of a specific date

You might also put the Squid log file in Apache-like log format as follows:

vi /etc/squid/squid.conf
...
emulate_httpd_log on

Then you activate the new configuration with:

service squid reload

The advantage is that date/time is now in human readable format ...

You can find more interesting information in my article about Squid http://www.linux-magazine.com/issue/60/Squid_Proxy_Server.pdf