Squid 代理服务器日志管理

简介：

Squid 服务器日志增长是很快的，如果不做处理的话，可以会由于系统限制单文件大小，而导致 Squid 服务停止，太大的日志文件也不适合分析。

一、日志配置

shell > grep 'log' /etc/squid/squid.conf

cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
logfile_rotate 7

## 这是 squid.conf 中关于 log 的配置项，分别定义了三个日志文件 access.log cache.log store.log
## logfile_rotate 7 代表保留 6 个历史日志文件，跟 1 个当前日志文件

## 默认 Squid 是不作日志切割的，系统允许写多大，那么日志文件就写多大

shell > squid -k rotate

## 使用 squid -k rotate 来切割日志，切割的日志名按 .0 .1 .2 .3 .... 保存

shell > ls /var/log/squid/*.log*
/var/log/squid/access.log    /var/log/squid/cache.log    /var/log/squid/store.log
/var/log/squid/access.log.0  /var/log/squid/cache.log.0  /var/log/squid/store.log.0

shell > crontab -e
0 3 * * * /usr/sbin/squid -k rotate

## 使用任务计划来定期切割日志

shell > ls /var/log/squid/access.log*
/var/log/squid/access.log    /var/log/squid/access.log.1  /var/log/squid/access.log.3  /var/log/squid/access.log.5
/var/log/squid/access.log.0  /var/log/squid/access.log.2  /var/log/squid/access.log.4  /var/log/squid/access.log.6

shell > ls /var/log/squid/cache.log*
/var/log/squid/cache.log    /var/log/squid/cache.log.1  /var/log/squid/cache.log.3  /var/log/squid/cache.log.5
/var/log/squid/cache.log.0  /var/log/squid/cache.log.2  /var/log/squid/cache.log.4  /var/log/squid/cache.log.6

shell > ls /var/log/squid/store.log*
/var/log/squid/store.log    /var/log/squid/store.log.1  /var/log/squid/store.log.3  /var/log/squid/store.log.5
/var/log/squid/store.log.0  /var/log/squid/store.log.2  /var/log/squid/store.log.4  /var/log/squid/store.log.6

## 由于参数 logfile_rotate 7 的限定，每个日志文件最多保存 7 个（ 自动删除 ）

二、日志分析

/var/log/squid/access.log

## 时间戳          默认以 UTC 1970-01-01 00:00:00 到现在的秒数表示，显示为毫秒
   响应时间        处理所用时间，毫秒
   客户端地址      客户端 IP 地址
   结果码/状态码   结果码表示 Squid 专有的编码，如 TCP_HIT 、UDP_DENIED 等，状态码是 HTTP 的响应代码，如 200、301、404、503 等
   传输 Size       给客户端传输字节数
   请求方式        HTTP 或 ICP 两种，HTTP 一般为 GET ，ICP 一般为 ICP_QUERY
   URL             请求的 URL 地址
   客户端身份      
   对端编码/对端主机   
   内容类型        HTTP 响应的内容类型
   HTTP 请求头部
   HTTP 响应头部

## access.log 结果码（ 部分常见的，更多请常找相关资料 ）

TCP_HIT

## 在硬盘中发现有效请求资源并立即回传给用户的数据

TCP_MISS

## 没有被缓存，并回传给用户的数据

TCP_MEM_HIT

## 在内存中发现有效的请求资源并立即回传给用户的数据

TCP_REFRESH_UNMODIFIED

## 请求资源可能是旧的缓存，发送确认请求到原始服务器，原始服务器返回 304 未修改响应，指示 Squid 的缓存是最新的。并回传给用户的数据

TCP_REFRESH_MODIFIED

## 请求资源可能是旧的缓存，发送确认请求到原始服务器，原始服务器返回新的数据，指示这个缓存是旧的，缓存并回传给用户的数据

shell > cat /var/log/squid/access.log | grep TCP_HIT

## 被缓存到硬盘并回传给用户的数据

shell > cat /var/log/squid/access.log | grep TCP_MEM_HIT

## 被缓存到内存并回传给用户的数据

shell > cat /var/log/squid/access.log | grep TCP_MISS

## 没有被缓存的数据，而是从原始服务器获取并回传给用户的数据

三、缓存命中率

shell > squidclient -h 192.168.1.88 -p 80 mgr:info

HTTP/1.0 200 OK
Server: squid/3.1.10
Mime-Version: 1.0
Date: Wed, 07 Jan 2015 08:09:10 GMT
Content-Type: text/plain
Expires: Wed, 07 Jan 2015 08:09:10 GMT
Last-Modified: Wed, 07 Jan 2015 08:09:10 GMT
X-Cache: MISS from study.localhost.localdomain
X-Cache-Lookup: MISS from study.localhost.localdomain:80
Via: 1.0 study.localhost.localdomain (squid/3.1.10)
Connection: close

Squid Object Cache: Version 3.1.10
Start Time:     Wed, 07 Jan 2015 07:03:04 GMT
Current Time:   Wed, 07 Jan 2015 08:09:10 GMT
Connection information for squid:
        Number of clients accessing cache:      2
        Number of HTTP requests received:       741
        Number of ICP messages received:        0
        Number of ICP messages sent:    0
        Number of queued ICP replies:   0
        Number of HTCP messages received:       0
        Number of HTCP messages sent:   0
        Request failure ratio:   0.00
        Average HTTP requests per minute since start:   11.2
        Average ICP messages per minute since start:    0.0
        Select loop called: 36984 times, 107.235 ms avg
Cache information for squid:
        Hits as % of all requests:      5min: 0.0%, 60min: 86.0%              ## 请求命中率 5分内平均 0.0% ,60分内平均 86.0%
        Hits as % of bytes sent:        5min: 100.0%, 60min: 99.1%            ## 字节命中率
        Memory hits as % of hit requests:       5min: 0.0%, 60min: 0.0%       ## 内存命中率
        Disk hits as % of hit requests: 5min: 0.0%, 60min: 13.5%              ## 磁盘命中率
        Storage Swap size:      31228 KB                                      ## 缓存目录大小
        Storage Swap capacity:   0.7% used, 99.3% free
        Storage Mem size:       108 KB                                        ## 缓存内存大小
        Storage Mem capacity:    0.0% used, 100.0% free
        Mean Object Size:       255.97 KB
        Requests given to unlinkd:      0
Median Service Times (seconds)  5 min    60 min:
        HTTP Requests (All):   0.00000  0.00463
        Cache Misses:          0.00000  0.04277
        Cache Hits:            0.00000  0.08265
        Near Hits:             0.00000  0.00286
        Not-Modified Replies:  0.00000  0.00000
        DNS Lookups:           0.00000  0.00000
        ICP Queries:           0.00000  0.00000
Resource usage for squid:
        UP Time:        3965.980 seconds
        CPU Time:       4.601 seconds
        CPU Usage:      0.12%
        CPU Usage, 5 minute avg:        0.02%
        CPU Usage, 60 minute avg:       0.12%
        Process Data Segment Size via sbrk(): 3692 KB
        Maximum Resident Size: 79968 KB
        Page faults with physical i/o: 1
Memory accounted for:
        Total accounted:          474 KB   1%
        memPool accounted:        474 KB   1%
        memPool unaccounted:    38133 KB  99%
        memPoolAlloc calls:    225264
        memPoolFree calls:     228120
File descriptor usage for squid:
        Maximum number of file descriptors:   65535
        Largest file desc currently in use:     17
        Number of file desc currently in use:   10
        Files queued for open:                   0
        Available number of file descriptors: 65525
        Reserved number of file descriptors:   100
        Store Disk files open:                   0
Internal Data Structures:
           149 StoreEntries
            27 StoreEntries with MemObjects
            26 Hot Object Cache Items
           122 on-disk objects