Subject: Adding date & time in squid access log file
By default, squid don't allow you to view "date & time stamp" of currently accessed websites & google searches. But, you may edit "/etc/squid/squid.conf" file to allow the same by modifying below lines.
I. Open your squid.conf and search for the line that starts with access_log or cache_access_log and looks like:
II. Note the last keyword (in this case squid, but it could be common, combined, squidmime)
III. Then look for the line that starts with logformat. In my case, it has shown below.
By default, it is commented. Just need to replace above shown line with below.
logformat squid %tl %6tr %>a %Ss/%03Hs %
Note: You can take a look at squid.conf.default that comes with squid and it's well documented to see other available options for customizing your logs.
Finally, restart/reload squid service & execute below command to verify the configuration of "Date & Time" stamp. Sample example is as given below.
tail -f /var/log/squid/access.log
11/Jun/2013:13:53:47 +0530 22 10.101.19.147 TCP_MEM_HIT/200 2677 GET http://i8.dainikbhaskar.com/thumbnail/69x60/web2images/www.divyabhaskar.co.in/2013/06/10/5548_joke-7.jpg - NONE/- image/jpeg
11/Jun/2013:13:53:49 +0530 569 10.101.19.147 TCP_MISS/200 4881 GET http://i8.dainikbhaskar.com/thumbnail/120x104/web2images/www.divyabhaskar.co.in/2013/06/10/4459_yadav8.jpg - DIRECT/80.150.193.186 image/jpeg
Regards,
Nishith N.Vyas
By default, squid don't allow you to view "date & time stamp" of currently accessed websites & google searches. But, you may edit "/etc/squid/squid.conf" file to allow the same by modifying below lines.
I. Open your squid.conf and search for the line that starts with access_log or cache_access_log and looks like:
access_log /var/log/squid/access.log squid
II. Note the last keyword (in this case squid, but it could be common, combined, squidmime)
III. Then look for the line that starts with logformat. In my case, it has shown below.
logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %
By default, it is commented. Just need to replace above shown line with below.
logformat squid %tl %6tr %>a %Ss/%03Hs %
Note: You can take a look at squid.conf.default that comes with squid and it's well documented to see other available options for customizing your logs.
Finally, restart/reload squid service & execute below command to verify the configuration of "Date & Time" stamp. Sample example is as given below.
tail -f /var/log/squid/access.log
11/Jun/2013:13:53:47 +0530 22 10.101.19.147 TCP_MEM_HIT/200 2677 GET http://i8.dainikbhaskar.com/thumbnail/69x60/web2images/www.divyabhaskar.co.in/2013/06/10/5548_joke-7.jpg - NONE/- image/jpeg
11/Jun/2013:13:53:49 +0530 569 10.101.19.147 TCP_MISS/200 4881 GET http://i8.dainikbhaskar.com/thumbnail/120x104/web2images/www.divyabhaskar.co.in/2013/06/10/4459_yadav8.jpg - DIRECT/80.150.193.186 image/jpeg
Regards,
Nishith N.Vyas
