trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeremy Utley <jerut...@gmail.com>
Subject Problems with Squid format logging
Date Thu, 14 Jun 2012 19:37:21 GMT
Good afternoon everyone!

We're having some issues with Traffic server's squid format log files,
and I'm wondering if anyone else has ever encountered this type of
situation yet.  First off, a little background on how we have things
set up:

We're running trafficserver 3.0.4 on CentOS 6.2 installed from the
RPMs in the Redhat EPEL repository.  TS is running on the firewall for
our office, acting as a transparent proxy.  IPTables is intercepting
all outbound http traffic and redirecting it at trafficserver
listening on port 8080:

[0:0] -A PREROUTING -m state --state NEW,ESTABLISHED,RELATED -m tcp -s
192.168.x.y/255.255.x.y -p tcp --dport 80 -j REDIRECT --to-port 8080

This was to replace an existing squid setup that wasn't performing
quite as well as we'd like, and functionally, it's been working great
for over a week now.

However, when we were using squid, we also had the program "sarg" (1)
doing a daily analysis of our squid logs.  So I thought, no problem,
TS has the capability to write logfiles in squid format, we can just
use sarg against those logs and continue on as normal.  However, that
is not working.  SARG keeps bailing on what looks to be invalid lines
in the log files generated by traffic server.  A sample of one of
those lines as displayed by "less squid.log" is shown below:



1339592276.829 40 192.168.x.y TCP_MISS/200 1032 GET http:///_tp/js/JSONRequest.
js - DIRECT/www.bravotv.com application/x-javascript -
CY<CA><FD><83><AE>%18%20%5D%16<E4><B6>Y<C5><D7>t<9F>%1Cp%5D<A2>%07<BA>%0CB<F3>
<E5><82><E7>Iw/l<8F><AA>'%7D<93>-<D6><E7>%0DZ%11%18<BE><85>z<FD>l<B1>&<83>I%10
<C9><F2>%16%02<92>%5E%13<F1><E8>?<C4><E2><A7><F6>PÖ¡09<96>%22<FE><8F><FA><B0><C2>Riw<9B>ß?<98><B5>Y0N<9D>2?<F7><AF>1Ó¤<BB>;<FA><BA><9C>V<8A><C6>FF<8C><A0><D1><C1>B<CE>%01%07s<D9>%1C%13O<C7>.<E0><C9><FE><C6><FE><AA>5<B5><EC>ï<B8>*X<A9><8D>p<D3>%1AF8<82><CC>&%0F<A8>b<A5><92>wV<U+0617>s<FE>S<B1>9<8A>'<8C>U<91>2<F8>v<FC><FC>
<EF>%23<B0><E3>E<A1>x<D9>%10<8B>%1F<CA>n<U+0C5F>%1F<CB>o<F3><AC>Z(<98><A7><EB>
<90><E0><81><F4><B7>%5Ek<E6><94>%1AÒ<A0>b<CC><F7>%14<B5>!k<F4>%09<DD>%22%22Ø¥@
<8A>BàÄ<F6>/<97>%22æ<E4>ß®%5D%17<F2><91>ì<E1><BA>rßp5<99>%10?qÈ<8E>%5CG<81><B5>.f̹<F3>:%7E<F8>Ce<E7>h(<98>C<BC><B2>9N%07<B0><FE><F3><B1>h<B3><9B>r<90>%04cp<B0>n
<89><E6>c%1Bb<F6><A0>%11<FE><EA><F1><ED>b<C9>L<8F><BC><8C>B<E9>l%5EI7<8E><AD>
<84>7<AE><8D><F6><8C><E5><D3><E5>:<EA>Q%7F%0D<E6>Ò63<A9>%09<FB><B3><C3>×´<9E><9E>'Þ§<F7>Õ<E8>e<F0>Q/<A9><C8>J<ED>,<99>%18ï§<AB><D4><E3>j<F8>m<94>5<E2>X&<F4><DD>_
<AC>Ç=FyX<F8><AF><E5>%5Dq2<ED>K<9D>%0C;<B4>8%25<B2><CC><DE>P<81>%01%7E<C6>%60.
<AF>Z%1Ak<9F><86><F6>Ö«<CD>A%10<FC><D6>L<92>%17%03Y+h<EF>%10v<C1><F8>h<F1>T%7C%07
<D9><F1><A6>:2%08<9C><FC>%06<AA>%20<B2><88><C7><CE>%20%5D%7E'<A4>+<80><80><9C>J3<FB>%3EA%7B<FA>Lj<8D><F8>%5C<CD>T<87><DC>0<B7>IQ*<CF>IA<9C>9x<B2><99>V<8C><93>
<AE><9D><A5><98>%09<EE>B<9A>p<B9><CB><D9><EC>$<FF><D1>3<EC>%22%10o<9F>)<80><EB>
<FF>)0<D1><DF><C6><F1><80>i<90><85><E5><90>'l<B9><96>P<84>%02<EA><FB><F0><A4>
<CE><E9><EE><FB><EF>l<C9>=<A4>L<AE>%22L%0C<D7>%0Fr%0B%20F)<AA>%5C
INVALID_CODE(45)/1 - text/html

Also of note, the "hex" characters within <> is hilited when looking
at it in less.

Has anyone ever seen output like this from the squid format logs
generated by traffic server?  Any way to solve this problem?

Thanks for any help anyone can give!

--
Jeremy Utley

Mime
View raw message