Monitor Squid web-cache Hits and Misses Live

Squid Live Monitoring

Squid as a program for caching and controlling the flow of data has a series of log files that are updated live as the daemons running processes.

This first one is probably the most key

/var/log/squid/access.log

This very useful gem contains all the information about requests right AFTER they finished being processed by the server.
A basic entry in this log looks like this. The log is tab delimitted and the ‘squid-log’ format is very common including in other programs.

1415278114.790    604 ##Omitted Local IP## TCP_MISS/200 719 POST http://blog.mqbx.nl/wp-admin/admin-ajax.php - HIER_DIRECT/54.66.213.21 application/json

1415278114.790 – Tick of the local cpu. Incremented since system start. Differs from linux system to system.
604 – Ticks to process the request.
##Omitted Local IP## – Local Machine that requested the content
TCP_MISS/200 – TCP_MISS signifies that the requested missed the cache data a TCP_HIT signifies a cache Hit. 200 is the standard HTTP response to for a correctly received response.
719 – The Size in bytes of the responce
POST – the HTTP request Type
http://blog.mqbx.nl/wp-admin/admin-ajax.php – the resource of link requested
HIER_DIRECT/54.66.213.21 – Means the requested was processed completely by this squid server and the IP address is the IP of the destination server.
application/json – the content type header defining the file type inside the HTTP header

The easiest way to watch this data live is with the “tail -f” command

tail -f /var/log/squid/access.log

By doing this you get a scrolling set of messages in plain old black and white, youll need to find a read each in new line that appears for a HIT or MISS.

Why not colour the log?
By copying the following into a executable script in the “/root/bin” directory and making sure “chmod o+x” has been applied to the script. It will colour any HITs in bright green and MISS’s in red.

# !/bin/bash
# !/root/bin/squidtail.sh

trap 'tput sgr0' 0

tail -f /var/log/squid/access.log | awk '/MISS/ {print "\033[31m" $0 "\033[31m"} /HIT/ {print "\033[32m" $0 "\033[32m"}'

Code Note: The Trap line means that upon a code “0”(zero) exit from the tail script the “tput sgr0” command will run.
The reason for this is without it you get a coloured bash prompt upon ctrl+c exiting the program.
Code Note 2: “tput sgr0” is a command that reset your bash prompt back to profile defaults.
Code Note 3: awk is described as the child of grep and sed(two of the greatest linux text manipulation programs), in true linux fashion it is a short name that is easy to remember and start using but next to impossible to master. (You will always end up in the man pages while trying to use it)

Here is a brightly coloured example that has easy reading of all the HITS and MISS(es)
squidtailCaptureEditWithBlur

  1 comment for “Monitor Squid web-cache Hits and Misses Live

  1. Silas
    January 7, 2015 at 6:43 pm

    Looks way better with colors 😉

Leave a Reply to Silas Cancel reply

Your email address will not be published.