Squid
Configuration¶
Collect metrics from Squid using squid-exporter, and DataKit uses the prom collector to receive metrics sent by squid-exporter.
Expose Squid Metrics¶
-
Download squid-exporter
-
Run
squid-exporter
squid-exporter exposes port 9301 and provides Prometheus-formatted metrics.
Collector Configuration¶
Copy prom.conf.sample to squid.conf
Adjust the configuration file squid.conf
## Exporter URLs.
urls = ["http://127.0.0.1:9301/metrics"]
## Stream Size.
## The source stream segmentation size, (defaults to 1).
## 0 source stream undivided.
# stream_size = 1
## Unix Domain Socket URL. Using socket to request data when not empty.
uds_path = ""
## Ignore URL request errors.
ignore_req_err = false
## Collector alias.
source = "squid-prom"
...
Metrics¶
| Metric | Description | Unit |
|---|---|---|
client_http_errors_total |
Total number of client HTTP requests that returned errors (4xx/5xx) | times |
client_http_hit_kbytes_out_bytes_total |
Outbound traffic when client HTTP hits (HIT) | KB |
client_http_hits_total |
Total number of client HTTP cache hits | times |
client_http_kbytes_in_kbytes_total |
Inbound traffic from client HTTP requests | KB |
client_http_kbytes_out_kbytes_total |
Outbound traffic from client HTTP requests | KB |
client_http_requests_total |
Total number of client HTTP requests | times |
exporter_build_info |
Squid exporter build information (version, revision, etc.) | none |
info_Available_number_of_file_descriptors |
Number of currently available file descriptors | count |
info_Average_HTTP_requests_per_minute_since_start |
Average number of HTTP requests per minute since start | times/minute |
info_Average_ICP_messages_per_minute_since_start |
Average number of ICP messages per minute since start | times/minute |
info_CPU_Time |
Total CPU time consumed by Squid process | seconds |
info_CPU_Usage |
Current instantaneous CPU usage percentage | % |
info_CPU_Usage_5_minute_avg |
Average CPU usage percentage over the last 5 minutes | % |
info_CPU_Usage_60_minute_avg |
Average CPU usage percentage over the last 60 minutes | % |
info_Disk_hits_as_pct_of_hit_requests_5min |
Percentage of disk hits in cache hits over the last 5 minutes | % |
info_Disk_hits_as_pct_of_hit_requests_60min |
Percentage of disk hits in cache hits over the last 60 minutes | % |
info_Files_queued_for_open |
Queue length of files waiting to be opened | count |
info_Hits_as_pct_of_all_requests_5min |
Hit rate (hits/total requests) over the last 5 minutes | % |
info_Hits_as_pct_of_all_requests_60min |
Hit rate over the last 60 minutes | % |
info_Hits_as_pct_of_bytes_sent_5min |
Percentage of hit traffic in total sent traffic over the last 5 minutes | % |
info_Hits_as_pct_of_bytes_sent_60min |
Percentage of hit traffic in total sent traffic over the last 60 minutes | % |
info_Hot_Object_Cache_Items |
Number of hot object cache entries | count |
info_Largest_file_desc_currently_in_use |
Largest file descriptor currently in use | count |
info_Maximum_Resident_Size |
Maximum resident memory of Squid process | KB |
info_Maximum_number_of_file_descriptors |
Maximum number of file descriptors allowed by the system | count |
info_Mean_Object_Size |
Average size of cached objects | KB |
info_Memory_hits_as_pct_of_hit_requests_5min |
Percentage of memory hits in cache hits over the last 5 minutes | % |
info_Memory_hits_as_pct_of_hit_requests_60min |
Percentage of memory hits in cache hits over the last 60 minutes | % |
info_Number_of_HTCP_messages_received |
Total number of HTCP messages received | times |
info_Number_of_HTCP_messages_sent |
Total number of HTCP messages sent | times |
info_Number_of_HTTP_requests_received |
Total number of HTTP requests received | times |
info_Number_of_ICP_messages_received |
Total number of ICP messages received | times |
info_Number_of_ICP_messages_sent |
Total number of ICP messages sent | times |
info_Number_of_clients_accessing_cache |
Number of clients currently accessing the cache | count |
info_Number_of_file_desc_currently_in_use |
Number of file descriptors currently in use | count |
info_Number_of_queued_ICP_replies |
Queue length of ICP replies waiting to be sent | count |
info_Request_failure_ratio |
Request failure rate (failures/total requests) | % |
info_Requests_given_to_unlinkd |
Number of requests handed to unlinkd for deletion | times |
info_Reserved_number_of_file_descriptors |
Number of reserved file descriptors | count |
info_Select_loop_called |
Number of select/poll loop calls | times |
info_Storage_Mem_capacity |
Maximum capacity of memory cache | KB |
info_Storage_Mem_size |
Current used capacity of memory cache | KB |
info_Storage_Swap_capacity |
Maximum capacity of disk cache | KB |
info_Storage_Swap_size |
Current used capacity of disk cache | KB |
info_StoreEntries |
Total number of Store entries | count |
info_StoreEntries_with_MemObjects |
Number of Store entries with memory objects | count |
info_Store_Disk_files_open |
Number of disk files currently open | count |
info_Total_accounted |
Total memory allocated by Squid process | KB |
info_UP_Time |
Running time of Squid process since start | seconds |
info_memPoolAlloc_calls |
Number of memPool allocation calls | times |
info_memPoolFree_calls |
Number of memPool free calls | times |
info_on_disk_objects |
Number of objects currently on disk | count |
info_service |
Squid service status indicator (1=running, 0=stopped) | none |
server_all_errors_total |
Total number of errors from all backends (HTTP/FTP/others) | times |
server_all_kbytes_in_kbytes_total |
Total inbound traffic from all backends | KB |
server_all_kbytes_out_kbytes_total |
Total outbound traffic from all backends | KB |
server_all_requests_total |
Total number of requests from all backends | times |
server_ftp_errors_total |
Number of FTP backend errors | times |
server_ftp_kbytes_in_kbytes_total |
Inbound traffic from FTP backend | KB |
server_ftp_kbytes_out_kbytes_total |
Outbound traffic from FTP backend | KB |
server_ftp_requests_total |
Number of FTP backend requests | times |
server_http_errors_total |
Number of HTTP backend errors | times |
server_http_kbytes_in_kbytes_total |
Inbound traffic from HTTP backend | KB |
server_http_kbytes_out_kbytes_total |
Outbound traffic from HTTP backend | KB |
server_http_requests_total |
Number of HTTP backend requests | times |
server_other_errors_total |
Number of errors from other protocol backends | times |
server_other_kbytes_in_kbytes_total |
Inbound traffic from other protocol backends | KB |
server_other_kbytes_out_kbytes_total |
Outbound traffic from other protocol backends | KB |
server_other_requests_total |
Number of requests from other protocol backends | times |
swap_files_cleaned_total |
Total number of swap files cleaned | count |
swap_ins_total |
Number of swap ins (disk → memory) | times |
swap_outs_total |
Number of swap outs (memory → disk) | times |
up |
Exporter successfully fetches Squid metrics when 1, fails when 0 | none |
Logging¶
Log Collection¶
Squid logs are output to /var/log/squid by default:
- access.log: Access logs
- cache.log: Cache logs
Go to /usr/local/datakit/conf.d/log directory and execute the following command:
Adjust the configuration file:
[[inputs.logging]]
# List of log files, supports batch specification using glob patterns.
# It is recommended to use absolute paths and specify file extensions.
# Narrow the scope as much as possible to avoid collecting unexpected files.
logfiles = [
"/var/log/squid/access.log",
"/var/log/squid/cache.log"
]
## Socket currently supports two protocols: tcp/udp. It is recommended to use internal
## network ports for security.
sockets = [
#"tcp://0.0.0.0:9540",
#"udp://0.0.0.0:9541",
]
# File path filtering using glob patterns, any file matching these patterns will not be collected
ignore = [""]
# Logging source, defaults to 'default' if empty
source = "squid"
...
Log Parsing¶
grok(_, "%{NUMBER:timestamp:float}%{SPACE}%{INT:response_time:int}%{SPACE}%{IP:client_ip}%{SPACE}%{WORD:squid_result}/%{INT:http_status:int}%{SPACE}%{INT:bytes:int}%{SPACE}%{WORD:method}%{SPACE}%{NOTSPACE:uri}%{SPACE}-%{SPACE}(?:%{WORD:hier_status}/%{NOTSPACE:hier_ip}|%{NOTSPACE:hier_full})%{SPACE}%{GREEDYDATA:content_type}")
client_ip = get_key("client_ip")
if client_ip {
add_key("log_type", "squid_access")
geoip("client_ip")
}
grok(_, "%{DATE:d} %{TIME:t} %{WORD:process}(?:\\|)%{GREEDYDATA:raw_msg}")
if (raw_msg){
if ( "ERROR" in raw_msg ){
add_key("status","error")
}
drop_key("raw_msg")
add_key("log_type","squid_cache")
}
if d {
default_time("d + t", "2006/01/02 15:04:05")
drop_key("d")
drop_key("t")
}
access.log¶
- Raw Log
Field Description:
| Field | Example | Description |
|---|---|---|
timestamp |
1755830457.018 | Unix timestamp (seconds.milliseconds) |
response_time |
0 | Response time (milliseconds) |
client_ip |
113.87.27.138 | Client IP |
result |
TCP_DENIED | Squid result code (e.g., TCP_DENIED) |
http_status |
403 | HTTP status code |
bytes |
3809 | Response bytes |
method |
CONNECT | Request method |
uri |
www.guance.com:443 | Request URI |
hier_status |
HIER_NONE | Hierarchy status (HIER_NONE means no upstream) |
hier_ip |
- | Upstream server address (- if none) |
content_type |
text/html | Response Content-Type |
cache.log¶
- Raw Log
2025/08/28 09:37:35 kid1| Logfile: opening log stdio:/var/spool/squid/netdb.state
2025/08/28 09:37:35 kid1| Logfile: closing log stdio:/var/spool/squid/netdb.state
2025/08/28 09:37:35 kid1| NETDB state saved; 9 entries, 0 msec
2025/08/28 10:14:17 pinger| SendEcho ERROR: sending to ICMPv6 packet to [2606:4700::6812:1dd6]: (101) Network is unreachable
2025/08/28 10:21:29 kid1| Logfile: opening log stdio:/var/spool/squid/netdb.state
2025/08/28 10:21:29 kid1| Logfile: closing log stdio:/var/spool/squid/netdb.state
2025/08/28 10:21:29 kid1| NETDB state saved; 9 entries, 0 msec
- Log Fields
| Field | Example | Description |
|---|---|---|
@timestamp |
2025-08-28 10:14:17 | Log time |
process |
pinger | Process identifier |
status |
ERROR | Log level |
message |
SendEcho ERROR: sending to ICMPv6 packet to [2606:4700::6812:1dd6]: (101) Network is unreachable | Raw log message |