背景:
最近货运仓库访问服务器有超时的情况。
需求:
需要抓到客户端访问请求的具体id和其耗时。
解决:
1、使用仓库服务器中的一台虚机作为代理,让操作客户端通过代理访问服务端,通过日志记录具体的请求信息和响应耗时。
在代理服务器上安装squid
yum -y install squid
cat >> /etc/squid/squid.conf << EOF
logformat combined %tl %6tr %>a "%rm %ru %rp HTTP/%rv" %>Hs %<st %Ss:%Sh/%<a
access_log /var/log/squid/access.log combined
EOF
systemctl enable squid --now
具体的logformat释义如下:
ts Seconds since epoch
tu subsecond time (milliseconds)
tr Response time (milliseconds)
>a Client source IP address
ui User name from ident
un A user name. Expands to the first available name
from the following list of information sources:
– authenticated user name, like %ul
– user name supplied by an external ACL, like %ue
– SSL client name, like %us
– ident user name, like %ui
tl Local time. Optional strftime format argument
default %d/%b/%Y:%H:%M:%S %z
[http::]rm Request method (GET/POST etc)
[http::]ru Request URL from client (historic, filtered for logging)
rp Request URL path excluding hostname
[http::]rv Request protocol version
[http::]>Hs HTTP status code sent to the client
[http::]<st Total size of reply sent to client (after adaptation)
[http::]>h Original received request header.
Usually differs from the request header sent by
Squid, although most fields are often preserved.
Accepts optional header field name/value filter
argument using name[:[separator]element] format.
Ss Squid request status (TCP_MISS etc)
Sh Squid hierarchy status (DEFAULT_PARENT etc)
在客户端pc上设置代理服务器:
l 直接搜索“代理” ,点击“代理服务器设置”。
l 打开使用代理;输入代理服务器设置10.168.79.227 3128,并保存。关闭代理则将开关置为关即可。
l 打开客户端能进行正常操作即配置成功。
在服务器上/var/log/squid/access.log的输出日志如下,
通过filebeat采集到内网elk。
能通过各种维度分析请求的数据,比如分析url请求耗时的统计排序,请求耗时分布等,非常有助于分析系统问题!