Squid Proxy
Squid is an open-source forward proxy and web cache supporting HTTP, HTTPS and FTP.
EnginsightGlobal Fields (4)
| Field | Type |
|---|---|
ngs.id Unique identifier for the log entry. | string |
ngs.createdAt Timestamp when the event was created locally. | pdate |
ngs.indexedAt Timestamp when the log was indexed into the SIEM. | pdate |
ngs.source Origin or source system of the log. | string |
Reference-Specific Fields (15)
| Field | Type |
|---|---|
squid.timestamp Timestamp of the client request in seconds since the Unix epoch, with millisecond resolution. | pdate |
squid.requestTime Time in milliseconds that Squid spent processing the client's request-from connection establishment to last byte sent. | plong |
squid.srcIP IP address of the client that issued the request. | text_general |
squid.cacheResult Cache action code indicating whether the request was a HIT, MISS, or other cache event. | string |
squid.responseCode HTTP response status code that Squid returned to the client. | pint |
squid.responseLength Total number of bytes (headers + body) sent to the client. | plong |
squid.method HTTP method used by the client (e.g., GET, POST). | string |
squid.user Authenticated username, or '-' if no authentication was required. | string |
squid.proxyHierarchyRoute Hierarchy status code showing which cache or parent was used (e.g., DEFAULT_PARENT, NONE). | string |
squid.upstream Upstream server or peer that handled the request when forwarded (IP or cache_peer name). | string |
squid.contentType MIME content type of the response (e.g., text/html, application/json). | string |
squid.scheme URL scheme of the request (e.g., http, https). | string |
squid.dst Destination IP address or hostname resolved from the URL. | text_general |
squid.dstPort Destination port number (e.g., 80, 443) extracted from the URL. | pint |
squid.endpoint Request URI path and query, normalized for logging. | string |
Sample Log Event
Below is a representative JSON log entry showing key fields as they're emitted by the system. Depending on the context of the event, some fields may be omitted if they're not applicable.