Problem

Squid's access.log contains benign operational entries that clutter the logs:

1. Docker healthcheck probes (from ::1/127.0.0.1) - TCP connections that close immediately without sending HTTP headers
2. Shutdown-time connection closures (from agent IP) - Keep-alive connections terminated when containers stop

These appear as error:transaction-end-before-headers with NONE_NONE:HIER_NONE status:

1769030982.251 ::1:33230 - -:- 0.0 - 0 NONE_NONE:HIER_NONE error:transaction-end-before-headers "-"
1769031025.056 172.30.0.20:49698 - -:- 0.0 - 0 NONE_NONE:HIER_NONE error:transaction-end-before-headers "-"

Proposed Solution

1. Filter localhost healthcheck probes at log time

Add to generated squid.conf in src/squid-config.ts:

# Don't log healthcheck probes from localhost
acl healthcheck_localhost src 127.0.0.1 ::1
log_access deny healthcheck_localhost

This filters ~65% of benign entries (healthcheck probes).

2. Filter remaining entries during log analysis

Update src/logs/log-aggregator.ts to ignore transaction-end-before-headers entries when aggregating statistics. This handles the remaining shutdown-time entries without losing them for debugging purposes.