Skip to content

feat: filter benign operational logs from Squid access.log #432

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

feat: filter benign operational logs from Squid access.log #432

Copilot wants to merge 3 commits into from
+145 −2

Conversation

Copy link
Contributor

Copilot AI commented Jan 27, 2026
edited
Loading

Squid's access.log contained operational noise from Docker healthcheck probes (::1/127.0.0.1) and shutdown-time keep-alive closures. Both appeared as error:transaction-end-before-headers with NONE_NONE:HIER_NONE status.

Changes

Squid config (src/squid-config.ts): Filter localhost healthchecks at log-write time (~65% of benign entries)

acl healthcheck_localhost src 127.0.0.1 ::1
log_access deny healthcheck_localhost

Log aggregator (src/logs/log-aggregator.ts): Skip error:transaction-end-before-headers entries during statistics computation

for (const entry of entries) {
  // Skip benign operational entries (connection closures without HTTP headers)
  if (entry.url === 'error:transaction-end-before-headers') {
    continue;
  }
  // ... process real requests
}

Raw logs retain all entries for debugging. Statistics reflect only actual HTTP/HTTPS traffic.

Original prompt

This section details on the original issue you should resolve

<issue_title>Filter benign operational logs from Squid access.log</issue_title>
<issue_description>## Problem

Squid's access.log contains benign operational entries that clutter the logs:

  1. Docker healthcheck probes (from ::1/127.0.0.1) - TCP connections that close immediately without sending HTTP headers
  2. Shutdown-time connection closures (from agent IP) - Keep-alive connections terminated when containers stop

These appear as error:transaction-end-before-headers with NONE_NONE:HIER_NONE status:

1769030982.251 ::1:33230 - -:- 0.0 - 0 NONE_NONE:HIER_NONE error:transaction-end-before-headers "-"
1769031025.056 172.30.0.20:49698 - -:- 0.0 - 0 NONE_NONE:HIER_NONE error:transaction-end-before-headers "-"

Proposed Solution

1. Filter localhost healthcheck probes at log time

Add to generated squid.conf in src/squid-config.ts:

# Don't log healthcheck probes from localhost
acl healthcheck_localhost src 127.0.0.1 ::1
log_access deny healthcheck_localhost

This filters ~65% of benign entries (healthcheck probes).

2. Filter remaining entries during log analysis

Update src/logs/log-aggregator.ts to ignore transaction-end-before-headers entries when aggregating statistics. This handles the remaining shutdown-time entries without losing them for debugging purposes.</issue_description>

Comments on the Issue (you are @copilot in this section)

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@Mossaka
feat: filter benign operational logs from Squid access.log
f95f01d 
- Add ACL and log_access directive to filter localhost healthcheck probes
- Update log aggregator to skip transaction-end-before-headers entries
- Add comprehensive tests for both changes

Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
Copilot AI changed the title [WIP] Filter benign operational logs from Squid access.log feat: filter benign operational logs from Squid access.log Jan 27, 2026
Copilot AI requested a review from Mossaka January 27, 2026 02:48
@Mossaka
Copy link
Collaborator

Mossaka commented Feb 3, 2026

@copilot please merge origin/main

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mossaka Mossaka Awaiting requested review from Mossaka

Assignees

@Mossaka Mossaka

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Filter benign operational logs from Squid access.log

2 participants

@Mossaka