If you’re using apache traffic server, all of your traffic is going through your proxy, not your web server. This is a problem if you rely on your logs for visitor data.
You can get traffic server to output logs in apache’s combined log format, though. Then you just feed traffic server’s logs to your log analysis app.
Here’s how to do it:
Edit /usr/local/etc/trafficserver/logs_xml.config
Add these lines to the bottom:
<LogFormat>
<Format = "%<chi> - - [%<cqtn>] \"%<cqhm> %<cquup>\" %<pssc> %<psql> \"%<{Referer}cqh>\" \"%<{User-Agent}cqh>\"" />
<Name = "httpd_combined"/>
</LogFormat>
<LogObject>
<Format = "httpd_combined"/>
<Filename = "access"/>
</LogObject>
Edit /usr/local/etc/trafficserver/logs_records.config
Change
CONFIG proxy.config.log.custom_logs_enabled INT 0
to
CONFIG proxy.config.log.custom_logs_enabled INT 1
Then restart traffic server
trafficserver restart
Now you’ll have an apache combined log file in /usr/local/var/log/trafficserver/access.log
You can read more about apache traffic server’s logging options here and the log formats here.
House of Payne 
Pingback: Apache Traffic Server as a Reverse Proxy « House of Payne
Hi, do you know if there is any tool somewhere to analyse these logs graphically?
let me know if you know 🙂
Try AWStats or Webalizer.
ATS has a built in report generator trafficserver_logstats . This is all txt, but has valuable summary information. I spent some time researching graphical log processing programs and will share my findings with the community.
For a graphical output try Solar winds, Sawmill (both paid, but with free demo), Splunk, or SquidAnalyzer
“Apache combined log format with Traffic Server | House of Payne” Solar Shade ended
up being a wonderful posting, cannot help but wait to read a lot
more of your postings. Time to squander numerous time online
lmao. I appreciate it -Rodger