Redirecting Squid / SquidGuard logs to remote syslog
-
Hi folks,
I wanted to know if It is possible to redirect Squid logs to a remote syslog ?
For the moment I am stuck with log on my device and this is not very usefull !Thanks.
-
same here.
very eager to know if such feature exist on pfsense.
thanks
kalu -
Thanks gregober.
http://forum.pfsense.org/index.php/topic,49304.0.html
So the technical term to be used is syslog
My network is purely windows :( so no good alternatives
just found a link http://doc.pfsense.org/index.php/Copying_Logs_to_a_Remote_Host_with_Syslog
Thanks
kalu -
-
In Squid, I think It is possible to use this configuration directive :
access_log syslog:local:4
or
access_log syslog:LOG_LOCAL4
This parameter has to be included in the configuration file…
http://www.squid-cache.org/Doc/config/access_log/
and discussion here : http://www.mail-archive.com/squid-users@squid-cache.org/msg48741.html
But I really don't know if this option is supported in the compiled version provided by pfSense package ?
I can't try It right now because I have no access to a pfSense with Squid… (more infos on monday).
-
squid conf file is located here:
/usr/local/etc/squid/squid.conf
backup your config!!
cp /usr/local/etc/squid/squid.conf /usr/local/etc/squid/squid.conf.bak
ee /usr/local/etc/squid/squid.conf
added this:
#try logging to syslog
access_log syslog:local5.info squidrestart squid:
/usr/local/etc/rc.d/squid.sh restartWhere do the logs go? send all local5 syslogs to remote machine
cp /etc/syslog.conf /etc/syslog.conf.bak
added this to /etc/syslog.conf
local5.* @192.168.1.123restart syslog
/etc/rc.d/syslogd restartObviously you would need to properly configure the remote device to accept the syslog (UDP 514) . This will retain your logs so that lightsquid will still work.
Someone correct me if I am wrong, but if you update pfsense then this will all get overwritten and have to be redone.
-
Someone correct me if I am wrong, but if you update pfsense then this will all get overwritten and have to be redone.
If you update any config on squid package or restart the server.
squid.conf is created by squid.inc file, you need to apply these changes on the php code that creates the config file.
I think syslog.conf is also recreated after reboot.
att,
Marcello Coutinho -
In Squid, I think It is possible to use this configuration directive :
access_log syslog:local:4
or
access_log syslog:LOG_LOCAL4
This parameter has to be included in the configuration file…
I personally verified that it was perfectly feasible to include this configuration directive in the "Custom Options" field of the Services > Proxy server configuration page of PfSense. Thanks to to that the settings survives a reboot.
Once this is done, the messages are sent to a distant server provided you configured pfsense to do so (Status > System Logs > Settings)