• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Redirecting Squid / SquidGuard logs to remote syslog

Scheduled Pinned Locked Moved pfSense Packages
8 Posts 5 Posters 41.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    gregober
    last edited by May 11, 2012, 4:26 PM

    Hi folks,

    I wanted to know if It is possible to redirect Squid logs to a remote syslog ?
    For the moment I am stuck with log on my device and this is not very usefull !

    Thanks.

    1 Reply Last reply Reply Quote 0
    • K
      kalu
      last edited by May 12, 2012, 1:41 AM

      same here.
      very eager to know if such feature exist on pfsense.
      thanks
      kalu

      i love pfsense because i love open source.

      1 Reply Last reply Reply Quote 0
      • K
        kalu
        last edited by May 12, 2012, 1:53 AM

        Thanks gregober.
        http://forum.pfsense.org/index.php/topic,49304.0.html
        So the technical term to be used is syslog
        My network is purely windows :( so no good alternatives
        just found a link http://doc.pfsense.org/index.php/Copying_Logs_to_a_Remote_Host_with_Syslog
        Thanks
        kalu

        i love pfsense because i love open source.

        1 Reply Last reply Reply Quote 0
        • K
          kalu
          last edited by May 12, 2012, 2:46 AM

          :(

          no option for squid.

          http://postimage.org/image/q5uz7f9lx/

          i love pfsense because i love open source.

          1 Reply Last reply Reply Quote 0
          • G
            gregober
            last edited by May 12, 2012, 1:36 PM

            In Squid, I think It is possible to use this configuration directive :

            access_log syslog:local:4
            

            or

            access_log syslog:LOG_LOCAL4
            

            This parameter has to be included in the configuration file…

            http://www.squid-cache.org/Doc/config/access_log/

            and discussion here : http://www.mail-archive.com/squid-users@squid-cache.org/msg48741.html

            But I really don't know if this option is supported in the compiled version provided by pfSense package ?

            I can't try It right now because I have no access to a pfSense with Squid… (more infos on monday).

            1 Reply Last reply Reply Quote 0
            • A
              azpoulton
              last edited by May 20, 2012, 12:10 AM May 19, 2012, 11:30 PM

              squid conf file is located here:

              /usr/local/etc/squid/squid.conf

              backup your config!!

              cp /usr/local/etc/squid/squid.conf /usr/local/etc/squid/squid.conf.bak

              ee /usr/local/etc/squid/squid.conf

              added this:
              #try logging to syslog
              access_log syslog:local5.info squid

              restart squid:
              /usr/local/etc/rc.d/squid.sh restart

              Where do the logs go? send all local5 syslogs to remote machine
              cp /etc/syslog.conf /etc/syslog.conf.bak
              added this to /etc/syslog.conf
              local5.*                                                        @192.168.1.123

              restart syslog
              /etc/rc.d/syslogd restart

              Obviously you would need to properly configure the remote device to accept the syslog (UDP 514) . This will retain your logs so that lightsquid will still work.

              Someone correct me if I am wrong, but if you update pfsense then this will all get overwritten and have to be redone.

              1 Reply Last reply Reply Quote 0
              • M
                marcelloc
                last edited by May 20, 2012, 2:35 AM

                @azpoulton:

                Someone correct me if I am wrong, but if you update pfsense then this will all get overwritten and have to be redone.

                If you update any config on squid package or restart the server.

                squid.conf is created by squid.inc file, you need to apply these changes on the php code that creates the config file.

                I think syslog.conf is also recreated after reboot.

                att,
                Marcello Coutinho

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • P
                  pagaille
                  last edited by Jul 2, 2012, 5:10 PM

                  @gregober:

                  In Squid, I think It is possible to use this configuration directive :

                  access_log syslog:local:4
                  

                  or

                  access_log syslog:LOG_LOCAL4
                  

                  This parameter has to be included in the configuration file…

                  I personally verified that it was perfectly feasible to include this configuration directive in the "Custom Options" field of the Services > Proxy server configuration page of PfSense. Thanks to to that the settings survives a reboot.

                  Once this is done, the messages are sent to a distant server provided you configured pfsense to do so (Status > System Logs > Settings)

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    [[user:consent.lead]]
                    [[user:consent.not_received]]