SquidGuard Log File

  • Hi,
    Is there any way to either send the Squidguard block log file (/var/squidGuard/log/block.log) to a remote syslog server, include it with the pfSense local log files or enable a program either internal or external to read the file and then send it to a remote syslog server?
    I have seen that the next version of squidguard will include this option but im guessing the next version may be a long long way off.

    I am using Graylog as my syslog server, I can get most of the info about the blocked pages via the standard pfSense syslog info as it sends a log out of the redirect page. However when using SSL filtering (not MITM) the blocked pages are not logged as there is no redirect. They are however logged in the squidguard block.log file.

    Splunk offers a "Universal Forwarder" for FreeBSD which people have working with pfSense, however I am having a had time trying to find anything else like this for non Splunk syslog servers.

  • hello,
    Not sure how often you would like to upload/process your logfile.

    you can:

    • configure cron to send it via email,
    • configure your "log collector box" to:
      ā€“ sftp/scp to pfsense and get the file to its drive,
      -- ssh to pfsense and copy file to its drive (not sure if there is pfsense supports sshfs),

    quite a few options i'd say.

Log in to reply