Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Sending LOGS to GRAYLOG from SQUID PROXY / SQUIDGUARD

    Scheduled Pinned Locked Moved Cache/Proxy
    6 Posts 4 Posters 4.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      elcid
      last edited by

      Hi there,

      I am trying to find a way to send the squid proxy and squidguard logs over to an external log server ( Graylog ) but I am not having much luck.  I have a graylog server up and running , getting logs from Windows boxes, now I am trying to get squidguard to send its logs to it.

      has anyone gotten this setup to work?

      I found the following info while doing my research:

      https://forum.pfsense.org/index.php?topic=49351.0

      in a nutshell, backup the squid.conf file and make some changes to where the files will be sent to:

      cp /usr/local/etc/squid/squid.conf /usr/local/etc/squid/squid.conf.bak

      ee /usr/local/etc/squid/squid.conf

      added this:
      #try logging to syslog
      access_log syslog:local5.info squid

      restart squid:
      /usr/local/etc/rc.d/squid.sh restart

      Where do the logs go? send all local5 syslogs to remote machine
      cp /etc/syslog.conf /etc/syslog.conf.bak
      added this to /etc/syslog.conf
      local5.*                                                        @192.168.1.123

      restart syslog
      /etc/rc.d/syslogd restart

      What I don't understand is the next statement:

      "squid.conf is created by squid.inc file, you need to apply these changes on the php code that creates the config file"

      Can someone kindly shed some light on this issue?

      thanks everyone.

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        @elcid:

        What I don't understand is the next statement:

        "squid.conf is created by squid.inc file, you need to apply these changes on the php code that creates the config file"

        https://github.com/pfsense/FreeBSD-ports/blob/devel/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc

        1 Reply Last reply Reply Quote 0
        • KOMK
          KOM
          last edited by

          Can someone kindly shed some light on this issue?

          My understanding is that the config files are stored in non-native format and created dynamically via php code.  If you edit a conf file directly, your changes will be overwritten at the next config change or upgrade.

          1 Reply Last reply Reply Quote 0
          • E
            elcid
            last edited by

            thank you for the reply to both you guys, but I am still confused to what to do.

            It appears I need to edit an actual file but not sure which one.

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by

              Sigh, I already linked the file.

              1 Reply Last reply Reply Quote 0
              • O
                Osmelo93
                last edited by

                @elcid
                Hello, I am trying to send the squidguard records to send them to graylog and then see them with grafana, can I do it?

                Greetings and thanks in advance

                1 Reply Last reply Reply Quote 1
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.