Sending LOGS to GRAYLOG from SQUID PROXY / SQUIDGUARD
-
Hi there,
I am trying to find a way to send the squid proxy and squidguard logs over to an external log server ( Graylog ) but I am not having much luck. I have a graylog server up and running , getting logs from Windows boxes, now I am trying to get squidguard to send its logs to it.
has anyone gotten this setup to work?
I found the following info while doing my research:
https://forum.pfsense.org/index.php?topic=49351.0
in a nutshell, backup the squid.conf file and make some changes to where the files will be sent to:
cp /usr/local/etc/squid/squid.conf /usr/local/etc/squid/squid.conf.bak
ee /usr/local/etc/squid/squid.conf
added this:
#try logging to syslog
access_log syslog:local5.info squidrestart squid:
/usr/local/etc/rc.d/squid.sh restartWhere do the logs go? send all local5 syslogs to remote machine
cp /etc/syslog.conf /etc/syslog.conf.bak
added this to /etc/syslog.conf
local5.* @192.168.1.123restart syslog
/etc/rc.d/syslogd restartWhat I don't understand is the next statement:
"squid.conf is created by squid.inc file, you need to apply these changes on the php code that creates the config file"
Can someone kindly shed some light on this issue?
thanks everyone.
-
What I don't understand is the next statement:
"squid.conf is created by squid.inc file, you need to apply these changes on the php code that creates the config file"
-
Can someone kindly shed some light on this issue?
My understanding is that the config files are stored in non-native format and created dynamically via php code. If you edit a conf file directly, your changes will be overwritten at the next config change or upgrade.
-
thank you for the reply to both you guys, but I am still confused to what to do.
It appears I need to edit an actual file but not sure which one.
-
Sigh, I already linked the file.
