Sending LOGS to GRAYLOG from SQUID PROXY / SQUIDGUARD



  • Hi there,

    I am trying to find a way to send the squid proxy and squidguard logs over to an external log server ( Graylog ) but I am not having much luck.  I have a graylog server up and running , getting logs from Windows boxes, now I am trying to get squidguard to send its logs to it.

    has anyone gotten this setup to work?

    I found the following info while doing my research:

    https://forum.pfsense.org/index.php?topic=49351.0

    in a nutshell, backup the squid.conf file and make some changes to where the files will be sent to:

    cp /usr/local/etc/squid/squid.conf /usr/local/etc/squid/squid.conf.bak

    ee /usr/local/etc/squid/squid.conf

    added this:
    #try logging to syslog
    access_log syslog:local5.info squid

    restart squid:
    /usr/local/etc/rc.d/squid.sh restart

    Where do the logs go? send all local5 syslogs to remote machine
    cp /etc/syslog.conf /etc/syslog.conf.bak
    added this to /etc/syslog.conf
    local5.*                                                        @192.168.1.123

    restart syslog
    /etc/rc.d/syslogd restart

    What I don't understand is the next statement:

    "squid.conf is created by squid.inc file, you need to apply these changes on the php code that creates the config file"

    Can someone kindly shed some light on this issue?

    thanks everyone.


  • Banned

    @elcid:

    What I don't understand is the next statement:

    "squid.conf is created by squid.inc file, you need to apply these changes on the php code that creates the config file"

    https://github.com/pfsense/FreeBSD-ports/blob/devel/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc



  • Can someone kindly shed some light on this issue?

    My understanding is that the config files are stored in non-native format and created dynamically via php code.  If you edit a conf file directly, your changes will be overwritten at the next config change or upgrade.



  • thank you for the reply to both you guys, but I am still confused to what to do.

    It appears I need to edit an actual file but not sure which one.


  • Banned

    Sigh, I already linked the file.