Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Sending LOGS to GRAYLOG from SQUID PROXY / SQUIDGUARD

    Cache/Proxy
    4
    6
    2667
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      elcid last edited by

      Hi there,

      I am trying to find a way to send the squid proxy and squidguard logs over to an external log server ( Graylog ) but I am not having much luck.  I have a graylog server up and running , getting logs from Windows boxes, now I am trying to get squidguard to send its logs to it.

      has anyone gotten this setup to work?

      I found the following info while doing my research:

      https://forum.pfsense.org/index.php?topic=49351.0

      in a nutshell, backup the squid.conf file and make some changes to where the files will be sent to:

      cp /usr/local/etc/squid/squid.conf /usr/local/etc/squid/squid.conf.bak

      ee /usr/local/etc/squid/squid.conf

      added this:
      #try logging to syslog
      access_log syslog:local5.info squid

      restart squid:
      /usr/local/etc/rc.d/squid.sh restart

      Where do the logs go? send all local5 syslogs to remote machine
      cp /etc/syslog.conf /etc/syslog.conf.bak
      added this to /etc/syslog.conf
      local5.*                                                        @192.168.1.123

      restart syslog
      /etc/rc.d/syslogd restart

      What I don't understand is the next statement:

      "squid.conf is created by squid.inc file, you need to apply these changes on the php code that creates the config file"

      Can someone kindly shed some light on this issue?

      thanks everyone.

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned last edited by

        @elcid:

        What I don't understand is the next statement:

        "squid.conf is created by squid.inc file, you need to apply these changes on the php code that creates the config file"

        https://github.com/pfsense/FreeBSD-ports/blob/devel/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc

        1 Reply Last reply Reply Quote 0
        • KOM
          KOM last edited by

          Can someone kindly shed some light on this issue?

          My understanding is that the config files are stored in non-native format and created dynamically via php code.  If you edit a conf file directly, your changes will be overwritten at the next config change or upgrade.

          1 Reply Last reply Reply Quote 0
          • E
            elcid last edited by

            thank you for the reply to both you guys, but I am still confused to what to do.

            It appears I need to edit an actual file but not sure which one.

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned last edited by

              Sigh, I already linked the file.

              1 Reply Last reply Reply Quote 0
              • O
                Osmelo93 last edited by

                @elcid
                Hello, I am trying to send the squidguard records to send them to graylog and then see them with grafana, can I do it?

                Greetings and thanks in advance

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense Plus
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy