<![CDATA[SquidGuard to syslog]]>Didn't see a logging section so put this under General pfSense Questions. I am trying to send squidguard logs to a remote syslog server. I can accomplished this another way but I have to enable remote logging of everything under system logs - settings. it sends from local5 which points to the nginx log. I have to pick everything because pfSense does not show nginx in the list and groups it in with Everything from what i'm seeing. I'd like to just send the squidguard block.log file if possible. I attempted to use syslog-ng to do this. From what I gathered in the syslog-ng documentation, this should work.

Here's my syslog-ng setup

  1. Installed syslog-ng and created the following 3 rules under the advanced section of syslog-ng
    Object Name = syslog
    Object Type = destination
    Object Parameters = { syslog("10.16.1.1" port(514)); };

    Object Name = squidguard
    Object Type = source
    Object Parameters = { file("/var/squidGuard/log/block.log" follow-freq(1) flags(no-
    parse)); };

    Object Name = squidlog
    Object Type = log
    Object Parameters = { source(squidguard); destination(syslog); };

Anybody have any ideas how to get this working? Or am I just stuck logging everything to get what I need. Thank you in advance for your help.

]]>https://forum.netgate.com/topic/131943/squidguard-to-syslogRSS for NodeWed, 15 Apr 2026 17:04:11 GMTThu, 14 Jun 2018 23:10:01 GMT60<![CDATA[Reply to SquidGuard to syslog on Mon, 18 Jun 2018 15:27:36 GMT]]>nope, does not seem to work. Best way I've been able to get to work is by forwarding the nginx logs like I described above. Would prefer not to do it this way since tons of messages get sent when you are in the pfSense mgmt interface for a device. I'll keep trying to figure out how to just get the block.log.

]]>https://forum.netgate.com/post/772735https://forum.netgate.com/post/772735Mon, 18 Jun 2018 15:27:36 GMT<![CDATA[Reply to SquidGuard to syslog on Fri, 15 Jun 2018 23:19:46 GMT]]>Hmm, so did you not see any Squid logs passed to you syslog server or just no Squidguard blocked entries?

Steve

]]>https://forum.netgate.com/post/772479https://forum.netgate.com/post/772479Fri, 15 Jun 2018 23:19:46 GMT<![CDATA[Reply to SquidGuard to syslog on Fri, 15 Jun 2018 15:55:15 GMT]]>ok, so i think I've found another way to accomplish this. I added the line local5.* @10.16.1.1 at the end of the syslog section of the /etc/inc/system.inc. So it would be added to the syslog.conf each time the service is restarted or system rebooted. Now I am only getting nginx log files which appear to include the squidguard block.log contents. Now I'm just wondering if this manual config will survive version upgrades.

Would be happy to hear if anyone has a better way to do this. Until then I guess I'll go with this.

]]>https://forum.netgate.com/post/772348https://forum.netgate.com/post/772348Fri, 15 Jun 2018 15:55:15 GMT<![CDATA[Reply to SquidGuard to syslog on Fri, 15 Jun 2018 14:22:10 GMT]]>@stephenw10 I had the 'Log Pages Denied by SquidGuard already set. I put the line you specified in the Custon Options (Before Auth) but it still isn't sending to my syslog. Is there something else I'm missing? It does say you have to enter a couple line to the sgerror.php for it to work, but after doing that it still didn't.

]]>https://forum.netgate.com/post/772328https://forum.netgate.com/post/772328Fri, 15 Jun 2018 14:22:10 GMT<![CDATA[Reply to SquidGuard to syslog on Thu, 14 Jun 2018 23:33:12 GMT]]>You just need the Squidguard blocked traffic logs?

You can have Squidguard log in to the Squid logs. In the Squid logging settings set Log Pages Denied by SquidGuard.

Then you can have Squid send to your syslog server directly using the custom option:

access_log udp://your_syslog_server_IP:514

I set that in Custom Options (Before Auth).

Steve

]]>https://forum.netgate.com/post/772231https://forum.netgate.com/post/772231Thu, 14 Jun 2018 23:33:12 GMT