Squid Access logs to Splunk
-
Good Morning!
I have logging configured to enable remote logging with the collect everything option selected being collected by Splunk. I also have Squid proxy enabled with transparent proxying turned on. I can see that there are access logs being generated in the /var/squid/log location and they are not currently being forwarded to Splunk. I would like these logs be sent to Splunk as well but I am not sure on the best way to approach.
Since there is an option to change the default Squid log location can I change that to the syslog location where everything else is? I don't know if those logs will be picked up and sent to a remote syslog. Alternatively I saw a post on the forum recommending changing a squid config file but given the age of the posting I want to make sure this is still a viable option. Any thoughts or recommendations?