Pfsense logs same as Squid Access Log?
I am new to pfsense can someone tell me if Squid access log and the other pfsense logs are all contained in the Squid access logs or is there a squid access log and a separate pfsense log?
Is the content of squid access log the same as what is made available when streamed to syslog remote host via udp 514 are they in sync so the output is the same?
I want to ingest the squid log data and pfsense log data in Splunk which is the best method via syslog udp 514 or via the Splunk forwarder that is installed on the pfsense host?
Is the squid access log in a different format than the syslog remote host udp 514 method? Making either method harder to parse?
The Squid access log is a separate log. It's not part of the main pfSense logs.
Configuring an external syslog server in the pfSense log settings will not export the Squid logs.
It is possible to export the Squid logs directly, see: https://forum.netgate.com/post/936222