Redirecting Squid / SquidGuard logs to remote syslog



  • Hi folks,

    I wanted to know if It is possible to redirect Squid logs to a remote syslog ?
    For the moment I am stuck with log on my device and this is not very usefull !

    Thanks.



  • same here.
    very eager to know if such feature exist on pfsense.
    thanks
    kalu



  • Thanks gregober.
    http://forum.pfsense.org/index.php/topic,49304.0.html
    So the technical term to be used is syslog
    My network is purely windows :( so no good alternatives
    just found a link http://doc.pfsense.org/index.php/Copying_Logs_to_a_Remote_Host_with_Syslog
    Thanks
    kalu



  • :(

    no option for squid.

    http://postimage.org/image/q5uz7f9lx/



  • In Squid, I think It is possible to use this configuration directive :

    access_log syslog:local:4
    

    or

    access_log syslog:LOG_LOCAL4
    

    This parameter has to be included in the configuration file…

    http://www.squid-cache.org/Doc/config/access_log/

    and discussion here : http://www.mail-archive.com/squid-users@squid-cache.org/msg48741.html

    But I really don't know if this option is supported in the compiled version provided by pfSense package ?

    I can't try It right now because I have no access to a pfSense with Squid… (more infos on monday).



  • squid conf file is located here:

    /usr/local/etc/squid/squid.conf

    backup your config!!

    cp /usr/local/etc/squid/squid.conf /usr/local/etc/squid/squid.conf.bak

    ee /usr/local/etc/squid/squid.conf

    added this:
    #try logging to syslog
    access_log syslog:local5.info squid

    restart squid:
    /usr/local/etc/rc.d/squid.sh restart

    Where do the logs go? send all local5 syslogs to remote machine
    cp /etc/syslog.conf /etc/syslog.conf.bak
    added this to /etc/syslog.conf
    local5.*                                                        @192.168.1.123

    restart syslog
    /etc/rc.d/syslogd restart

    Obviously you would need to properly configure the remote device to accept the syslog (UDP 514) . This will retain your logs so that lightsquid will still work.

    Someone correct me if I am wrong, but if you update pfsense then this will all get overwritten and have to be redone.



  • @azpoulton:

    Someone correct me if I am wrong, but if you update pfsense then this will all get overwritten and have to be redone.

    If you update any config on squid package or restart the server.

    squid.conf is created by squid.inc file, you need to apply these changes on the php code that creates the config file.

    I think syslog.conf is also recreated after reboot.

    att,
    Marcello Coutinho



  • @gregober:

    In Squid, I think It is possible to use this configuration directive :

    access_log syslog:local:4
    

    or

    access_log syslog:LOG_LOCAL4
    

    This parameter has to be included in the configuration file…

    I personally verified that it was perfectly feasible to include this configuration directive in the "Custom Options" field of the Services > Proxy server configuration page of PfSense. Thanks to to that the settings survives a reboot.

    Once this is done, the messages are sent to a distant server provided you configured pfsense to do so (Status > System Logs > Settings)


Locked