• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Log Squid in Syslog

Scheduled Pinned Locked Moved pfSense Packages
3 Posts 2 Posters 5.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    cpmiller22
    last edited by Nov 4, 2013, 5:59 AM

    Hi all:

    I am just getting up and running with pfsense after moving away from dd-wrt on my old linksys router.  I have a small dual core celeron mini-ITX box with dual GB nics sitting inline between my cable modem and my core switch.  I use have it setup to send syslog to my Splunk server which seems to be working.  I'd really like to get the squid access logs sent to splunk as well for better analysis.  I read a thread that suggested putting the following in the custom options would send the access log details to syslog:

    access_log syslog:local:4

    I've tried this setting and it doesn't seem to work.  Any thoughts/suggestions of how I can get my squid access.log sent to syslog would be much appreciated!

    1 Reply Last reply Reply Quote 0
    • M
      martman22
      last edited by Nov 6, 2013, 2:50 PM Nov 6, 2013, 2:21 PM

      The easiest way I have gotten it to work  is to add the "local6." line below to /etc/inc/system.inc:

      if (isset($syslogcfg['portalauth']))
      $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local4.");
                              $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local6.
      ");

      I choose the "portal auth events", which must be checked off on your system log's settings page since I am NOT using captive portal on this firewall. You can add the line to any similar feature and then check it to log remotely. Also make sure "enable remote logging" is checked and add your remote server IP address.

      Finally add the following line to your squid configuration custom options:

      access_log syslog:local6.info squid

      Of course when you upgrade your system you will have to add the line once again to "system.inc".

      1 Reply Last reply Reply Quote 0
      • C
        cpmiller22
        last edited by Nov 10, 2013, 10:48 PM

        Ok, I managed to get things working.  Doing log analysis is soooo great using splunk!  I uninstalled all my packages.  I then installed Dansguardian first, then squid3.  I think the first time I had selected the "squid" package vs the "squid3' package.  I then added the following in the Custom Options section of the proxy server settings page:

        access_log syslog:local5.info squid

        Hope this helps if anyone else has this issue!

        1 Reply Last reply Reply Quote 0
        1 out of 3
        • First post
          1/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received