[squid-users] logging to syslog

Avraham Serour tovmeod at gmail.com
Wed Nov 11 13:04:48 UTC 2015 

I'm very very sorry for replying to your email directly, I didn't mention
to, I just clicked reply on gmail

I wanted squid to log to syslog, using the syslog module on ubuntu the
socket path is /dev/log
from there I have my rsyslog config that forwards it to logstash

In any case my manager just told me to not log directly to syslog anymore,
he wants to write the logs to file and have them shipped to syslog

In any case I think I found the root of my problems, my squid.conf was
being built using patch, I had a file with only the diff.
So it looks like the patch wasn't being applied correctly, so squid was
running with the default conf file.

Thanks for the help, and sorry again
Avraham

On Wed, Nov 11, 2015 at 2:55 PM, Sebastian Kirschner <
s.kirschner at afa-finanz.de> wrote:

> Hi Avraham,
>
> 1. Please do not contact me direct, use the Mailing List.
>
> I read the sentences you wrote to me again,
> do you really want that squid logs the things that would go in access.log
> to your /var/log/syslog (default debian path),
> or do you just want to see what is written in the access.log.
>
> For Changing the location/ way that squid log the access entries read 2. ,
> if not the default
> path of the access log is /usr/local/squid/var/logs/access.log.
>
> 2. As you could see what Yuri Voinov wrote
> > #
> >#    udp    To send each log line as text data to a UDP receiver.
> >#        Place: The destination host name or IP and port.
> >#        Place Format:   //host:port
> >#
> >#    tcp    To send each log line as text data to a TCP receiver.
> >#        Lines may be accumulated before sending (see buffered_logs).
> >#        Place: The destination host name or IP and port.
> >#        Place Format:   //host:port
> >#
> >#    Default:
> >#        access_log daemon:/var/log/squid/access.log squid
> >#Default:
> ># access_log daemon:/var/log/squid/access.log squid
>
> These is snipped from the squid configuration documents on squid page (
> http://www.squid-cache.org/Doc/config/access_log/).
>
> You could try ( I didn’t do it before) to use syslog as module and insert
> it in your squid.conf
>
> Best Regards
> Sebastian
>
>
> Von: Avraham Serour [mailto:tovmeod at gmail.com]
> Gesendet: Mittwoch, 11. November 2015 11:48
> An: Sebastian Kirschner
> Betreff: Re: [squid-users] logging to syslog
>
> I'm actually using rsyslog, it comes with ubuntu
> in any case my conf for now is:
>
> template(name="lesquid_accessFormat" type="string"
> string="programname=%programname% %msg%\n")
> action(type="omfile" dirCreateMode="0700" FileCreateMode="0644"
>    File="/var/log/messages" template="lesquid_accessFormat")
>
> then I tail the /var/log/messages file and check what happens when I make
> a request using the proxy
>
> On Wed, Nov 11, 2015 at 12:09 PM, Avraham Serour <tovmeod at gmail.com>
> wrote:
> so where should the symlink should be? what is the default unix socket
> path that squid tried to use?
>
> On Wed, Nov 11, 2015 at 10:11 AM, Sebastian Kirschner <
> s.kirschner at afa-finanz.de> wrote:
> Hi Avraham,
>
> I think it wouldnt be a good idea to just create a symlink because squid
> (or the user under which squid runs) then must have access to the syslog,
> and if your squid instance get compromised the the syslog is open to read
> for these one.
>
> Best Regards
> Sebastian
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151111/9f5131c3/attachment.html>

More information about the squid-users mailing list