[squid-users] Squid doesn't write logs via rsyslog
Brendan Kearney
bpk678 at gmail.com
Mon Jun 8 23:04:00 UTC 2015
On 06/08/2015 06:46 PM, Amos Jeffries wrote:
> On 8/06/2015 11:02 p.m., Antony Stone wrote:
>> On Monday 08 June 2015 at 12:53:00 (EU time), Robert Lasota wrote:
>>
>>> the problem is it still writes logs to files /var/log/access.log or
>>> /opt/var/log/access.log (depends what I set in conf) but never to rsyslog.
>>>
>>> I mean, I have set rsyslog to it send logs to remote central server, and
>>> from other apps like sshd or named its working and rsyslog send them , but
>>> Squid still not care that and writes locally to files.
>>>
>>> I set different combinations in squid.conf but nothing, even:
>>> access_log syslog squid
>>> cache_log syslog squid.
>>> ..also nothing
>> You appear to be missing the facility and priority settings (ie: telling
>> syslogd how to handle the messages).
>>
>> See http://www.squid-cache.org/Doc/config/access_log/
>>
>> Try something such as:
>>
>> access_log syslog:daemon.info
>
> Also, cache.log is the unified stderr output of all Squid sub-processes
> (workers, diskers, helpers etc). It cannot use syslog at this time.
>
> You can possibly make cache.log file point at a unix socket device that
> pipes somewhere like syslog though.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
to stop rsyslog from writing something, i use:
if $programname startswith 'NetworkManager' then -/dev/null
&~
all messages from NetworkManager are written out to /dev/null in
asynchronous fashion (does not wait for confirmation of the write action
succeeding, or fire-and-forget mode). the &~ is a hard stop action so
all processing of rules stops if the criteria are met.
you would probably want something like that, but will have to play
around with it, to make it do what you want.
by the by, are you using plain rsyslog forwarding ala:
*.* @@remote-host:514
i am using RELP (Reliable Event Log Processing) to forward all logs from
all my boxes to a central device where they are loaded into mariadb.
the relp module creates a "store-and-forward" fifo queue that can
overcome network outages (length of outage handled is dictated by queue
size), and also uses TCP for reliability. there are modules for
encryption, authentication, etc for relp, too. there is also phplogcon,
which i use to review the logs in the database.
More information about the squid-users
mailing list