[squid-users] Squid doesn't write logs via rsyslog

Brendan Kearney bpk678 at gmail.com
Mon Jun 8 23:04:00 UTC 2015


On 06/08/2015 06:46 PM, Amos Jeffries wrote:
> On 8/06/2015 11:02 p.m., Antony Stone wrote:
>> On Monday 08 June 2015 at 12:53:00 (EU time), Robert Lasota wrote:
>>
>>> the problem is it still writes logs to files /var/log/access.log or
>>> /opt/var/log/access.log (depends what I set in conf) but never to rsyslog.
>>>
>>> I mean, I have set rsyslog to it send logs to remote central server, and
>>> from other apps like sshd or named its working and rsyslog send them , but
>>> Squid still not care that and writes locally to files.
>>>
>>> I set different combinations in squid.conf but nothing, even:
>>> access_log syslog squid
>>> cache_log syslog squid.
>>> ..also nothing
>> You appear to be missing the facility and priority settings (ie: telling
>> syslogd how to handle the messages).
>>
>> See http://www.squid-cache.org/Doc/config/access_log/
>>
>> Try something such as:
>>
>> access_log syslog:daemon.info
>
> Also, cache.log is the unified stderr output of all Squid sub-processes
> (workers, diskers, helpers etc). It cannot use syslog at this time.
>
> You can possibly make cache.log file point at a unix socket device that
> pipes somewhere like syslog though.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
to stop rsyslog from writing something, i use:

if $programname startswith 'NetworkManager' then -/dev/null
&~

all messages from NetworkManager are written out to /dev/null in 
asynchronous fashion (does not wait for confirmation of the write action 
succeeding, or fire-and-forget mode).  the &~ is a hard stop action so 
all processing of rules stops if the criteria are met.

you would probably want something like that, but will have to play 
around with it, to make it do what you want.

by the by, are you using plain rsyslog forwarding ala:

*.* @@remote-host:514

i am using RELP (Reliable Event Log Processing) to forward all logs from 
all my boxes to a central device where they are loaded into mariadb.  
the relp module creates a "store-and-forward" fifo queue that can 
overcome network outages (length of outage handled is dictated by queue 
size), and also uses TCP for reliability.  there are modules for 
encryption, authentication, etc for relp, too. there is also phplogcon, 
which i use to review the logs in the database.


More information about the squid-users mailing list