mån 2009-10-19 klockan 14:26 +0200 skrev anti spamЯ:
> I have 4 different squid servers (three running squid-2.7.STABLE7 and
> one squid-3.0.STABLE16) working on different subnets, and I'd like to
> centralize their access.log entries to a remote log server.
My recommendation would be to log to file, rotate the logs fairly
frequently (number of times a day) using logrotate with timestamped logs
(using date + time, not numbered), and poll the logs with rsync over ssh
to the central location. This way the proxy servers operation is fully
independent of the log server, and you won't loose any log records
unless the log server is down for longer than the interval kept locally
on the proxy servers by logrotate.
> I've read somewhere that using the syslog facility with huge amounts
> of traffic causes log to be incomplete on the centralized log server.
Yes, at least for syslog-over-UDP communication which is the default
syslog network protocol.
syslog-ng and some other syslog servers can also log over TCP which is
not as sensitive, but it's still a little fragile as syslog is only
best-effort and do not keep track of what log entries have actually
reached the central server, so if there is even a temporary
communication glitch then log entries will be lost.
Regards
Henrik
Received on Mon Oct 19 2009 - 18:48:10 MDT
This archive was generated by hypermail 2.2.0 : Tue Oct 20 2009 - 12:00:03 MDT