[squid-users] Remote Syslog for cache.log problem

Hi squid-users,

I've a problem sending the cache.log to a remote syslog server. First the facts:

I'm running squid 2.7 Stable9 on a Ubuntu 10.04 machine. For all daemons I use syslog-ng to log to a remote syslog server. This works perfectly fine for all daemons including the squid access log(s), but I can't get it working for the cache.log.

Let's have a look at the config:

In the squid.conf I configured the following two access logs:

access_log syslog:local5.info squid

access_log syslog:local6.info some_custom_format

debug_options are default.
Squid is started with "squid -s -DNYC -f squid.conf"

In my syslog-ng.conf I configured this (for debugging purposes I also logged to locale files):

filter f_squid_cache {

    program(squid) and facility(local4);

};

destination d_local_squid_cache {

    file("/var/log/squid/cache.log");

};

destination d_remote_squid_cache {

   udp("someIP" port(514));

};

log {

    source(s_local);

    filter(f_squid_cache);

    destination(d_local_squid_cache);

    destination(d_remote_squid_cache);

};

The same goes for both access logs, only the facilities and the identifier names are substituted.

As far as I understood the -s switch, squid send copies of cache.log messages to syslog using the Local4 facility. Furthermore only messages with level 0/1 are forwarded. This would be perfectly fine for me.

When I now run squid with those configs, all three log files are sent to syslog, matched and written to local files. Both access logs are also sent to the remote syslog server as intended. But for some unknown reason the cache log is only stored locally and is not sent to the remote host (remember: same syslog configuration as for access logs).

Running syslog-ng with debugging and verbose parameters does not give me any information about the reason. Also there is no hint in the cache.log. It is simply not working.

While playing with the squid program arguments I also noticed some weird behavior, maybe a bug in squid. By omitting the -s switch, squid is not intended to log the cache messages to syslog.
But if the cache.log pattern in the syslog-ng.conf remains I still receive the cache.log messages in syslog (the cache_log directive in squid.conf is not specified, thus using the default value)!?
Maybe those things are related.

Any suggestions?

Sincerely,

Jack F.

-- 
Neu: GMX De-Mail - Einfach wie E-Mail, sicher wie ein Brief!  
Jetzt De-Mail-Adresse reservieren: http://portal.gmx.net/de/go/demail