Re: [squid-users] Remote Syslog for cache.log problem

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 19 Nov 2010 02:26:35 +1300

On 19/11/10 01:48, Jack Falworth wrote:
> Hi squid-users,
>
> I've a problem sending the cache.log to a remote syslog server. First
> the facts:
>
> I'm running squid 2.7 Stable9 on a Ubuntu 10.04 machine. For all
> daemons I use syslog-ng to log to a remote syslog server. This works
> perfectly fine for all daemons including the squid access log(s), but
> I can't get it working for the cache.log.
>
> Let's have a look at the config:
>
> In the squid.conf I configured the following two access logs:
>
> access_log syslog:local5.info squid
>
> access_log syslog:local6.info some_custom_format
>
> debug_options are default. Squid is started with "squid -s -DNYC -f
> squid.conf"
>
> In my syslog-ng.conf I configured this (for debugging purposes I also
> logged to locale files):
>
> filter f_squid_cache {
>
> program(squid) and facility(local4);
>
> };
>
> destination d_local_squid_cache {
>
> file("/var/log/squid/cache.log");
>
> };
>
> destination d_remote_squid_cache {
>
> udp("someIP" port(514));
>
> };
>
> log {
>
> source(s_local);
>
> filter(f_squid_cache);
>
> destination(d_local_squid_cache);
>
> destination(d_remote_squid_cache);
>
> };
>
> The same goes for both access logs, only the facilities and the
> identifier names are substituted.
>
> As far as I understood the -s switch, squid send copies of cache.log
> messages to syslog using the Local4 facility. Furthermore only
> messages with level 0/1 are forwarded. This would be perfectly fine
> for me.
>
> When I now run squid with those configs, all three log files are sent
> to syslog, matched and written to local files. Both access logs are
> also sent to the remote syslog server as intended. But for some
> unknown reason the cache log is only stored locally and is not sent
> to the remote host (remember: same syslog configuration as for access
> logs).
>
> Running syslog-ng with debugging and verbose parameters does not give
> me any information about the reason. Also there is no hint in the
> cache.log. It is simply not working.
>
> While playing with the squid program arguments I also noticed some
> weird behavior, maybe a bug in squid. By omitting the -s switch,
> squid is not intended to log the cache messages to syslog. But if the
> cache.log pattern in the syslog-ng.conf remains I still receive the
> cache.log messages in syslog (the cache_log directive in squid.conf
> is not specified, thus using the default value)!? Maybe those things
> are related.
>
> Any suggestions?
>

-s could be local4 or could be daemon. The OS support decides.

Use -l with the facility label if you want to be sure of what it is.

As for when its not specified, the initial start sequence before
cache.log (file) is opened goes to stderr. The system daemon
infrastructure usually pipes such to syslog or messages logs.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.9
   Beta testers wanted for 3.2.0.3
Received on Thu Nov 18 2010 - 13:26:43 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 18 2010 - 12:00:03 MST