[squid-users] Fwd: squid 3.1 to export access_log to rsyslog

-----Mensaje original-----
De: david_at_lang.hm [mailto:david_at_lang.hm]
Enviado el: Tuesday, April 05, 2011 11:13 PM
Para: osmany_at_es.quimefa.cu
CC: squid-users_at_squid-cache.org
Asunto: Re: [squid-users] Fwd: squid 3.1 to export access_log to rsyslog

On Tue, 5 Apr 2011, osmany_at_es.quimefa.cu wrote:

> Hi everyone,
>
> I would like to know how to export access_log in squid to a central
> rsyslog in my network I know I should you a local rsyslog daemon to
> forward logs to the central server but I just can't get squid to
> actually write to the local rsyslog daemon and I tried various things:
>
> access_log syslog:daemon
> access_log rsyslog:daemon
> access_log /usr/local/sbin/rsyslog:daemon
>
> the closest I've been to accomplish this is getting a message in the
> cache_log that says parent folder not writable or something like that.
> some error of squid complaining about permissions on the folders which
> I don't understand since it can perfectly write to them if I go back
> to the default settings. Can anyone please help?

Squid does not appear to support sending directly to a remote syslog server,
you need to send it to a local syslog daemon and have that configured to
send the logs to a remote server.

what happens if you just set

access_log syslog squid

this tells squid to write to syslog (without setting a facility) and to
write using the format 'squid'

David Lang

So this is what I have now in my squid.conf:

access_log syslog squid

and I also have

access_log /usr/local/squid/var/logs/access.log

I have both because I want squid to keep generating logs locally until I am
sure that the centralized syslog is receiving everything from this squid

Now squid doesn't have any problem with these new two lines I wrote in the
configuration. It runs fine. But I just can't get it to log to the remote
syslog server

I have this in my rsyslog.conf file:

$ModLoad immark.so # provides --MARK-- message capability
$ModLoad imuxsock.so # provides support for local system logging
$ModLoad imklog.so # kernel logging

$WorkDirectory /rsyslog/spool # where to place spool files
$ActionQueueFileName uniqName # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
squid.* @@10.25.1.20:2001

*.err;kern.warning;auth.notice;mail.crit /dev/console
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err
/var/log/message
squid.*
/usr/local/squid/var/logs/access.log

I'm sure that the configuration on the rsyslog remote server is fine because
it's receiving logs successfully from other servers (other services).
I know this is actually going out of subject because this is a squid mailing
list, but I'm sure some of you have run to a similar problem so I figured to
keep asking you. Can you please keep helping me to solve this?

Thanks in advance.
Received on Thu Apr 07 2011 - 18:43:55 MDT