Hi Matias,<div><br></div><div>Squid supports logging directly to syslog. I would set that up and then filter for program "squid".<br><br><div class="gmail_quote">On Wed, Apr 13, 2011 at 6:30 AM, Matias Banchoff <span dir="ltr"><<a href="mailto:matiasb@cespi.unlp.edu.ar">matiasb@cespi.unlp.edu.ar</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Hello!<br>
I've just probed it and it works perfectly :-)<br>
I used follow-freq(10).<br>
<br>
Thank you, Sandor!!!!!<br>
<br>
Regards,<br>
<font color="#888888"> Matias<br>
</font><div><div></div><div class="h5"><br>
On 04/13/2011 10:09 AM, Sandor Geller wrote:<br>
> Hello,<br>
><br>
> On Wed, Apr 13, 2011 at 2:59 PM, Matias Banchoff<br>
> <<a href="mailto:matiasb@cespi.unlp.edu.ar">matiasb@cespi.unlp.edu.ar</a>> wrote:<br>
>> Hello,<br>
>> I have a problem with remote logging for Squid logs. Our setup is the<br>
>> following:<br>
>><br>
>> - syslog-ng server: syslog-ng 3.1.3. It is a dedicated server for<br>
>> logging. From now on, the server.<br>
>> - syslog-ng in Squid: syslog-ng 2.0.9. From now on, the client.<br>
> Very old version, but should still work.<br>
><br>
>> The Squid process writes three log files: access.log, store.log and<br>
>> cache.log. I have configured the client syslog-ng to send those files to<br>
>> the log server.<br>
>><br>
>> The problem is that the content of those files are sent only when<br>
>> syslog-ng starts on the client side. So:<br>
>> 1) The syslog-ng client writes all the information to the local files<br>
>> (access, cache and store). So, locally, it works.<br>
> These files are actually written by squid not by syslog-ng, right?<br>
> syslog-ng should just read this files.<br>
><br>
>> 2) The information is sent, but only when the client syslog-ng process<br>
>> restarts. So it is not a networking problem.<br>
> I guess you aren't using the follow_freq() option for the incoming<br>
> files so when syslog-ng reaches EOF it will no longer try to read it.<br>
> the file offset gets stored so after restarting syslog-ng it will<br>
> continue reading from where it left before.<br>
><br>
>> 3) And, I've left the default config for all the other log stuff (like<br>
>> messages, syslog, etc.). That information is also sent to the log<br>
>> server. And, in this case, the information is sent constantly. I mean, I<br>
>> don't have to restart the syslog-ng client to make the Squid machine<br>
>> send the "messages", "syslog", "mail" and other logs.<br>
> Other things work because syslog-ng keeps reading standard sources<br>
> like /dev/log. for files you need follow_freq() which is enabled only<br>
> in 3.x versions by default.<br>
><br>
> Regards,<br>
><br>
> Sandor<br>
<br>
</div></div><div class="im">-----<br>
CeSPI<br>
Centro Superior para el Procesamiento de la Información<br>
<br>
Universidad Nacional de La Plata<br>
-------------------------------------------------------------------------------<br>
Proteja el Medioambiente. No imprima este mail si no es absolutamente necesario<br>
______________________________________________________________________________<br>
</div><div><div></div><div class="h5">Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.campin.net/syslog-ng/faq.html" target="_blank">http://www.campin.net/syslog-ng/faq.html</a><br>
<br>
</div></div></blockquote></div><br>
</div>