[syslog-ng] Problem with Squid logs

[Matias Banchoff]

Hello,
   I have a problem with remote logging for Squid logs. Our setup is the 
following:

-  syslog-ng server: syslog-ng 3.1.3. It is a dedicated server for 
logging. From now on, the server.
-  syslog-ng in Squid: syslog-ng 2.0.9.  From now on, the client.

The Squid process writes three log files: access.log, store.log and 
cache.log. I have configured the client syslog-ng to send those files to 
the log server.

The problem is that the content of those files are sent only when 
syslog-ng starts on the client side. So:
1) The syslog-ng client writes all the information to the local files 
(access, cache and store). So, locally, it works.
2) The information is sent, but only when the client syslog-ng process 
restarts. So it is not a networking problem.
3) And, I've left the default config for all the other log stuff (like 
messages, syslog, etc.). That information is also sent to the log 
server. And, in this case, the information is sent constantly. I mean, I 
don't have to restart the syslog-ng client to make the Squid machine 
send the "messages", "syslog", "mail" and other logs.

I've googled a while, but the only thing I found was some article about 
delayed logs, but it was due a bad timestamp. The thing here is Squid 
writes its logs with a strange timestamp: "1302699202.239", for example.

Is there any way to translate that Squid timestamp into a more readable 
one, so I can probe if that is the problem? In addition, I've started 
syslog-ng client y debug mode (with -d -F), but nothing appears in the 
screen, although the logs are being written.

Thank you for any answer or comment you might have :-)






-----
CeSPI 
Centro Superior para el Procesamiento de la Información

Universidad Nacional de La Plata
-------------------------------------------------------------------------------
Proteja el Medioambiente. No imprima este mail si no es absolutamente necesario