[syslog-ng] Problem with Squid logs
Matias Banchoff
matiasb at cespi.unlp.edu.ar
Wed Apr 13 15:30:27 CEST 2011
Hello!
I've just probed it and it works perfectly :-)
I used follow-freq(10).
Thank you, Sandor!!!!!
Regards,
Matias
On 04/13/2011 10:09 AM, Sandor Geller wrote:
> Hello,
>
> On Wed, Apr 13, 2011 at 2:59 PM, Matias Banchoff
> <matiasb at cespi.unlp.edu.ar> wrote:
>> Hello,
>> I have a problem with remote logging for Squid logs. Our setup is the
>> following:
>>
>> - syslog-ng server: syslog-ng 3.1.3. It is a dedicated server for
>> logging. From now on, the server.
>> - syslog-ng in Squid: syslog-ng 2.0.9. From now on, the client.
> Very old version, but should still work.
>
>> The Squid process writes three log files: access.log, store.log and
>> cache.log. I have configured the client syslog-ng to send those files to
>> the log server.
>>
>> The problem is that the content of those files are sent only when
>> syslog-ng starts on the client side. So:
>> 1) The syslog-ng client writes all the information to the local files
>> (access, cache and store). So, locally, it works.
> These files are actually written by squid not by syslog-ng, right?
> syslog-ng should just read this files.
>
>> 2) The information is sent, but only when the client syslog-ng process
>> restarts. So it is not a networking problem.
> I guess you aren't using the follow_freq() option for the incoming
> files so when syslog-ng reaches EOF it will no longer try to read it.
> the file offset gets stored so after restarting syslog-ng it will
> continue reading from where it left before.
>
>> 3) And, I've left the default config for all the other log stuff (like
>> messages, syslog, etc.). That information is also sent to the log
>> server. And, in this case, the information is sent constantly. I mean, I
>> don't have to restart the syslog-ng client to make the Squid machine
>> send the "messages", "syslog", "mail" and other logs.
> Other things work because syslog-ng keeps reading standard sources
> like /dev/log. for files you need follow_freq() which is enabled only
> in 3.x versions by default.
>
> Regards,
>
> Sandor
-----
CeSPI
Centro Superior para el Procesamiento de la Información
Universidad Nacional de La Plata
-------------------------------------------------------------------------------
Proteja el Medioambiente. No imprima este mail si no es absolutamente necesario
More information about the syslog-ng
mailing list