[syslog-ng] Problem with Squid logs

Lance Laursen lance at demonware.net
Fri Apr 15 03:05:45 CEST 2011 

Hi Matias,

Squid supports logging directly to syslog. I would set that up and then
filter for program "squid".

On Wed, Apr 13, 2011 at 6:30 AM, Matias Banchoff
<matiasb at cespi.unlp.edu.ar>wrote:

> Hello!
>   I've just probed it and it works perfectly :-)
>   I used follow-freq(10).
>
>   Thank you, Sandor!!!!!
>
> Regards,
>    Matias
>
> On 04/13/2011 10:09 AM, Sandor Geller wrote:
> > Hello,
> >
> > On Wed, Apr 13, 2011 at 2:59 PM, Matias Banchoff
> > <matiasb at cespi.unlp.edu.ar>  wrote:
> >> Hello,
> >>    I have a problem with remote logging for Squid logs. Our setup is the
> >> following:
> >>
> >> -  syslog-ng server: syslog-ng 3.1.3. It is a dedicated server for
> >> logging. From now on, the server.
> >> -  syslog-ng in Squid: syslog-ng 2.0.9.  From now on, the client.
> > Very old version, but should still work.
> >
> >> The Squid process writes three log files: access.log, store.log and
> >> cache.log. I have configured the client syslog-ng to send those files to
> >> the log server.
> >>
> >> The problem is that the content of those files are sent only when
> >> syslog-ng starts on the client side. So:
> >> 1) The syslog-ng client writes all the information to the local files
> >> (access, cache and store). So, locally, it works.
> > These files are actually written by squid not by syslog-ng, right?
> > syslog-ng should just read this files.
> >
> >> 2) The information is sent, but only when the client syslog-ng process
> >> restarts. So it is not a networking problem.
> > I guess you aren't using the follow_freq() option for the incoming
> > files so when syslog-ng reaches EOF it will no longer try to read it.
> > the file offset gets stored so after restarting syslog-ng it will
> > continue reading from where it left before.
> >
> >> 3) And, I've left the default config for all the other log stuff (like
> >> messages, syslog, etc.). That information is also sent to the log
> >> server. And, in this case, the information is sent constantly. I mean, I
> >> don't have to restart the syslog-ng client to make the Squid machine
> >> send the "messages", "syslog", "mail" and other logs.
> > Other things work because syslog-ng keeps reading standard sources
> > like /dev/log. for files you need follow_freq() which is enabled only
> > in 3.x versions by default.
> >
> > Regards,
> >
> > Sandor
>
> -----
> CeSPI
> Centro Superior para el Procesamiento de la Información
>
> Universidad Nacional de La Plata
>
> -------------------------------------------------------------------------------
> Proteja el Medioambiente. No imprima este mail si no es absolutamente
> necesario
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20110414/72ec7a90/attachment.htm

More information about the syslog-ng mailing list