Logmanager documentation
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Logmanager documentation
  2. /
  3. Log source devices configuration
  4. /
  5. Squid

Squid

Squid is an open source cache / proxy server. It primarily takes care HTTP and FTP protocols, but it also supports HTTPS, TLS and SSL to a limited extent. It is used on the web servers as a reverse proxy to cache repetitive requests.

All server activity information can be logged using the Rsyslog or Syslog-NG server which is then set to send data to the Logmanager server.

Squid server settings

  1. Edit the Squid server configuration file /etc/squid/squid.conf (or it is located /usr/lokal/squid/etc/squid.conf).

  2. Search a part LOGFILE OPTIONS and edit following parameters for logformat:

    logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt
access_log syslog:local1.info squid

  3. Restart Squid server by using command:

    /etc/init.d/squid restart

This completes the Squid server configuration. Now continue with the Rsyslog or Syslog-NG configuration.

Rsyslog server settings

Rsyslog tracks all logs that are available on Linux systems. There are several ways to set up Rsyslog to forward the required logs to the Logmanager server.

Sending Squid messages to the Logmanager server

Please do the following steps:

  1. Create a file /etc/rsyslog.d/lm_squid_local1.conf.

  2. Paste the following code into it:

    $ModLoad imuxsock # local message reception
$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName access_squid
$ActionResumeRetryCount -1 # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down

# max limit the number of messages that queue can contain
$ActionQueueSize 10000
$ActionQueueMaxFileSize 10M # limit the size of queue buffer on disk

# setting facility and severinity monitoring:
local1.=info     @@<Logmanager_IP_address>:514

  3. Restart Rsyslog server by using command:

    /etc/init.d/rsyslog restart

Syslog-NG server settings

Syslog saves events on Linux systems. These messages are stored locally in individual files. These messages can be set up to forward to the Logmanager server.

Sending Squid messages to the Logmanager server

  1. According to the chapter Linux Syslog-NG check the source and @include settings.

  2. Create a file /etc/syslog-ng/conf.d/lm_squid_local1.conf.

  3. Paste the following code into it:

    # the target of sending messages to the Logmanager server
destination d_netlm {
    tcp(
      "<Logmanager_IP_address>"
      port(514)
      log-fifo-size(10000)
  );
};

# Filtr pro facilitu local1
filter f_local1 { facility(local1) };

# Implementation of the action, i.e sending a Squid message to the Logmanager server
log { 
   source(s_src); 
   filter(f_local1); 
   destination(d_netlm); 
};

  4. Restart Syslog-NG server by using command:

    /etc/init.d/syslog-ng restart

Now your Squid server will send logged messages to the Logmanager server.