Author Topic: configure squid send log to log server  (Read 10335 times)

golfreeze

  • Administrator
  • Hero Member
  • *****
  • Posts: 2145
    • View Profile
    • นั่งสมาธิ สติปัฏฐานสี่ พาเที่ยววัด แนะนำวัด แจกcd ธรรมะฟรี
    • Email
configure squid send log to log server
« on: มีนาคม 11, 2015, 12:22:29 PM »
#vi /etc/syslog.conf
2. Select an appropriate facility and priority from the local0 – local7 range that is not currently utilized by other custom/local software. For example, local4.info is typically suitable.
3. Add the chosen facility to the end of the syslog.conf file and direct the logs to the LCP server using the “@” syntax as follows:
<facility>.<priority>(TAB)@<LCP IP Address>
Example:
local4.info @192.168.1.125

Configure Squid to Syslog
Next we must configure Squid to output the Access Logs via syslog.
This will not interfere with your current logging configuration as Squid is quite happy to log to multiple log systems/methods simultaneously
1. Open the squid configuration file (/etc/squid/squid.conf) in your preferred editor e.g. “vim”
# vim /etc/squid/squid.conf
2. Find the existing access_log configuration by searching for the directive “access_log”
3. Add a new access_log line below the current one with the following syntax:
access_log syslog:<facility>.<priority> squid

Example:
access_log syslog:local4.info squid


Verify Access Log Delivery
If required, you may verify the log delivery from the Squid server to the LCP using the tcpdump utility to verify the syslog traffic is passing as expected. Use the following syntax:
#tcpdump –n –i <interface name> host <LCP IP> and port 514
Example:
#tcpdump -n -i eth0 host 192.168.1.125 and port 514