-----Mensaje original----- De: david@xxxxxxx [mailto:david@xxxxxxx] Enviado el: Tuesday, April 05, 2011 11:13 PM Para: osmany@xxxxxxxxxxxxx CC: squid-users@xxxxxxxxxxxxxxx Asunto: Re: Fwd: squid 3.1 to export access_log to rsyslog On Tue, 5 Apr 2011, osmany@xxxxxxxxxxxxx wrote: > Hi everyone, > > I would like to know how to export access_log in squid to a central > rsyslog in my network I know I should you a local rsyslog daemon to > forward logs to the central server but I just can't get squid to > actually write to the local rsyslog daemon and I tried various things: > > access_log syslog:daemon > access_log rsyslog:daemon > access_log /usr/local/sbin/rsyslog:daemon > > the closest I've been to accomplish this is getting a message in the > cache_log that says parent folder not writable or something like that. > some error of squid complaining about permissions on the folders which > I don't understand since it can perfectly write to them if I go back > to the default settings. Can anyone please help? Squid does not appear to support sending directly to a remote syslog server, you need to send it to a local syslog daemon and have that configured to send the logs to a remote server. what happens if you just set access_log syslog squid this tells squid to write to syslog (without setting a facility) and to write using the format 'squid' David Lang So this is what I have now in my squid.conf: access_log syslog squid and I also have access_log /usr/local/squid/var/logs/access.log I have both because I want squid to keep generating logs locally until I am sure that the centralized syslog is receiving everything from this squid Now squid doesn't have any problem with these new two lines I wrote in the configuration. It runs fine. But I just can't get it to log to the remote syslog server I have this in my rsyslog.conf file: $ModLoad immark.so # provides --MARK-- message capability $ModLoad imuxsock.so # provides support for local system logging $ModLoad imklog.so # kernel logging $WorkDirectory /rsyslog/spool # where to place spool files $ActionQueueFileName uniqName # unique name prefix for spool files $ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) $ActionQueueSaveOnShutdown on # save messages to disk on shutdown $ActionQueueType LinkedList # run asynchronously $ActionResumeRetryCount -1 # infinite retries if host is down squid.* @@10.25.1.20:2001 *.err;kern.warning;auth.notice;mail.crit /dev/console *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/message squid.* /usr/local/squid/var/logs/access.log I'm sure that the configuration on the rsyslog remote server is fine because it's receiving logs successfully from other servers (other services). I know this is actually going out of subject because this is a squid mailing list, but I'm sure some of you have run to a similar problem so I figured to keep asking you. Can you please keep helping me to solve this? Thanks in advance.
