Search squid archive

Re: Fwd: squid 3.1 to export access_log to rsyslog

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 7 Apr 2011, Osmany Goderich wrote:


-----Mensaje original-----
De: david@xxxxxxx [mailto:david@xxxxxxx]
Enviado el: Tuesday, April 05, 2011 11:13 PM
Para: osmany@xxxxxxxxxxxxx
CC: squid-users@xxxxxxxxxxxxxxx
Asunto: Re:  Fwd: squid 3.1 to export access_log to rsyslog

On Tue, 5 Apr 2011, osmany@xxxxxxxxxxxxx wrote:


I have this in my rsyslog.conf file:

$ModLoad immark.so   # provides --MARK-- message capability
$ModLoad imuxsock.so # provides support for local system logging
$ModLoad imklog.so   # kernel logging

$WorkDirectory /rsyslog/spool # where to place spool files
$ActionQueueFileName uniqName # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList   # run asynchronously
$ActionResumeRetryCount -1    # infinite retries if host is down
squid.* @@10.25.1.20:2001

*.err;kern.warning;auth.notice;mail.crit                /dev/console
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err
/var/log/message
squid.*
/usr/local/squid/var/logs/access.log


I'm sure that the configuration on the rsyslog remote server is fine because
it's receiving logs successfully from other servers (other services).
I know this is actually going out of subject because this is a squid mailing
list, but I'm sure some of you have run to a similar problem so I figured to
keep asking you. Can you please keep helping me to solve this?
Ok, the problem is that 'squid' is not something that syslog knows about, so you can't say 'squid.*'
if you just log *.* I beleive that you will see that you are receiving (and forwarding) the squid logs, but that may be more logs than you want to do that with. 

IIRC there are 14-16 'facilities' that syslog knows about

in the squid.conf

instead of saying

access_log syslog squid

say

access_log syslog:local2 squid

and then in rsyslog try

local2.*

as your filter and see how that works.
most examples use 'local0', but exactly because of that I try to avoid using local0 and use one of the other ones. 

David Lang
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux