Search squid archive

Re: Fwd: squid 3.1 to export access_log to rsyslog

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 08/04/11 12:20, david@xxxxxxx wrote:
On Thu, 7 Apr 2011, Osmany Goderich wrote:

-----Mensaje original-----
De: david@xxxxxxx [mailto:david@xxxxxxx]
Enviado el: Tuesday, April 05, 2011 11:13 PM
Para: osmany@xxxxxxxxxxxxx
CC: squid-users@xxxxxxxxxxxxxxx
Asunto: Re:  Fwd: squid 3.1 to export access_log to rsyslog

On Tue, 5 Apr 2011, osmany@xxxxxxxxxxxxx wrote:


I have this in my rsyslog.conf file:

$ModLoad immark.so # provides --MARK-- message capability
$ModLoad imuxsock.so # provides support for local system logging
$ModLoad imklog.so # kernel logging

$WorkDirectory /rsyslog/spool # where to place spool files
$ActionQueueFileName uniqName # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
squid.* @@10.25.1.20:2001

*.err;kern.warning;auth.notice;mail.crit /dev/console
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err
/var/log/message
squid.*
/usr/local/squid/var/logs/access.log


I'm sure that the configuration on the rsyslog remote server is fine
because
it's receiving logs successfully from other servers (other services).
I know this is actually going out of subject because this is a squid
mailing
list, but I'm sure some of you have run to a similar problem so I
figured to
keep asking you. Can you please keep helping me to solve this?

Ok, the problem is that 'squid' is not something that syslog knows
about, so you can't say 'squid.*'

if you just log *.* I beleive that you will see that you are receiving
(and forwarding) the squid logs, but that may be more logs than you want
to do that with.

IIRC there are 14-16 'facilities' that syslog knows about

in the squid.conf

instead of saying

access_log syslog squid

say

access_log syslog:local2 squid

and then in rsyslog try

local2.*

as your filter and see how that works.

most examples use 'local0', but exactly because of that I try to avoid
using local0 and use one of the other ones.

David Lang

It's good to be aware of the defaults as well.

A facility is pretty much required. If unset the log details show up at whatever default the OS has. Which can be the kernel-level priority on some systems. Very annoying.

If unset the priority used in "info"

So this
 access_log syslog:local2 squid
is the same as this:
 access_log syslog:local2.info squid

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.12
  Beta testers wanted for 3.2.0.6


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux