I'm very very sorry for replying to your email directly, I didn't mention to, I just clicked reply on gmail
I wanted squid to log to syslog, using the syslog module on ubuntu the socket path is /dev/log
from there I have my rsyslog config that forwards it to logstash
In any case my manager just told me to not log directly to syslog anymore, he wants to write the logs to file and have them shipped to syslog
In any case I think I found the root of my problems, my squid.conf was being built using patch, I had a file with only the diff.
So it looks like the patch wasn't being applied correctly, so squid was running with the default conf file.
Thanks for the help, and sorry again
Avraham
On Wed, Nov 11, 2015 at 2:55 PM, Sebastian Kirschner <s.kirschner@xxxxxxxxxxxxx> wrote:
Hi Avraham,
1. Please do not contact me direct, use the Mailing List.
I read the sentences you wrote to me again,
do you really want that squid logs the things that would go in access.log to your /var/log/syslog (default debian path),
or do you just want to see what is written in the access.log.
For Changing the location/ way that squid log the access entries read 2. , if not the default
path of the access log is /usr/local/squid/var/logs/access.log.
2. As you could see what Yuri Voinov wrote
> #
># udp To send each log line as text data to a UDP receiver.
># Place: The destination host name or IP and port.
># Place Format: //host:port
>#
># tcp To send each log line as text data to a TCP receiver.
># Lines may be accumulated before sending (see buffered_logs).
># Place: The destination host name or IP and port.
># Place Format: //host:port
>#
># Default:
># access_log daemon:/var/log/squid/access.log squid
>#Default:
># access_log daemon:/var/log/squid/access.log squid
These is snipped from the squid configuration documents on squid page (http://www.squid-cache.org/Doc/config/access_log/).
You could try ( I didn’t do it before) to use syslog as module and insert it in your squid.conf
Best Regards
Sebastian
Von: Avraham Serour [mailto:tovmeod@xxxxxxxxx]
Gesendet: Mittwoch, 11. November 2015 11:48
An: Sebastian Kirschner
Betreff: Re: logging to syslog
I'm actually using rsyslog, it comes with ubuntu
in any case my conf for now is:
template(name="lesquid_accessFormat" type="string" string="programname=%programname% %msg%\n")
action(type="omfile" dirCreateMode="0700" FileCreateMode="0644"
File="/var/log/messages" template="lesquid_accessFormat")
then I tail the /var/log/messages file and check what happens when I make a request using the proxy
On Wed, Nov 11, 2015 at 12:09 PM, Avraham Serour <tovmeod@xxxxxxxxx> wrote:
so where should the symlink should be? what is the default unix socket path that squid tried to use?
On Wed, Nov 11, 2015 at 10:11 AM, Sebastian Kirschner <s.kirschner@xxxxxxxxxxxxx> wrote:
Hi Avraham,
I think it wouldnt be a good idea to just create a symlink because squid (or the user under which squid runs) then must have access to the syslog,
and if your squid instance get compromised the the syslog is open to read for these one.
Best Regards
Sebastian
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
