Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring Syslog Forwarding

 

You can configure Squid to use syslog to forward your access and cache events.

  1. Use SSH log in to the Squid device command-line interface.
  2. Open the following file:

    /etc/rc3.d/S99local

  3. Add the following line:

    tail -f /var/log/squid/access.log | logger -p <facility>.<priority> &

    • <facility> is any valid syslog facility, written in lower case such as authpriv, daemon, local0 to local7, or user.

    • <priority> is any valid priority written in lower case such as err, warning, notice, info, debug.

  4. Save and close the file.

    Logging begins the next time that the system is restarted.

  5. To begin logging immediately, type the following command:

    nohup tail -f /var/log/squid/access.log | logger -p <facility>.<priority> &

    The <facility> and <priority> options are the same values that you entered.

  6. Open the following file:

    /etc/syslog.conf

  7. Add the following line to send the logs to JSA:

    <priority>.<facility> @<JSA_IP_address>

    The following example shows a priority and facility for Squid messages and a JSA IP address:

    info.local4 @172.16.210.50

  8. Add the following line to the squid.conf file to turn httpd log file emulation off:

    emulate_httpd_log_off

  9. Choose one of the following options:
    • To restart the Squid service, type the following command:

    • To reload the configuration without restarting the service, type the following command:

  10. Save and close the file.
  11. Type the following command to restart the syslog daemon:

    /etc/init.d/syslog restart

    For more information about configuring Squid, see your vendor documentation.

After you configure syslog forwarding for your cache and access logs, the configuration is complete. JSA can automatically discover syslog events forwarded from Squid.