Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring Syslog Forwarding

 

You can configure Squid to use syslog to forward your access and cache events.

  1. Use SSH log in to the Squid device command-line interface.
  2. Open the following file:

    /etc/rc3.d/S99local

    Note

    If /etc/rc3.d/S99local does not exist, use /etc/rc.d/rc.local.

  3. Add the following line:

    tail -f /var/log/squid/access.log | logger -p <facility>.<priority> &

    • <facility> is any valid syslog facility, written in lower case such as authpriv, daemon, local0 to local7, or user.

    • <priority> is any valid priority written in lower case such as err, warning, notice, info, debug.

  4. Save and close the file.

    Logging begins the next time that the system is restarted.

  5. To begin logging immediately, type the following command:

    nohup tail -f /var/log/squid/access.log | logger -p <facility>.<priority> &

    The <facility> and <priority> options are the same values that you entered.

  6. Open the following file:

    /etc/syslog.conf

    Note

    When using rsyslog, open /etc/rsyslog.conf instead of /etc/syslog.conf.

  7. Add the following line to send the logs to JSA:

    <priority>.<facility> @<JSA_IP_address>

    The following example shows a priority and facility for Squid messages and a JSA IP address:

    info.local4 @172.16.210.50

  8. Add the following line to the squid.conf file to turn httpd log file emulation off:

    emulate_httpd_log_off

  9. Confirm that access_log format ends in common.

    If the access_log format end value is squid, change squid to common, as displayed in the example.

    If the access_log format does not have an ending value, add the following line to the Squid conf file to turn on httpd log file emulation:

    emulate_httpd_log on

  10. Choose one of the following options:
    • To restart the Squid service, type the following command:

    • To reload the configuration without restarting the service, type the following command:

  11. Save and close the file.
  12. Type the following command to restart the syslog daemon:

    /etc/init.d/syslog restart

    For more information about configuring Squid, see your vendor documentation.

After you configure syslog forwarding for your cache and access logs, the configuration is complete. JSA can automatically discover syslog events forwarded from Squid.