Configuring Syslog Forwarding
You can configure Squid to use syslog to forward your access and cache events.
- Use SSH log in to the Squid device command-line interface.
- Open the following file:
/etc/rc3.d/S99local
Note:If /etc/rc3.d/S99local does not exist, use /etc/rc.d/rc.local.
- Add the following line:
tail -f /var/log/squid/access.log | logger -p <facility>.<priority> &
<facility> is any valid syslog facility, written in lower case such as
authpriv
,daemon
,local0
tolocal7
, oruser
.
<priority> is any valid priority written in lower case such as
err
,warning
,notice
,info
,debug
.
- Save and close the file.
Logging begins the next time that the system is restarted.
- To begin logging immediately, type the following command:
nohup sh -c "tail -f /var/log/squid/access.log | logger -p <facility>.<priority>" &
The <facility> and <priority> options are the same values that you entered.
- Open the following file:
/etc/syslog.conf
Note:When using rsyslog, open /etc/rsyslog.conf instead of /etc/syslog.conf.
- Add the following line to send the logs to JSA:
<facility>.<priority> @<JSA_IP_address>
The following example shows a priority and facility for Squid messages and a JSA IP address:
info.local4 @172.16.210.50
- Add the following line to the squid.conf file to turn httpd log file emulation off:
emulate_httpd_log_off
- Confirm that access_log format ends in common.
access_log /path/to/access.log common
If the access_log format end value is squid, change squid to common, as displayed in the example.
If the access_log format does not have an ending value, add the following line to the Squid conf file to turn on httpd log file emulation:
emulate_httpd_log on
- Choose one of the following options:
To restart the Squid service, type the following command:
service squid restart
To reload the configuration without restarting the service, type the following command:
/usr/sbin/squid -k reconfigure
- Save and close the file.
- Type the following command to restart the syslog daemon:
/etc/init.d/syslog restart
For more information about configuring Squid, see your vendor documentation.
After you configure syslog forwarding for your cache and access logs, the configuration is complete. JSA can automatically discover syslog events forwarded from Squid.