2

According to this documentation: http://www.squid-cache.org/Doc/config/access_log/

squid should be able to log to rsyslog with the following directives:

access_log syslog:daemon.info squid
cache_log  syslog:daemon.info squid

However when I try to restart it I get:

WARNING: Cannot write log file: syslog:daemon.info
syslog:daemon.info: Permission denied
         messages will be sent to 'stderr'.

I have tried all facilities from local0-local7 as well it says the same thing. It seems rsyslog is disallowing squid to log into it. Squid is running with the proxy user.

Any idea how to fix this?

Andrew Schulman
  • 8,811
  • 21
  • 32
  • 47
napalmbrain
  • 31
  • 1
  • 3
  • What version of squid are you running? – Paul Haldane Apr 17 '15 at 10:29
  • ii squid3 3.1.20-2.2+deb7u2 amd64 Full featured Web Proxy cache (HTTP proxy) ii squid3-common 3.1.20-2.2+deb7u2 all Full featured Web Proxy cache (HTTP proxy) - common files – napalmbrain Apr 17 '15 at 10:32
  • That looks more like squid isn't recognising `syslog:daemon.info` as a special string and is instead just treating it as a normal file name. What happens if you try using the `-s` option with squid to direct logs to syslog? – Paul Haldane Apr 17 '15 at 11:06

3 Answers3

1

Well this wasn't easy to fix, was done by mostly experimenting:

Only the:

access_log syslog squid
cache_log syslog squid

Directives in the config are working and even they will produce the same error at the start of Squid 3:

ARNING: Cannot write log file: syslog
syslog: Permission denied
         messages will be sent to 'stderr'.

Anything else, including using the -s will not work! Once these directives are applied, Squid will completely stop logging to the access.log and cache.log files.

Unfortunately without defining facilities this will flood both messages+syslog files but I will leave that to rsyslog rules to filter them out.

napalmbrain
  • 31
  • 1
  • 3
1

in squid.conf you may need to write like 

access_log syslog:local2 squid

and then in rsyslog 

local2.* @@syslogserverip:syslogport
Mansur Ul Hasan
  • 262
  • 3
  • 9
  • One correction in above answer.. add * after local2 or log level such as info,warn,error..... Example access_log syslog:local2.* squid OR access_log syslog:local2.info squid – learner Aug 01 '18 at 07:01
0

Making correction in Mansur's answer above

in squid.conf you may need to write like

access_log syslog:local2.info squid
access_log syslog:local2.* squid

and then in rsyslog

local2.* @@syslogserverip:syslogport
learner
  • 101
  • 2