We're evaluating to use Squid proxy with Cyberoam iView for report statistics provider, installed on a w2k3 system.
I've installed a fresh install of both Squid and iView.
I've followed the steps showed in the "windows setup" manual:
1. Created file /etc/syslog-ng/syslog-ng.conf with the txt:
*(The filter removes all entries that come from the program 'squid' from the syslog)*
filter f_remove { program("squid"); };
*(Everything that should be in the 'user' facility)*
filter f_user { facility(local4); };
*(The log destination should be the '/var/log/user.log' file)*
destination df_user { file("/var/log/user.log"); };
*(The log destination should be sent via UDP)*
destination logserver { udp("< ip address of Cyberoam iView>"); };
*(The actual logging directive*)
log {
source(src);
*(Apply the 'f_user' filter)*
filter(f_user);
*(Apply the 'f_remove' filter to remove all squid entries)*
filter(f_remove);
*(Send whatever is left in the user facility log file to the 'user.log' file)*
destination(df_user);
*(Send it to the logserver)*
destination(logserver);
};
I suppose you might have gone through this, however wanted to just reiterate the steps sequentially.
1. In the syslog-ng.conf file, we need to put in the IP Address of the server iView is installed on. There after, ensure that the syslog-ng.conf file has the option for 'src' set.
source src {
internal();
};
2. Then restart the syslog-ng service and see if there are any errors while running it.
3. Then for squid, ensure that the access_log line is set as:
access_ log syslog:DEBUG iview
4. Ensure that there is a file named user.log in /var/log/.
5. After that open iView -> System -> Archieves -> Live logs. Here you would find the logs as generated by squid.
Regards,
-=Srijan Nandi
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
We're evaluating to use Squid proxy with Cyberoam iView for report statistics provider, installed on a w2k3 system.
I've installed a fresh install of both Squid and iView.
I've followed the steps showed in the "windows setup" manual:
1. Created file /etc/syslog-ng/syslog-ng.conf with the txt:
*(The filter removes all entries that come from the program 'squid' from the syslog)*
filter f_remove { program("squid"); };
*(Everything that should be in the 'user' facility)*
filter f_user { facility(local4); };
*(The log destination should be the '/var/log/user.log' file)*
destination df_user { file("/var/log/user.log"); };
*(The log destination should be sent via UDP)*
destination logserver { udp("< ip address of Cyberoam iView>"); };
*(The actual logging directive*)
log {
source(src);
*(Apply the 'f_user' filter)*
filter(f_user);
*(Apply the 'f_remove' filter to remove all squid entries)*
filter(f_remove);
*(Send whatever is left in the user facility log file to the 'user.log' file)*
destination(df_user);
*(Send it to the logserver)*
destination(logserver);
};
2.Update squid.conf with the below given text:
/etc/squid/squid.conf
logformat iview device_ id=squid log_ component=HTTP log_ type="Content Filtering" log_ subtype=Allowed user_ name=%un src_ ip=%>a domainname=%<
A user_ gp=%ui contenttype=%mt protocol=6 category= url=%ru recv_ bytes=%< st log_ type= dst_ port=%lp
access_ log syslog:LOG_ LOCAL4 iview
but squid starts and seem doesn't contact iView. I also can read in cache.log when squid starts:
2010/12/22 17:36:23| Starting Squid Cache version 2.7.STABLE8 for i686-pc-winnt…
…………….
2010/12/22 17:36:23| logfileOpen: opening log j:/Squid/var/logs/access.log
2010/12/22 17:36:23| logfileOpen: opening log syslog:LOG_LOCAL4
…………….
2010/12/22 17:36:24| storeLateRelease: released 0 objects
with no error. What I can do?
Thanks for help.
regards,
Fabrizio
Hi Fabrizio,
I suppose you might have gone through this, however wanted to just reiterate the steps sequentially.
1. In the syslog-ng.conf file, we need to put in the IP Address of the server iView is installed on. There after, ensure that the syslog-ng.conf file has the option for 'src' set.
source src {
internal();
};
2. Then restart the syslog-ng service and see if there are any errors while running it.
3. Then for squid, ensure that the access_log line is set as:
access_ log syslog:DEBUG iview
4. Ensure that there is a file named user.log in /var/log/.
5. After that open iView -> System -> Archieves -> Live logs. Here you would find the logs as generated by squid.
Regards,
-=Srijan Nandi
Reports Web Usage not have information ( N/A ), but in Live logs have datas.
What I can do?
Thanks for help.