Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Squid & FTP logs to centralised log server

Status
Not open for further replies.
sdabreo

sdabreo

IS-IT--Management
Oct 3, 2002
50
IN
Dear All

This is reg. Syslog server, We are using GFI events manager to collect all the logs from various devices like

win2k3 server, Linux Server, L2 & L3 switches, Routers and firewalls. I am able to capture the Linux server logs means kernal, .info etc in

My GFI application. But how do I specifically capture squid, FTP server ( linux server is acting as Proxy and FTP) in My GFI application.

to capture the basic logs from linux server i modified /etc/syslog.conf and made entry like

*.* @ my GFI application server IP

Is there any way to do that. Kindly help.

Regards
Sakthi
 
Sort by date Sort by votes
You would need to point the logging facilities in Squid and FTP to use syslog's.

Add to Squid.conf:
Code: 
access_log syslog

As for FTP, I need to know the package you are using. It can be a simple config change or we can use named pipes.

Have Fun!

 
Upvote 0 Downvote
I am using Redhat Linux Enterprise 4, I am using vsftpd service. Kindly help.
 
Upvote 0 Downvote

I have added

access_log syslog

and restarted both syslog and squid. But still nothing seems to be captured. Need help for vsftpd service also. Kindly help.
 
Upvote 0 Downvote
Reading the doc, you probably need to setup the facility like local0.info and that must be reflected in your syslog.conf file.
 
Upvote 0 Downvote
Can u pls. elaborate little more here , how to do that.
 
Upvote 0 Downvote
I don't know the defaults for squid, it would be better to force the syslog to a known facility, like local0, and set priority to like info:

access_log syslog:local0.info

Now you must tell syslog to log this into a file,
add to syslog

local0.* /var/log/squid.log

Then get both squid to reread their configuration.

You can test the syslog config by using "logger" command:

logger -p local0.info 'this is a test of local0'

which should log to /var/log/squid.log (if you added local0 to /etc/syslog.conf.

I know that vsftpd by default uses xferlog which is a standard ftp logging format. If your app can digest this log type, then you are all set. There is a option for connection logging, but this is just to debug the ftp protocol.



 
Upvote 0 Downvote
I tested , but nothing seeems to be coming to Syslog. Don't know where is the mistake. There is no much help in web..
 
Upvote 0 Downvote
Edit [blue]/etc/sysconfig/squid[/blue] and add the following options "-s -l <syslog facility>" to SQUID_OPTS and restart. Replace <syslog facility> with a proper facility for your environment.

As for vsftpd, add "syslog_enable" to [blue]/etc/vsftpd/vsftpd.conf[/blue] and restart.

BTW, all this info was easy to find. Start with the man pages and proceed from there.

Have Fun! [pipe]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MP2023
  • Locked
  • Question
mail Server
Replies
0
Views
131
MP2023
MP2023
MP2023
  • Locked
  • Question
Mail Server zimbra
Replies
0
Views
153
MP2023
MP2023
bk Patel
  • Locked
  • Question
Openscape 4000 Eco Server
Replies
3
Views
196
bk Patel
bk Patel
donald lepariku
  • Locked
  • Question
Error: 694, Severity: 24, State: 10 An attempt was made to read logical page '153', virtpage '616' f 1
Replies
3
Views
193
spamjim
spamjim
Phi_1.618
  • Locked
  • Question
Linux server
Replies
2
Views
169
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top