44.10. Configuring Logging

Squid writes to three separate log files—one for recording client access requests, one for cache events, and one for debugging information. The most useful is the access log file, which can be analyzed by a program like Webalizer (covered in Chapter 39) to generate reports on clients, requested URLs, and individual users. Logging is enabled by default to paths compiled into Squid, and thus is dependant upon your operating system—but you can change the destinations for log files and some details of the access log format.

To configure how and where logs are written, follow these instructions:

1.
Click on the Logging icon on the module's main page, which predictably takes you to the logging form.

2.
To change the location of the client access log file, edit the contents of the Access log file field. If Default is selected, the path compiled into Squid will be used (which may be /usr/local/squid/log/access.log or /var/log/squid/access.log).

3.
To change the location of the cache storage log, edit the Storage log file field. The default is always the store.log located in the same directory as the access.log file.

4.
To change the path to which the debug log is written, edit the Debug log file field. Again, the default is cache.log located in the same directory as access.log.

5.
Squid normally uses its own custom format for the access log. To force the use of the format used by Apache instead, change the Use HTTPD log format? field to Yes. This format may be necessary for processing by some applications, but it does not record all of the information that the default does.

6.
To have Squid write resolved client hostnames to the access log instead of just IP addresses, select Yes in the Log full hostnames? field. This avoids the need to resolve them later when generating reports, but will slow down the server due to the time that reverse DNS lookups can take.

7.
The ident or RFC931 protocol can be used to find the name of the UNIX user who is making a connection to your proxy from some remote host. Unfortunately, it is often disabled and not supported on other operating systems, so is of limited use. You can, however, configure Squid to include RFC931 user information in its access log file by selecting some of the ACLs in the Perform RFC931 ident lookups for ACLs field. You should ideally create a special Client Address ACL that matches only UNIX hosts with the ident daemon on your network and select only it.

If you do enable remote user lookups, the RFC931 ident timeout field can be used to set a maximum amount of time that Squid will wait for a response from a client. If Default is selected, the server will wait 10 seconds (at most) for a response before giving up (but will still allow the request).

8.
Click the Save button at the bottom of the page to record the changes made on this form and then click the Apply Changes link to activate them.

Many Linux packages of Squid include a configuration file for the logrotate program to have the log files rotated, compressed, and eventually deleted when they become too old. If you change the paths to the log files using the instructions above, rotation will no longer be done and the logs will consume an unlimited amount of disk space. On a busy system, this could lead to a shortage of space on the logging filesystem that would be avoided if rotation were in effect.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.147.103.227