Squid
The Squid application normalizes Squid events and enables you to analyze the data using pre-set dashboard views. You can further customize the dashboard and searches to perform in-depth analysis.
Package Details
The application consist of the following components:
-
Dashboard Packages
- LP_Squid
- LP_Squid General
-
Label Package
- LP_Squid
-
Normalization Packages
- LP_Squid dynamic
- LP_Squid
Enhancement
A minor update has been done in the application’s normalizer for better signature handling.
Installation
Follow these steps to install the Squid v5.0.1 application:
- Download the Squid package from the Download section above.
- Add Squid as the required device in LogPoint.
- Create a collection policy with the Syslog collector and appropriate processing policy.
- Assign the policy to the device.
- Add the dashboard.
Screenshots
Supported Devices
The supported devices of Squid with LogPoint in this configuration are:
- Squid Cache v2.6 and later
Squid Configuration File
logformat logpoint source_address="%>a" source_host="%>A" source_hardware_address="%>eui" destination_address="%<a" destination_host="%<A" destination_port="%<p" log_ts="%ts" dns_wait="%dt" transaction_time="%tr" user="%un" request_method="%>rm" url="%ru" domain="%<A" datasize="%st" sent_datasize="%>st" received_datasize="%<st" status_code="%>Hs" adapt_datasize="%<st" total_time="%<tt" proxy_status="%Ss"
Log Sample
<182>Sep 22 15:45:41 prx006 squid[21198]: 1442951141.082 28 10.162.10.206 TCP_MISS/301 677 GET http://www.xyz.com/milestone/images/xyz_milestone_letter_header.jpg clhcrco DEFAULT_PARENT/proxy147.xyz.com text/html <166>Mar 12 19:19:29 proxyA squid[1563]: 1363112368.695 64027 1.1.1.0 TCP_MISS/200 15785 CONNECT xyz.com:443 - DIRECT/1.1.1.1 adfdf
Use the following methods to send data to LogPoint:
- Send the data to the local Syslog facility of the server:
access_log syslog:local1.info logpoint
2. send the events directly to LogPoint:
access_log udp://172.16.48.130:514 logpoint
Package Details
The application consist of the following components:
-
Dashboard Packages
- LP_Squid
- LP_Squid General
-
Label Package
- LP_Squid
-
Normalization Packages
- LP_Squid dynamic
- LP_Squid
Enhancement
A minor update has been done in the application’s normalizer for better signature handling.
Installation
Follow these steps to install the Squid v3.7.0 application:
- Download the Squid package from the Download section above.
- Add Squid as the required device in LogPoint.
- Create a collection policy with the Syslog collector and appropriate processing policy.
- Assign the policy to the device.
- Add the dashboard.
Screenshots
Supported Devices
The supported devices of Squid with LogPoint in this configuration are:
- Squid Cache v2.6 and later
Squid Configuration File
logformat logpoint source_address="%>a" source_host="%>A" source_hardware_address="%>eui" destination_address="%<a" destination_host="%<A" destination_port="%<p" log_ts="%ts" dns_wait="%dt" transaction_time="%tr" user="%un" request_method="%>rm" url="%ru" domain="%<A" datasize="%st" sent_datasize="%>st" received_datasize="%<st" status_code="%>Hs" adapt_datasize="%<st" total_time="%<tt" proxy_status="%Ss"
Log Sample
<182>Sep 22 15:45:41 prx006 squid[21198]: 1442951141.082 28 10.162.10.206 TCP_MISS/301 677 GET http://www.xyz.com/milestone/images/xyz_milestone_letter_header.jpg clhcrco DEFAULT_PARENT/proxy147.xyz.com text/html <166>Mar 12 19:19:29 proxyA squid[1563]: 1363112368.695 64027 1.1.1.0 TCP_MISS/200 15785 CONNECT xyz.com:443 - DIRECT/1.1.1.1 adfdf
Use the following methods to send data to LogPoint:
- Send the data to the local Syslog facility of the server:
access_log syslog:local1.info logpoint
2. send the events directly to LogPoint:
access_log udp://172.16.48.130:514 logpoint
Support
If you have any queries or require assistance, please feel free to contact our support team:
Email: servicedesk@logpoint.com
Phone: +45 7060 6100
Best regards,
Comments
Article is closed for comments.