Squid
Squid normalizes Squid events and enables you to analyze the data using pre-set dashboard views. You can further customize the dashboard and searches to perform in-depth analysis.
To send data to Logpoint:
-
Send the data to the local Syslog facility of the server:
access_log syslog:local1.info logpoint
-
Send the events to Logpoint:
access_log udp://172.16.48.130:514 logpoint
Package Details
-
Dashboard Packages
- LP_Squid
- LP_Squid General
-
Label Package
- LP_Squid
-
Normalization Packages
- LP_Squid dynamic
- LP_Squid
Bug Fixes
|
Description |
Issue ID |
|---|---|
| The Squid normalizer did not normalize the User-Agent field. | PLUG-15819 |
| In some cases, Squid event logs were not normalized because the date and time in the log header (log_ts) were not parsed correctly. | PLUG-17214 |
Installation
- Download the Squid package from the Download section above.
- Add Squid as the required device in Logpoint.
- Create a collection policy with the Syslog collector and appropriate processing policy.
- Assign the policy to the device.
- Add the dashboard.
Screenshots
Supported Devices
- Squid Cache v2.6 and later
Squid Configuration File
logformat logpoint source_address="%>a" source_host="%>A" source_hardware_address="%>eui" destination_address="%<a" destination_host="%<A" destination_port="%<p" log_ts="%ts" dns_wait="%dt" transaction_time="%tr" user="%un" request_method="%>rm" url="%ru" domain="%<A" datasize="%st" sent_datasize="%>st" received_datasize="%<st" status_code="%>Hs" adapt_datasize="%<st" total_time="%<tt" proxy_status="%Ss"
Log Sample
<182>Sep 22 15:45:41 prx006 squid[21198]: 1442951141.082 28 10.162.10.206 TCP_MISS/301 677 GET http://www.xyz.com/milestone/images/xyz_milestone_letter_header.jpg clhcrco DEFAULT_PARENT/proxy147.xyz.com text/html <166>Mar 12 19:19:29 proxyA squid[1563]: 1363112368.695 64027 1.1.1.0 TCP_MISS/200 15785 CONNECT xyz.com:443 - DIRECT/1.1.1.1 adfdf
Support
If you have any queries or require assistance, create a support ticket.
Comments
Article is closed for comments.