Proxy server logs (Squid)

It is necessary to closely follow the squid log size, because with Fedora and RHEL if that size goes over 2G, squid will crash – which I know from (bitter) personal experience (logs are in /var/log/squid).
There are two ways to regulate squid log size :
1. Regular log rotation
2. Regulate log size (amount of information that goes into them)

1. Regular log rotatio
The best way is to let logrotate daemon do the work (which is the default setup for Squid).
The configuration file for log rotation is in /etc/logrotate.d/squid, and for everyday log rotation, and keeping of the 5 last logs, it looks like this :
/var/log/squid/access.log {
daily
rotate 5
copytruncate
compress
notifempty
missingok
}
/var/log/squid/cache.log {
daily
rotate 5
copytruncate
compress
notifempty
missingok
}

/var/log/squid/store.log {
daily
rotate 5
copytruncate
compress
notifempty
missingok
# This script asks squid to rotate its logs on its own.
# Restarting squid is a long process and it is not worth
# doing it just to rotate logs
postrotate
/usr/sbin/squid -k rotate
endscript
}

2. Regulation of the log size is done through Squid configuration file : /etc/squid/squid.conf using the debug_options option.
If Squid is working as it should, and you do not need any debugging done, this option may be left hashed (inactive). Default logs are quite enough for user behaviour analysis, graphic (MySAR program, of which I will say a few words later) or direct log approach.
Short description of debug_options is given here.
Generally speaking, the most efective setting is :
debug_options ALL,1
Which debugs all areas of work, on level 1 (info)

This entry was posted in Linux and tagged . Bookmark the permalink.

Comments are closed.