Page MenuHomePhabricator

Adding the remote syslog feature to webproxy
Open, Requires assessmentPublicFEATURE REQUEST

Description

Per a ticket request, Squid has the option to accept a remote syslog server.

There would be two options:

  • use rsyslog
  • use built-in squid option.

Path of least resistance was to integrate the built-in option

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible

Event Timeline

kroy created this task.Mon, Oct 14, 7:16 PM
kroy added a comment.Mon, Oct 14, 7:20 PM
This comment was removed by kroy.
c-po added a subscriber: c-po.EditedMon, Oct 14, 7:46 PM

I would rather prefer it to send messages to local syslog and then distribute it to remote hosts. Otherwise we have an async syslog interface.

Also this option os squid related - if we change the proxy in the future will it still work?

Also with using local syslog the user does not need to configure additional server(s).

kroy added a comment.Mon, Oct 14, 8:26 PM

This PR should address those concerns

runar added a subscriber: runar.Mon, Oct 14, 8:40 PM

Because the amount of logs from this system could be enormous, Is it possible to move these logs to another syslog file to not overcroud the main syslog file?

kroy added a comment.Mon, Oct 14, 9:17 PM

To be fair, that’s what prompted this. The logs go to a different file already.

I imagine I could generate an rsyslog config to read the separate file instead

kroy added a comment.Tue, Oct 15, 4:36 AM

Okay, after working with this for a while, I believe the whole 'vyatta-webproxy` should be a candidate for deletion in equuleus (see T1732).

With that said, the whole goal here was to address an issue in a ticket to allow remote logging of Squid data.

  1. The easy option is about four lines of changes to expose the native Squid option as a configuration option to log to a remote syslog server.
  2. The next easy option is to pass Squid logs into rsyslog. This would allow them to be picked up by the remote syslog option. This is ugly because /var/log/message becomes hugely polluted with data.

Any other option requires modifying multiple modules, probably for a feature that it not used much if ever, and as mentioned, I feel like this module should be removed completely in the future.

KKUL added a subscriber: KKUL.Tue, Oct 15, 8:17 AM