Re: [squid-users] log server

From: Henrik Nordstrom <[email protected]>
Date: Sun, 22 Aug 2004 02:06:03 +0200 (CEST)

On Sat, 21 Aug 2004, Christoph Haas wrote:

> Well, built-in syslog only works for the cache.log so this is not an
> option. I wrote a Perl script called "tail2syslog" (which I provide as a
> Debian package but which is useful on other systems as well) which
> follows the changes in the access.log (like a "tail -f") and forwards
> them to a syslog server.

I could not resist to beat you on this one. Perl is quite nice for this
kind of hacks.

#!/usr/bin/perl -w
use File::Tail;
use Sys::Syslog;

openlog "squid", "ndelay", "local0";
my $ref=tie *FH,"File::Tail",(name=>"/usr/local/squid/var/logs/access.log");

while (<FH>) {
     chomp;
     syslog "info", $_;
}

Note: You may want to get rid of the Squid access timestamps. A bit
redundant to both have the Squid access timestamp and the syslog
timestamp.

> - the script sucks a lot of CPU on busy systems (we have 60 requests
> per second and the script produces much higher load than Squid)

This I have a hard time buying.. perl usually isn't that slow. But on the
other hand the syslog protocol is very chatty (one message per line) so
maybe...

> - the output will not be plain access.log output as syslog adds some
> data before each line (so automated statistics tools won't work
> without some conversion)
> - long log lines may get cut (if you log mime headers or have very
> long URLs)

And log lines may get lost if logging over network.

Regards
Henrik
Received on Sat Aug 21 2004 - 18:06:05 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Sep 01 2004 - 12:00:02 MDT