On Sat, 21 Aug 2004, Christoph Haas wrote:
Well, built-in syslog only works for the cache.log so this is not an option. I wrote a Perl script called "tail2syslog" (which I provide as a Debian package but which is useful on other systems as well) which follows the changes in the access.log (like a "tail -f") and forwards them to a syslog server.
I could not resist to beat you on this one. Perl is quite nice for this kind of hacks.
#!/usr/bin/perl -w use File::Tail; use Sys::Syslog;
openlog "squid", "ndelay", "local0"; my $ref=tie *FH,"File::Tail",(name=>"/usr/local/squid/var/logs/access.log");
while (<FH>) {
chomp;
syslog "info", $_;
}Note: You may want to get rid of the Squid access timestamps. A bit redundant to both have the Squid access timestamp and the syslog timestamp.
- the script sucks a lot of CPU on busy systems (we have 60 requests per second and the script produces much higher load than Squid)
This I have a hard time buying.. perl usually isn't that slow. But on the other hand the syslog protocol is very chatty (one message per line) so maybe...
- the output will not be plain access.log output as syslog adds some data before each line (so automated statistics tools won't work without some conversion) - long log lines may get cut (if you log mime headers or have very long URLs)
And log lines may get lost if logging over network.
Regards Henrik
