[SOLVED] Squid + SquidAnalyzer: best policy for log files?

kikinovak · 10-30-2014, 02:53 PM

Hi,

I'm using a combination of Squid and SquidGuard for web filtering in networks, which works quite good. Usually I deactivate Squid's logs and only keep the SquidGuard logs on.

One of my clients has a network that's a bit larger, and I have to detect some resource hogs that keep eating bandwidth. After a bit of searching, I discovered SquidAnalyzer, which is a great tool for web traffic monitoring. I have it running here in my office, and I really like it.

I wonder what's the best policy for log file handling. SquidAnalyzer reads its data from /var/log/squid/access.log. In a medium to big network, this log file can grow quite big, and I fear the worst with 1000+ simultaneous connections.

Here's the log file section in my squid.conf:

Code:

# Logs
access_log /var/log/squid/access.log squid
cache_store_log /var/log/squid/store.log
cache_log /var/log/squid/cache.log
logfile_rotate 0

How do you guys handle logs with Squid + SquidAnalyzer?

kikinovak · 10-31-2014, 04:28 AM

I'll answer that myself, since I just found out. Best thing is to define a cronjob for rotating Squid logfiles using 'squid -k rotate'.

I've written two HOWTOs on the subject (in French, sorry):

http://www.microlinux.fr/slackware/L...quid-HOWTO.txt

http://www.microlinux.fr/slackware/L...yzer-HOWTO.txt

Cheers,

Niki