Hi,
I'm using a combination of Squid and SquidGuard for web filtering in networks, which works quite good. Usually I deactivate Squid's logs and only keep the SquidGuard logs on.
One of my clients has a network that's a bit larger, and I have to detect some resource hogs that keep eating bandwidth. After a bit of searching, I discovered SquidAnalyzer, which is a great tool for web traffic monitoring. I have it running here in my office, and I really like it.
I wonder what's the best policy for log file handling. SquidAnalyzer reads its data from /var/log/squid/access.log. In a medium to big network, this log file can grow quite big, and I fear the worst with 1000+ simultaneous connections.
Here's the log file section in my squid.conf:
Code:
# Logs
access_log /var/log/squid/access.log squid
cache_store_log /var/log/squid/store.log
cache_log /var/log/squid/cache.log
logfile_rotate 0
How do you guys handle logs with Squid + SquidAnalyzer?