Skip to main content
Sumo Logic

Collect Logs for Squid Proxy

This page has instructions for setting up log collection for the Sumo App for Squid Proxy.

Step 1. Enable Squid Proxy logging

If logging is not currently enabled for the Squid Access Log, enable it.

By default, the Squid Proxy Access log file is at /usr/local/squid/var/logs/access.log

For more information on Squid Proxy access log configurations, see: 

Step 2. Configure local file source for Squid Proxy Access logs

In this step, you configure a local file source on an installed collector to collect Squid Proxy Access logs. Follow the instructions in Local File Source.

When you configure the source, plan your source category to ease the querying process. A hierarchical approach allows you to make use of wildcards when you run searches. For example:


Sample log message

Squid Proxy Access log sample

1525344856.899  16867 TCP_TUNNEL/200 6256 CONNECT - HIER_DIRECT/ -
1525334330.556      3 TCP_MISS/301 745 GET artifactory/api/storage/digitaltransformation-foundation-erp/sumo/sumo-content/10.1.1
 -SNAPSHOT/ - HIER_DIRECT/ text/html
1525344561.961      0 TCP_DENIED/403 4042 CONNECT - HIER_NONE/- text/html
1525344176.822    282 TCP_MISS/404 800 POST  - HIER_DIRECT/ text/html
1525344667.002  59652 TAG_NONE/503 0 CONNECT - HIER_NONE/- -