Skip to main content
Sumo Logic

Collect Squid Proxy Logs and Metrics for Kubernetes environments

In a Kubernetes environment, we use the Telegraf Operator, which is packaged with our Kubernetes collection.

In a Kubernetes environment, we use the Telegraf Operator, which is packaged with our Kubernetes collection. You can learn more about it here. The diagram below illustrates how data is collected from Squid Proxy in Kubernetes environments. In the architecture shown below, there are four services that make up the metric collection pipeline: Telegraf, Prometheus, Fluentd, and FluentBit.

The first service in the pipeline is Telegraf. Telegraf collects metrics from Squid Proxy. Note that we’re running Telegraf in each pod we want to collect metrics from as a sidecar deployment: i.e. Telegraf runs in the same pod as the containers it monitors. Telegraf uses the SNMP input plugin to obtain metrics. (For simplicity, the diagram doesn’t show the input plugins.) The injection of the Telegraf sidecar container is done by the Telegraf Operator. We also have Fluentbit that collects logs written to standard out and forwards them to FluentD, which in turn sends all the logs and metrics data to a Sumo Logic HTTP Source.

 

Follow the below instructions to set up the metric collection:

  1. Configure Metrics Collection
    1. Setup Kubernetes Collection with the Telegraf operator
    2. Enable SNMP agent on Squid Proxy
    3. Add annotations on your Squid Proxy pods
  2. Configure Logs Collection
    1. Configure logging in Squid Proxy.
    2. Add labels on your Squid Proxy pods to capture logs from standard output.
    3. Collecting Squid Proxy Logs from a Log file.

Prerequisites

It’s assumed that you are using the latest helm chart version if not upgrade using the instructions here.

Configure Metrics Collection

This section explains the steps to collect Squid Proxy metrics from a Kubernetes environment.

In a Kubernetes environment, we use the Telegraf Operator, which is packaged with our Kubernetes collection. You can learn more on this here. Follow the steps listed below to collect metrics from a Kubernetes environment:

  1. Setup Kubernetes Collection with the Telegraf Operator.

  2. Enable SNMP agent on Squid Proxy

By default, the SNMP agent will be disabled on squid proxy. You have to enable it. To enable the SNMP agent on squid, edit the configuration file of the squid proxy (squid.conf) and add the following section in ConfigMap that mounted to Squid Proxy pods:

acl snmppublic snmp_community public
snmp_port 3401
snmp_access allow snmppublic localhost

  1. Add annotations on your Squid Proxy pods

On your Squid Proxy Pods, add the following annotations:

 annotations:
    telegraf.influxdata.com/class: sumologic-prometheus
    prometheus.io/scrape: "true"
    prometheus.io/port: "9273"
    telegraf.influxdata.com/inputs: |+

[[inputs.snmp]]]
  agents = ["udp://127.0.0.1:3401"]
  name = "squid"
  community = "public"
  [inputs.snmp.tags]
   proxy_cluster="<Squid Proxy_TO_BE_CHANGED>"
   component="proxy"
   environment="env_TO_BE_CHANGED"
   proxy_system="squidproxy"

  [[inputs.snmp.field]]
name = "uptime"
oid = "1.3.6.1.4.1.3495.1.1.3.0"
  [[inputs.snmp.field]]
      name = "cacheMemUsage"
      oid = "1.3.6.1.4.1.3495.1.3.1.3.0"
  [[inputs.snmp.field]]
      name = "cacheCpuUsage"
      oid = "1.3.6.1.4.1.3495.1.3.1.5.0"
  [[inputs.snmp.field]]
      name = "cacheClients"
      oid = "1.3.6.1.4.1.3495.1.3.2.1.15.0"
  [[inputs.snmp.field]]
      name = "cacheProtoClientHttpRequests"
      oid = "1.3.6.1.4.1.3495.1.3.2.1.1.0"
  [[inputs.snmp.field]]
  name = "cacheHttpHits"
      oid = "1.3.6.1.4.1.3495.1.3.2.1.2.0"
  [[inputs.snmp.field]]
   name = "cacheHttpErrors"
   oid = "1.3.6.1.4.1.3495.1.3.2.1.3.0"
  [[inputs.snmp.field]]
   name = "uidcacheHttpInKb"
   oid = "1.3.6.1.4.1.3495.1.3.2.1.4.0"

  [[inputs.snmp.field]]
   name = "cacheHttpOutKb"
   oid = "1.3.6.1.4.1.3495.1.3.2.1.5.0"

  [[inputs.snmp.field]]
   name = "cacheServerInKb"
   oid = "1.3.6.1.4.1.3495.1.3.2.1.12.0"
  [[inputs.snmp.field]]
   name = "cacheServerOutKb"
   oid = "1.3.6.1.4.1.3495.1.3.2.1.13.0"
  [[inputs.snmp.field]]
   name = "cacheClients"
   oid = "1.3.6.1.4.1.3495.1.3.2.1.15.0"
  [[inputs.snmp.field]]
   name = "cacheCpuTime"
   oid = "1.3.6.1.4.1.3495.1.3.1.4.0"
  [[inputs.snmp.field]]
   name = "cacheMemMaxSize"
   oid = "1.3.6.1.4.1.3495.1.2.5.1.0"
  [[inputs.snmp.field]]
   name = "cacheServerRequests"
   oid = "1.3.6.1.4.1.3495.1.3.2.1.10.0"
  [[inputs.snmp.field]]
   name = "cacheHttpInKb"
   oid = "1.3.6.1.4.1.3495.1.3.2.1.4.0"
  [[inputs.snmp.field]]
   name = "cacheHttpOutKb"
   oid = "1.3.6.1.4.1.3495.1.3.2.1.5.0"
  [[inputs.snmp.field]]
   name = "cacheNumObjCount"
   oid = "1.3.6.1.4.1.3495.1.3.1.7.0"
  [[inputs.snmp.field]]
   name = "cacheHttpAllSvcTime1"
   oid = "1.3.6.1.4.1.3495.1.3.2.2.1.2.1"
  [[inputs.snmp.field]]
   name = "cacheDnsSvcTime1"
   oid = "1.3.6.1.4.1.3495.1.3.2.2.1.8.1"
  [[inputs.snmp.field]]
   name = "cacheHttpMissSvcTime60"
   oid = "1.3.6.1.4.1.3495.1.3.2.2.1.3.60"
  [[inputs.snmp.field]]
   name = " cacheHttpHitSvcTime60"
   oid = "1.3.6.1.4.1.3495.1.3.2.2.1.5.60"
  [[inputs.snmp.field]]
   name = "cacheIpEntries"
   oid = "1.3.6.1.4.1.3495.1.4.1.1.0"
  [[inputs.snmp.field]]
   name = "cacheIpMisses"
   oid = "1.3.6.1.4.1.3495.1.4.1.6.0"
  [[inputs.snmp.field]]
   name = "cacheVersionId"
   oid = "1.3.6.1.4.1.3495.1.2.3.0"
  [[inputs.snmp.field]]
   name = "cacheSysPageFaults"
   oid = "1.3.6.1.4.1.3495.1.3.1.1.0"
  [[inputs.snmp.field]]
   name = "cacheHttpErrors"
   oid = "1.3.6.1.4.1.3495.1.3.2.1.3.0"
  [[inputs.snmp.field]]
   name = "cacheServerErrors"
   oid = "1.3.6.1.4.1.3495.1.3.2.1.11.0"
  [[inputs.snmp.field]]
   name = "cacheCpuUsage"
   oid = "1.3.6.1.4.1.3495.1.3.1.5.0"
  [[inputs.snmp.field]]
   name = "cacheCpuTime"
   oid = "1.3.6.1.4.1.3495.1.3.1.4.0"
  [[inputs.snmp.field]]
   name = "cacheSysVMsize"
   oid = "1.3.6.1.4.1.3495.1.1.1.0"
  [[inputs.snmp.field]]
   name = "cacheSysNumReads"
   oid = "1.3.6.1.4.1.3495.1.3.1.2.0"
  [[inputs.snmp.field]]
   name = "cacheCurrentUnusedFDescrCnt"
   oid = "1.3.6.1.4.1.3495.1.3.1.10.0"
  [[inputs.snmp.field]]
   name = "cacheCurrentFileDescrCnt"
   oid = "1.3.6.1.4.1.3495.1.3.1.12.0"
  [[inputs.snmp.field]]
   name = "cacheMaxResSize"
   oid = "1.3.6.1.4.1.3495.1.3.1.6.0"
  [[inputs.snmp.field]]
   name = "cacheCurrentResFileDescrCnt"
   oid = "1.3.6.1.4.1.3495.1.3.1.11.0"
  [[inputs.snmp.field]]
   name = "cacheIpRequests"
   oid = "1.3.6.1.4.1.3495.1.4.1.2.0"
  [[inputs.snmp.field]]
   name = "cacheIpHits"
   oid = "1.3.6.1.4.1.3495.1.4.1.3.0"
  [[inputs.snmp.field]]
   name = "cacheFqdnEntries"
   oid = "1.3.6.1.4.1.3495.1.4.2.1.0"
  [[inputs.snmp.field]]
   name = "cacheFqdnRequests"
   oid = "1.3.6.1.4.1.3495.1.4.2.2.0"
  [[inputs.snmp.field]]
   name = "cacheFqdnHits"
   oid = "1.3.6.1.4.1.3495.1.4.2.3.0"
  [[inputs.snmp.field]]
   name = "cacheFqdnMisses"
   oid = "1.3.6.1.4.1.3495.1.4.2.6.0"
  [[inputs.snmp.field]]
   name = "cacheDnsRequests"
   oid = "1.3.6.1.4.1.3495.1.4.3.1.0"
  [[inputs.snmp.field]]
   name = "cacheDnsReplies"
   oid = "1.3.6.1.4.1.3495.1.4.3.2.0"
  [[inputs.snmp.field]]
   name = "cacheDnsNumberServers"
   oid = "1.3.6.1.4.1.3495.1.4.3.3.0"
  [[inputs.snmp.field]]
   name = "version"
   oid = "1.3.6.1.4.1.3495.1.2.3.0"
   is_tag = true
  [[inputs.snmp.field]]
   name = "cacheHttpAllSvcTime5"
   oid = "1.3.6.1.4.1.3495.1.3.2.2.1.2.5"
  [[inputs.snmp.field]]
   name = "cacheHttpMissSvcTime5"
   oid = "1.3.6.1.4.1.3495.1.3.2.2.1.3.5"
  [[inputs.snmp.field]]
   name = "cacheHttpHitSvcTime5"
   oid = "1.3.6.1.4.1.3495.1.3.2.2.1.5.5"
  [[inputs.snmp.field]]
   name = "cacheDnsSvcTime5"
   oid = "1.3.6.1.4.1.3495.1.3.2.2.1.8.5"

Enter in values for the following parameters (marked in bold above):

  • telegraf.influxdata.com/inputs - This contains the required configuration for the Telegraf SNMP Input plugin. Please refer to this doc for more information on configuring the SNMP input plugin for Telegraf. Note: As telegraf will be run as a sidecar the host should always be localhost.

    • In the tags section, which is [inputs.snmp.tags]

      • environment - This is the deployment environment where the Squid Proxy cluster identified by the value of servers resides. For example: dev, prod or qa. While this value is optional we highly recommend setting it. 

      • proxy_cluster - Enter a name to identify this Squid Proxy cluster. This farm name will be shown in the Sumo Logic dashboards.  

Here’s an explanation for additional values set by this configuration that we request you please do not modify as they will cause the Sumo Logic apps to not function correctly.

  • telegraf.influxdata.com/class: sumologic-prometheus - This instructs the Telegraf operator what output to use. This should not be changed.

  • prometheus.io/scrape: "true" - This ensures our Prometheus will scrape the metrics.

  • prometheus.io/port: "9273" - This tells prometheus what ports to scrape on. This should not be changed.

  • telegraf.influxdata.com/inputs

    • In the tags section, which is [inputs.snmp.tags]

      • component: “proxy” - This value is used by Sumo Logic apps to identify application components. 

      • proxy_system: “squidproxy” - This value identifies the proxy system.

For all other parameters please see this doc for more properties that can be configured in the Telegraf agent globally.

  1. Sumo Logic Kubernetes collection will automatically start collecting metrics from the pods having the labels and annotations defined in the previous step. 

  2. Verify metrics in Sumo Logic.

Configure Logs Collection

This section explains the steps to collect Squid Proxy logs from a Kubernetes environment.

  1. (Recommended Method) Add labels on your Squid Proxy pods to capture logs from standard output.

Make sure that the logs from Squid Proxy are sent to stdout. Follow the instructions below to capture Squid Proxy logs from stdout on Kubernetes.

  1. Apply following labels to the Squid Proxy pod

                        labels:
                                  environment="prod_CHANGEME"
  component="proxy"
  proxy_system=”squidproxy”
  proxy_cluster="<cluster_CHANGEME>"

Please enter in values for the following parameters (marked in bold and CHANGE_ME above):

  • environment - This is the deployment environment where the Squid Proxy cluster identified by the value of servers resides. For example:- dev, prod, or QA. While this value is optional we highly recommend setting it.
  • proxy_cluster - Enter a name to identify this Squid Proxy cluster. This farm name will be shown in the Sumo Logic dashboards. If you haven’t defined a cluster in Squid Proxy, then enter ‘default’ for proxy_cluster.

Here’s an explanation for additional values set by this configuration that we request you please do not modify as they will cause the Sumo Logic apps to not function correctly.

  • component: “proxy” - This value is used by Sumo Logic apps to identify application components. 
  • proxy_system: “squidproxy” - This value identifies the proxy system.

For all other parameters please see this doc for more properties that can be configured in the Telegraf agent globally.

  1. The Sumologic-Kubernetes-Collection will automatically capture the logs from stdout and will send the logs to Sumologic. For more information on deploying Sumologic-Kubernetes-Collection, visit here.

  2. Verify logs in Sumo Logic.

  1. (Optional) Collecting Squid Proxy Logs from a Log File
    Follow the steps below to capture Squid Proxy logs from a log file on Kubernetes.

  1. Determine the location of the Squid Proxy log file on Kubernetes. This can be determined from the squid.conf for your Squid Proxy cluster along with the mounts on the Squid Proxy pods.

  2. Install the Sumo Logic tailing sidecar operator.

  3. Add the following annotation in addition to the existing annotations.

annotations:
  tailing-sidecar: sidecarconfig;<mount>:<path_of_Squid Proxy_log_file>/<Squid Proxy_log_file_name>

Example:

annotations:
  tailing-sidecar: sidecarconfig;data:/var/log/squid/access.log
  1. Make sure that the Squid Proxy pods are running and annotations are applied by using the command: kubectl describe pod <Squid_Proxy_pod_name>

  2. Sumo Logic Kubernetes collection will automatically start collecting logs from the pods having the annotations defined above. 

  3. Verify logs in Sumo Logic.

  1. Add an FER to normalize the fields in Kubernetes environments
    Labels created in Kubernetes environments automatically are prefixed with pod_labels. To normalize these for our app to work, we need to create a Field Extraction Rule if not already created for Proxy Application Components. To do so:

  1. Go to Manage Data > Logs > Field Extraction Rules.

  2. Click the + Add button on the top right of the table.

  3. The following form appears:

clipboard_e86f6c4fa48f6f010bc551a26e9a14a70.png

  1. Enter the following options:

    1. Rule Name. Enter the name as App Observability - Proxy.
    2. Applied At. Choose Ingest Time.
    3. Scope. Select Specific Data.
    4. Scope: Enter the following keyword search expression. 
pod_labels_environment=* pod_labels_component=proxy pod_labels_proxy_cluster=* pod_labels_proxy_system=*
  • Parse Expression. Enter the following parse expression:

if (!isEmpty(pod_labels_environment), pod_labels_environment, "") as environment
| pod_labels_component as component
| pod_labels_proxy_system as proxy_system
| pod_labels_proxy_cluster as proxy_cluster

  1. Click Save to create the rule.