Skip to main content
Sumo Logic

Install the Squid Proxy Monitors, App, and view the Dashboards

This page provides instructions for installing the Squid Proxy App, as well as examples of each of the App dashboards. These instructions assume you have already set up the collection as described in the Collect Logs and Metrics for the Squid Proxy App page.

Pre-Packaged Alerts

Sumo Logic has provided out-of-the-box alerts available through Sumo Logic monitors to help you monitor your Squid Proxy farms. These alerts are built based on metrics and logs datasets and include preset thresholds based on industry best practices and recommendations.

For details on the individual alerts, see this page.

Installing Monitors

  • To install these alerts, you need to have the Manage Monitors role capability.
  • Alerts can be installed by either importing a JSON file or a Terraform script.
Install the monitors by importing a JSON file Method
  1. Download the JSON file that describes the monitors. 
  2. The JSON contains the alerts that are based on Sumo Logic searches that do not have any scope filters and therefore will be applicable to all Squid Proxy clusters, the data for which has been collected via the instructions in the previous sections.  However, if you would like to restrict these alerts to specific farms or environments, update the JSON file by replacing the text proxy_system=squidproxy with '<Your Custom Filter>.  

Custom filter examples: 

  1. For alerts applicable only to a specific farm, your custom filter would be ‘proxy_cluster=squidproxy-standalone.01‘.
  2. For alerts applicable to all cluster that start with squidproxy-standalone, your custom filter would be 'proxy_cluster=squidproxy-standalone*'.
  3. For alerts applicable to a specific farm within a production environment, your custom filter would be proxy_cluster=squidproxy-1 and environment=standalone (This assumes you have set the optional environment tag while configuring collection).
  4. Go to Manage Data > Alerts > Monitors.
  5. Click Add:
    Add monitors page.png
  6. Click Import and then copy-paste the above JSON to import monitors.
Install the alerts using a Terraform script Method
  1. Generate a Sumo Logic access key and ID.
    Generate an access key and access ID for a user that has the Manage Monitors role capability in Sumo Logic using these instructions. Identify which deployment your Sumo Logic account is in, using this link.
  2. Download and install Terraform 0.13 or later. 
  3. Download the Sumo Logic Terraform package for Squid Proxy alerts.
    The alerts package is available in the Sumo Logic GitHub repository. You can either download it through the “git clone” command or as a zip file. 
  4. Alert Configuration. 
    After the package has been extracted, navigate to the package directory terraform-sumologic-sumo-logic-monitor/monitor_packages/SquidProxy/.

    Edit the squidproxy.auto.tfvars file and add the Sumo Logic Access Key, Access Id and Deployment from Step 1.

access_id   = "<SUMOLOGIC ACCESS ID>"
access_key  = "<SUMOLOGIC ACCESS KEY>"
environment = "<SUMOLOGIC DEPLOYMENT>"

The Terraform script installs the alerts without any scope filters, if you would like to restrict the alerts to specific farms or environments, update the variable ’squidproxy_data_source’. Custom filter examples: 

  1. A specific cluster squidproxy_cluster=squidproxy.standalone.01’.
  2. All clusters in an environment environment=standalone'.
  3. For alerts applicable to all cluster that start with squidproxy-standalone, your custom filter would be ‘proxy_cluster=squidproxy-standalone*’.
  4. For alerts applicable to a specific farm within a production environment, your custom filter would be, proxy_system=squidproxy and environment=standalone (This assumes you have set the optional environment tag while configuring collection).

All monitors are disabled by default on installation, if you would like to enable all the monitors, set the parameter monitors_disabled to false in this file.

By default, the monitors are configured in a monitor folder called “SquidProxy”, if you would like to change the name of the folder, update the monitor folder name in “folder” key at squidproxy.auto.tfvars file.

If you would like the alerts to send email or connection notifications, configure these in the file squidproxy_notifications.auto.tfvars. For configuration examples, refer to the next section.

  1. Email and Connection Notification Configuration Examples.
    Modify the file squidproxy_notifications.auto.tfvars and populate connection_notifications and email_notifications as per below examples.
Pagerduty Connection Example
connection_notifications = [
    {
      connection_type       = "PagerDuty",
      connection_id         = "<CONNECTION_ID>",
      payload_override      = "{\"service_key\": \"your_pagerduty_api_integration_key\",\"event_type\": \"trigger\",\"description\": \"Alert: Triggered {{TriggerType}} for Monitor {{Name}}\",\"client\": \"Sumo Logic\",\"client_url\": \"{{QueryUrl}}\"}",
      run_for_trigger_types = ["Critical", "ResolvedCritical"]
    },
    {
      connection_type       = "Webhook",
      connection_id         = "<CONNECTION_ID>",
      payload_override      = "",
      run_for_trigger_types = ["Critical", "ResolvedCritical"]
    }
  ]

Replace <CONNECTION_ID> with the connection id of the webhook connection. The webhook connection id can be retrieved by calling the Monitors API.

For overriding payload for different connection types, refer to this document.

Email Notifications Example
email_notifications = [
    {
      connection_type       = "Email",
      recipients            = ["abc@example.com"],
      subject               = "Monitor Alert: {{TriggerType}} on {{Name}}",
      time_zone             = "PST",
      message_body          = "Triggered {{TriggerType}} Alert on {{Name}}: {{QueryURL}}",
      run_for_trigger_types = ["Critical", "ResolvedCritical"]
    }
  ]
  1. Install the Alerts
    1. Navigate to the package directory terraform-sumologic-sumo-logic-monitor/monitor_packages/SquidProxy/ and run terraform init. This will initialize Terraform and will download the required components.
    2. Run terraform plan to view the monitors which will be created/modified by Terraform.
    3. Run terraform apply.
  2. Post Installation
    If you haven’t enabled alerts and/or configured notifications through the Terraform procedure outlined above, we highly recommend enabling alerts of interest and configuring each enabled alert to send notifications to other users or services. This is detailed in Step 4 of this document.

Install the Sumo Logic App

This section demonstrates how to install the Squid Proxy App.

To install the app:

Locate and install the app you need from the App Catalog. If you want to see a preview of the dashboards included with the app before installing, click Preview Dashboards.

  1. From the App Catalog, search for and select the app. 
  2. Select the version of the service you're using and click Add to Library.
  1. To install the app, complete the following fields.

    1. App Name. You can retain the existing name, or enter a name of your choice for the app.

    2. Data Source. 
      1. Choose Enter a Custom Data Filter, and enter a custom Squid Proxy cluster filter. Examples: 
        1. For all Squid Proxy clusters
          proxy_cluster=*.
        2. For a specific farm
          proxy_cluster=squidproxy.dev.01.
        3. Clusters within a specific environment
          proxy_cluster=squidproxy.dev.01 and environment=prod
          (This assumes you have set the optional environment tag while configuring collection).
    3. Advanced. Select the Location in Library (the default is the Personal folder in the library), or click New Folder to add a new folder.
    4. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. 

Panels will start to fill automatically. It's important to note that each panel slowly fills with data matching the time range query and received since the panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps.

Dashboard Filter with Template Variables 

Template variables provide dynamic dashboards that rescope data on the fly. As you apply variables to troubleshoot through your dashboard, you can view dynamic changes to the data for a fast resolution to the root cause. For more information, see the Filter with template variables help page.

Dashboards

Squid Proxy - Overview

The Squid Proxy - Overview dashboard provides an at-a-glance view of the activity and health of the SquidProxy clusters and servers by monitoring uptime, number of current clients, latency, bandwidth, destination locations, error and denied requests, URLs accessed.

Use this dashboard to:

  • Gain insights into information about the destination location your intranet frequently visits by region.
  • Gain insights into your Squid Proxy health using Latency, HTTP Errors, Status codes of Squid Proxy Servers.
  • Get insights into information about  Uptime and bandwidth of Squid Proxy servers.
  • Get insights into information about the web browsing behavior of users using Top accessed URLs, denied URLs, 4xx errors URLs, 5xx errors URLs, and top remote hosts.

Squid Proxy - Protocol

The Squid Proxy -  Protocol dashboard provides an insight into the protocols of clusters: the number of HTTP requests, HTTP errors, total bytes transferred, the number of HTTP requests per second, the number of HTTP's bytes per second.

Use this dashboard to:

  • Get detailed information about the total number of requests from clients, the total number of HTTP errors sent to clients, the total number of bytes transferred on servers, total number of bytes sent to clients
  • Get insights into information about HTTP requests, HTTP errors, bandwidth transferred over time.

Squid Proxy - Performance

The Squid Proxy -  Performance dashboard provides an insight into the workload of clusters, the number of page faults IO,  percent of file descriptor used, number of memory used, the time for all HTTP requests, the number of objects in the cache, the CPU time.

Use this dashboard to:

  • Gain insights into the workload of squid proxy servers such as percent of file descriptors used, memory usage, CPU time consumed.
  • Gain insights into the read and write status of squid proxy servers such as Page Faults IO, HTTP I/O number of reading, the number of objects stored, the average of time response.

Squid Proxy - IP Domain DNS Statistics

The Squid Proxy -  IP Domain DNS Statistics dashboard provides a high-level view of the number of IPs,  the number of FQDN, rate requests cache according to FQDN, rate requests cache according to IPs, the number of DNS queries, time for DNS query.

Use this dashboard to:

  • Gain insights into IPs accessed statistics: IP Cache Entries, Number and rate of IP Cache requests, Number and rate of IP Cache hits.
  • Gain insights into Domain Name (FQDN) statistics: FQDN Cache Entries, Number of FQDN Cache misses, Number and rate of FQDN Cache requests, Number of FQDN Cache Negative Hits.
  • Gain insights into DNS Lookup statistics: Number of External DNS Server Requests, Average Time For  DNS Service, Number of External DNS Server Replies.

Squid Proxy - Activity Trend

The Squid Proxy - Activity Trend dashboard provides trends around denied request trend, action trend, time spent to serve, success and non-success response, remote hosts.

Use this dashboard to:

  • Gain insights into the average amount of time it takes to serve a request and the kind of method the request was.
  • Gain insights into  the average time spent to serve requests, the megabytes served, the  trends in requests by actions, the count of successful 2xx and non 2xx response actions.
  • Gain insights into  the trends in the number of denied requests, the remote hosts traffic by requests, the remote hosts traffic by data volume.

Squid Proxy - HTTP Response Analysis

The Squid Proxy -  HTTP Response Analysis dashboard provides insights into HTTP response, HTTP code, the number of client errors, server errors, redirections outlier, URLs experiencing server errors.

Use this dashboard to:

  • Gain insights into the count of HTTP responses, such as redirections, successes, client errors, or server errors, on an area chart.
  • Gain insights into client error URLs with information fields: URL, status code, and event count.
  • Get detailed information on any outliers in redirection, client error, server error  events on a line chart with thresholds

Squid Proxy - Quality of Service

The Squid Proxy -  Quality of Service dashboard provides insights into latency, the response time of requests according to HTTP action, and the response time according to location.

Use this dashboard to:

  • To identify locations with slow average request response times.
  • Gain insights into the response times according to HTTP actions