Skip to main content
Sumo Logic

Collect Logs for Squid Proxy

This page has instructions for setting up log collection for the Sumo App for Squid Proxy.

Step 1. Enable Squid Proxy logging

If logging is not currently enabled for the Squid Access Log, enable it.

By default, the Squid Proxy Access log file is at /usr/local/squid/var/logs/access.log

For more information on Squid Proxy access log configurations, see: 

Step 2. Configure local file source for Squid Proxy Access logs

In this step, you configure a local file source on an installed collector to collect Squid Proxy Access logs. Follow the instructions in Local File Source.

When you configure the source, plan your source category to ease the querying process. A hierarchical approach allows you to make use of wildcards when you run searches. For example:

Proxy/Squid/Access

Sample log message

Squid Proxy Access log sample

1525344856.899  16867 10.170.72.111 TCP_TUNNEL/200 6256 CONNECT logs.ap-southeast-2.amazonaws.com:443 - HIER_DIRECT/53.140.206.134 -
1525334330.556      3 10.170.72.111 TCP_MISS/301 745 GET http://artifactory.cloudops.eu-aws.com/ artifactory/api/storage/digitaltransformation-foundation-erp/sumo/sumo-content/10.1.1
 -SNAPSHOT/sumo-content-10.1.1-20180503.075718-9.zip - HIER_DIRECT/10.140.51.25 text/html
1525344561.961      0 10.100.134.137 TCP_DENIED/403 4042 CONNECT 10.140.51.25:9999 - HIER_NONE/- text/html
1525344176.822    282 10.170.72.111 TCP_MISS/404 800 POST http://sumoexampletest.com/rest/mywe...hookapp1/12345?  - HIER_DIRECT/53.140.206.134 text/html
1525344667.002  59652 10.170.72.111 TAG_NONE/503 0 CONNECT sumodeploymentengine1.ourportal.sumo.com:443 - HIER_NONE/- -