Webproxy (squid) log format

system · February 3, 2015, 9:56pm

Hi,
If anyone knows how to change the format of the log in webproxy based on squid in vyos?
Webproxy feature works very well but the time mark in logs are useless - it shows start time, not real local time of action.

In normal squid we can modify squid.conf file by adding:
logformat squid %tl %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt

when we use squid template as default:
access_log /var/log/squid/access.log squid

But when I’m doing this in vyos, it does not takes any effect (of course I restarted squid service).
And the other thing: after modification and saving squid.conf file in vyos, the modified file remains to restart vyos - after system restart, it again is the default.

Does anyone have any idea how to solve this?

cgb · February 4, 2015, 1:56am

Doesn’t look like it without some hacks or a custom build:

root@guestfw01:/opt# show version  | grep '^Version'
Version:      VyOS 1.1.2
root@guestfw01:/opt# find /opt | grep proxy | xargs egrep '(access_log|logformat)'
/opt/vyatta/sbin/vyatta-update-webproxy.pl:	$output .= "access_log none\n\n";
/opt/vyatta/sbin/vyatta-update-webproxy.pl:	$output .= "access_log $squid_log squid\n\n";

A reasonable method for vyos to support custom configs without needing CLI support is to have /etc/squid/squid.conf include a config file in the persistent config location (/opt/vyatta/etc/config).

To get something working, you could write a simple daemon that is started by /opt/vyatta/etc/config/scripts/vyatta-postconfig-bootup.script that ensures a required line exists in /etc/squid/squid.conf and performs a squid init reload.

HTH

Chris

system · February 4, 2015, 9:18pm

Thanks, Chris!
I found quick solution - my modification:

In file:
/opt/vyatta/sbin/vyatta-update-webproxy.pl

Line 241
From:
$output .= “access_log $squid_log squid\n\n”;
To:
$output .= “access_log $squid_log common\n\n”;

After system reboot, it automatically modifies the squid.conf file.

Results:
With squid logformat:
[size=small]1422997962.563 66 10.0.0.10 TCP_MISS/200 20492 GET http://www.googletagmanager.com/gtm.js? - DIRECT/173.194.113.62 text/javascript[/size]
With common logformat:
[size=small]10.0.0.10 - - [04/Feb/2015:21:16:49 +0100] “GET http://platform.twitter.com/widgets.js HTTP/1.1” 304 560 TCP_REFRESH_UNMODIFIED:DIRECT[/size]

For me much better.

BTW. I do not know why “combined” logformat does not work in vyos - it is implemented in basic squid like this two above…

cgb · February 5, 2015, 12:42pm

I should have been clearer when I said persistent. I meant persistent across image upgrades. Your change will survive reboots, but not an image upgrade.

Changes made on boot or a daemon launched from /opt/vyatta/etc/config/scripts/vyatta-postconfig-bootup.script will continue to work after an image upgrade.

Not sure why the combined option doesn’t work. Glad you got something working though.