For monitoring squid proxy server with Nagios log server, we first download filter, create a filter and then configure Squid Server to send the Logs

Here at Bobcares, we have seen several such Nagios-related queries as part of our Server Management Services for web hosts and online service providers.

Today we’ll take a look at how to monitor the squid proxy server with Nagios log server.

Monitoring squid proxy server with Nagios log server

Now let’s see how our Support Engineers integrate the Squid Proxy server logs into Nagios Log Server. We look into the details of how to configure a server running Squid to send logs to the Nagios Log Server, and how to configure the Filters in the Nagios Log Server to parse the logs from Squid.

The Nagios Log Server manages logs that will allow Admins using Squid Proxy server to quickly and easily see what is accessed and request from users. Here we are considering an example which is using CentOS 7 server with a Squid Proxy server installed via yum. For this example:

• The default logs are in /var/log/squid/
• There are two log files
◦ access.log = logs web requests and results
◦ cache.log = logs the error and debug message from squid

Download Filter

As a first step, we download a filter. A Filter is how the received log data is broken up into fields that are stored in the Elasticsearch database. It makes use of regular expressions to break apart the data and hence can be quite complicated.

For that, we navigate to the following URL:

https://github.com/T-M-D/NLS-Collection/blob/master/Filters/Squid.txt

Next, we copy everything from this line to the end of the file into the clipboard:

if [program] == ‘squid_access’ {

We will paste this into the new filter that we will create in the next step.

Create Filter

Now, we open the web interface for our Nagios Log Server instance as an administrator. Next, we navigate to Configure >> Global (All Instances) >> Global Config.

On the right side of the page, we click the ‘+ Add Filter’ button and select ‘Custom’.

A new filter appears. Here we need to provide a title in the Block Name field. Then in the text area field, we paste the filter that we previously copied into our clipboard.

Finally, we click the Save button to create a new filter.

At this point, we click the Verify button to ensure the filter we just created is valid or not. Once the verification is successful, we apply the configuration. In the left pane under Configure click Apply Configuration. We click the Apply button and then click ‘Yes, Apply Now’ when prompted.

Configure Squid Server to send the Logs

Now after creating the filter, we need to configure the Squid server to send the access.log and cache.log files to the Nagios Log Server instance.

Note: In the following steps we have replaced xxx.xxx.xxx.xxx with the address of the Nagios Log Server instance that will be receiving the logs.

First, we establish a terminal session to our Nagios XI or Nagios Core server and execute the following commands:

# cd /tmp
# curl -s -O http://xxx.xxx.xxx.xxx/nagioslogserver/scripts/setup-linux.sh
# bash setup-linux.sh -s xxx.xxx.xxx.xxx -p 5544 -f /var/log/squid/access.log -t squid_access
# bash setup-linux.sh -s xxx.xxx.xxx.xxx -p 5544 -f /var/log/squid/cache.log -t squid_cache

After executing these commands the Squid server will send the Squid logs to the Nagios Log Server. So now we can search for squid on the Dashboards page and see the results coming in, confirming that everything is correctly configured.

Dashboards

Once we receive some log data we will be able to visualize that data using panels. So we start off by adding a new row. At the bottom right of the screen click the ‘+ ADD A ROW’ link.

• Here, we give the row a Title and then click the Create Row button.
• Next, we use the up arrow icon to move it to the top of the list.
• Finally, we click Save.

On the new row, we click the ‘Add panel to empty row’ button.

• Under ‘Select Panel Type’, we choose terms
• Next, we give it the title of HTTP Method
• Field = http_method
• Style = pie
• Finally, we click Save

After that, we click the ‘Add Panel’ button

• Under ‘Select Panel Type’, we choose histogram
• Next, we give it the title of Request Time. Then for the below options, we provide:
• Chart value = total
• Value Field = request_msec
• Chart Options
• Un-check Bars
• Check Lines
• Finally, we click Save

Click the ‘Add Panel’ button

• Under ‘Select Panel Type’, we choose terms
• Next, we give it the title of Protocols
• Field = protocol
• Style = table
• Click Save

[Need any further assistance with Nagios related queries? – We are here to help you]

Conclusion

Today, we saw how our Support Engineers configure the Nagios log server to use a proxy server.