Update to 2025-07-04 09:00

roles/squid/files/acl/software_various.domains

@@ -424,5 +424,6 @@ s3.eu-central-1.amazonaws.com
 # Vector.dev
 setup.vector.dev
 yum.vector.dev
+apt.vector.dev
 s3.amazonaws.com
 keys.datadoghq.com

roles/squid/files/ufdb.te

@@ -1,4 +1,4 @@
-module ufdb 1.3;
+module ufdb 1.4;
 
 require {
         type initrc_tmp_t;
@@ -6,6 +6,7 @@ require {
         type tmp_t;
         type squid_t;
         type unconfined_service_t;
+        type var_run_t;
         class sock_file write;
         class unix_stream_socket connectto;
 }
@@ -15,3 +16,4 @@ allow squid_t initrc_t:unix_stream_socket connectto;
 allow squid_t unconfined_service_t:unix_stream_socket connectto;
 allow squid_t initrc_tmp_t:sock_file write;
 allow squid_t tmp_t:sock_file write;
+allow squid_t var_run_t:sock_file write;

roles/squid/tasks/main.yml

@@ -226,3 +226,6 @@
 
 - include_tasks: filebeat.yml
   tags: always
+
+- include_tasks: vector.yml
+  tags: always

roles/squid/tasks/vector.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Deploy vector configuration
+  template: src=vector.yml dest=/etc/vector/conf.d/squid.yml
+  tags: log,proxy,vector

roles/squid/templates/vector.yml

@@ -0,0 +1,22 @@
+---
+
+sources:
+  in_logs_squid:
+    type: file
+    include:
+      - /var/log/squid/access.log
+      - /var/log/squid/cache.log
+      - /var/log/squid/ufdbgclient.log
+      - /var/log/ufdbguard/ufdbguardd.log
+
+transforms:
+  format_logs_squid:
+    type: remap
+    inputs: ["in_logs_squid"]
+    source: |
+      if (.file == "/var/log/squid/access.log"){
+        .squid = parse_grok!(
+                   .message,
+                   "%{HTTPDATE:timestamp}\\s+%{NUMBER:response_time} %{IPORHOST:src_ip} %{NOTSPACE:squid_request_status}/%{NUMBER:http_status_code} %{NUMBER:transfer_size} %{NOTSPACE:http_method} (%{URIPROTO:url_scheme}://)?(?<url_host>\\S+?)(:%{INT:url_port})?(/%{NOTSPACE:url_path})?\\s+%{NOTSPACE:client_identity}\\s+%{NOTSPACE:peer_code}/%{NOTSPACE:peerhost}\\s+%{NOTSPACE:content_type}"
+                 )
+      }