C'mon guys, gimmie a hint here :(

Hi,

Still trying to understand why sarg does not report blocked sites, according to "sarg -xz" output block.log is empty but it is not.

Thx for your help

wc -l /var/squidGuard/log/block.log     502 /var/squidGuard/log/block.log 2016-01-05 17:08:44 [82855] Request(default/blk_blacklists_games/-) 1.gravatar.com:443 IP/- - CONNECT REDIRECT sarg -xz SARG: Init SARG: Loading configuration from /usr/local/etc/sarg/sarg.conf SARG: TAG: access_log /var/squid/logs/access.log SARG: TAG: graphs yes SARG: TAG: output_dir /usr/local/sarg-reports SARG: TAG: anonymous_output_files no SARG: TAG: resolve_ip yes SARG: Chaining IP resolving module "dns" SARG: TAG: user_ip no SARG: TAG: topuser_sort_field BYTES normal SARG: TAG: user_sort_field BYTES normal SARG: TAG: exclude_users /usr/pbi/sarg-amd64/etc/sarg/exclude_users.conf SARG: TAG: exclude_hosts /usr/pbi/sarg-amd64/etc/sarg/exclude_hosts.conf SARG: TAG: date_format e SARG: TAG: lastlog 0 SARG: TAG: remove_temp_files yes SARG: TAG: index yes SARG: TAG: index_tree file SARG: TAG: overwrite_report no SARG: TAG: use_comma yes SARG: TAG: exclude_codes /usr/pbi/sarg-amd64/etc/sarg/exclude_codes SARG: TAG: max_elapsed 0 SARG: TAG: report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads SARG: TAG: usertab none SARG: TAG: long_url no SARG: TAG: date_time_by bytes SARG: TAG: charset UTF-8 SARG: TAG: privacy no SARG: TAG: bytes_in_sites_users_report no SARG: TAG: topuser_num 0 SARG: TAG: dansguardian_conf SARG: TAG: squidguard_conf /usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf SARG: TAG: redirector_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end# SARG: TAG: show_sarg_info no SARG: TAG: show_sarg_logo no SARG: TAG: displayed_values bytes SARG: TAG: authfail_report_limit 0 SARG: TAG: denied_report_limit 0 SARG: TAG: siteusers_report_limit 0 SARG: TAG: user_report_limit 0 SARG: TAG: squidguard_report_limit 0 SARG: TAG: www_document_root /usr/local/www SARG: TAG: ntlm_user_format domainname+username SARG: TAG: realtime_refresh_time 0 SARG: TAG: realtime_types GET,PUT,CONNECT SARG: TAG: realtime_unauthenticated_records show SARG: TAG: sorttable /sarg_sorttable.js SARG: TAG: hostalias /usr/pbi/sarg-amd64/etc/sarg/hostalias SARG: Loading exclude host file from: /usr/pbi/sarg-amd64/etc/sarg/exclude_hosts.conf SARG: Loading exclude file from: /usr/pbi/sarg-amd64/etc/sarg/exclude_users.conf SARG: Reading host alias file "/usr/pbi/sarg-amd64/etc/sarg/hostalias" SARG: List of host names to alias: SARG: Parameters: SARG:          Hostname or IP address (-a) = SARG:                    Useragent log (-b) = SARG:                    Exclude file (-c) = /usr/pbi/sarg-amd64/etc/sarg/exclude_hosts.conf SARG:                  Date from-until (-d) = SARG:    Email address to send reports (-e) = SARG:                      Config file (-f) = /usr/local/etc/sarg/sarg.conf SARG:                      Date format (-g) = Europe (dd/mm/yyyy) SARG:                        IP report (-i) = No SARG:            Keep temporary files (-k) = No SARG:                        Input log (-l) = /var/squid/logs/access.log SARG:              Resolve IP Address (-n) = Yes SARG:                      Output dir (-o) = /usr/local/sarg-reports/ SARG: Use Ip Address instead of userid (-p) = No SARG:                    Accessed site (-s) = SARG:                            Time (-t) = SARG:                            User (-u) = SARG:                    Temporary dir (-w) = /tmp/sarg SARG:                  Debug messages (-x) = Yes SARG:                Process messages (-z) = Yes SARG:  Previous reports to keep (--lastlog) = 0 SARG: SARG: sarg version: 2.3.9 Sep-21-2014 SARG: Reading access log file: /var/squid/logs/access.log SARG: Records in file: 2397, reading: 100.00% SARG:    Records read: 2397, written: 2397, excluded: 0 SARG: Squid log format SARG: (info) date=06/01/2016 SARG: (info) period=06 Jan 2016 SARG: Period: 06 Jan 2016 SARG: File /usr/local/sarg-reports/06Jan2016-06Jan2016 already exists, moved to /usr/local/sarg-reports/06Jan2016-06Jan2016.1 SARG: (info) outdirname=/usr/local/sarg-reports/06Jan2016-06Jan2016 SARG: Sorting log /tmp/sarg/IP.user_unsort SARG: Making file: /tmp/sarg/IP SARG: Sorting log /tmp/sarg/IP.user_unsort SARG: Making file: /tmp/sarg/IP SARG: Sorting log /tmp/sarg/IP.user_unsort SARG: Making file: /tmp/sarg/IP SARG: Sorting log /tmp/sarg/IP.user_unsort SARG: Making file: /tmp/sarg/IP SARG: Sorting log /tmp/sarg/IP.user_unsort SARG: Making file: /tmp/sarg/IP SARG: Sorting log /tmp/sarg/IP.user_unsort SARG: Making file: /tmp/sarg/IP SARG: Sorting log /tmp/sarg/IP.user_unsort SARG: Making file: /tmp/sarg/IP SARG: Sorting log /tmp/sarg/IP.user_unsort SARG: Making file: /tmp/sarg/IP SARG: Sorting log /tmp/sarg/IP.user_unsort SARG: Making file: /tmp/sarg/IP SARG: Sorting log /tmp/sarg/IP.user_unsort SARG: Making file: /tmp/sarg/IP SARG: Sorting log /tmp/sarg/IP.user_unsort SARG: Making file: /tmp/sarg/IP SARG: (info) Dansguardian report not produced because no dansguardian configuration file was provided SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Hour string too long in redirector log file /var/squidGuard/log/block.log SARG: Hour string too long in redirector log file /var/squidGuard/log/block.log SARG: Hour string too long in redirector log file /var/squidGuard/log/block.log SARG: Hour string too long in redirector log file /var/squidGuard/log/block.log SARG: Hour string too long in redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Reading redirector log file /var/squidGuard/log/block.log SARG: Sorting file: /tmp/sarg/redirector.int_log SARG: (info) No downloaded files to report SARG: (info) Denied report not produced because it is empty SARG: (info) Authentication failures report not produced because it is empty SARG: (info) Redirector report not generated because it is empty SARG: Sorting file: /tmp/sarg/IP.utmp SARG: Making report: IP SARG: Sorting file: /tmp/sarg/IP.utmp SARG: Making report: IP7 SARG: Sorting file: /tmp/sarg/IP.utmp SARG: Making report: IP SARG: Sorting file: /tmp/sarg/IP.utmp SARG: Making report: IP SARG: Sorting file: /tmp/sarg/IP.utmp SARG: Making report: IP SARG: Sorting file: /tmp/sarg/IP.utmp SARG: Making report: IP SARG: Sorting file: /tmp/sarg/IP.utmp SARG: Making report: IP SARG: Sorting file: /tmp/sarg/IP.utmp SARG: Making report: IP SARG: Sorting file: /tmp/sarg/IP.utmp SARG: Making report: IP SARG: Sorting file: /tmp/sarg/IP.utmp SARG: Making report: IP SARG: Sorting file: /tmp/sarg/IP.utmp SARG: Making report: IP SARG: Making index.html SARG: Successful report generated on /usr/local/sarg-reports/06Jan2016-06Jan2016 SARG: Purging temporary file sarg-general SARG: End

If you're already using Shallalist, have you tried blocking the blk_BL_adv category?  That's ads.

where and how can i see
if i Loses connection to the Internet

Maybe my link does not work well

Download begins high speed 2Mb
Drops to 1.1Mb and 500 KBs and stop

i try from another computer on my lan
same result

how can i fix  the problem ??

Thanks for the reply,
Really good stuff, one more questions been looking to implement WPAD, but what if window server 2012r2 handles the DHCP would i need to DMZ to forward it to pfSense to run the DHCP?

Thank you

edit:

So i think i figured it out instead of of adding the WPAD directions on pfSense DHCP I would do it though windows server

Open the DHCP console
Server 2012:
Click Add…
Name: WPAD
Data type: String
Code: 252
In the String Value box, type the URL of the PAC file (eg: http://192.168.3.254:8085/wpad.dat
http://192.168.3.254:8085/wpad.da
http://192.168.3.254:8085/proxy.pac
)
Right click Server Options and click Configure Options
Confirm that 252 – WPAD is ticked and contains the correct URL
Right Click Scope Options and click Configure Options
Scroll Down and tick 252 – WPAD
Click OK

@cmb:

Probably ought to leave them alone if it finds the job and just its time is different.

That's the behaviour I expected but times are changed back to the default.

This problem applies to more cron jobs: squid log rotate, clam-av virus update, etc.

What is a proper workaround?
make shell scripts that execute the php jobs and add them to cron?

Does anyone know a better solution? (because this solution means maintenance with each future release)

Digging up an old thread here but I am having issues caching comodo antivirus definitions

TCP_CLIENT_REFRESH_MISS/200 http://cdn.download.comodo.com/cis/download/installs/cmc3/forest.xml - 198.41.209.106 TCP_MISS/302 http://download.comodo.com/cis/download/installs/cmc3/forest.xml - 178.255.82.5 TCP_MISS/404 http://download.comodo.com/cis/download/installs/cmc3/affiliates/6100/forest.xml - 178.255.82.5 TCP_CLIENT_REFRESH_MISS/200 http://cdn.download.comodo.com/cis/download/updates/release/inis_4020/cis_update_x64.xml.7z - 198.41.209.106 TCP_MISS/302 http://download.comodo.com/cis/download/updates/release/inis_4020/cis_update_x64.xml.7z - 178.255.82.5 TCP_CLIENT_REFRESH_MISS/200 http://cdn.download.comodo.com/cis/download/updates/release/inis_4020/recognizers/proto_v6/cmdscope_update_x64.xml.7z - 198.41.209.106 TCP_MISS/302 http://download.comodo.com/cis/download/updates/release/inis_4020/recognizers/proto_v6/cmdscope_update_x64.xml.7z - 178.255.82.5 TCP_CLIENT_REFRESH_MISS/200 http://cdn.download.comodo.com/av/updatesurl/versioninfo.ini - 198.41.209.106 TCP_MISS/302 http://download.comodo.com/av/updatesurl/versioninfo.ini - 178.255.82.5 TCP_CLIENT_REFRESH_MISS/200 http://cdn.download.comodo.com/av/updates58/versioninfo.ini - 198.41.209.106

No custom ACLS

You can create a set of custom ACLs to control which clients can access the internet through squid. You need to create the following in the Custom ACLS (Before Auth) box under Advanced features in the squid proxy configuration:

## Allow internet access for specific LAN clients acl internet_access_allowed src <ips and="" ip="" ranges="" to="" allow="" internet="" access="" for=""> http_access allow internet_access_allowed ## Allow access for pfSense firewall http_access allow localhost ##Block internet access for all other LAN traffic http_access deny all</ips>

You may still need to use firewall rules for SSL traffic.

worked it out i needed to add to allowed network my home network

Sorry been busy lately i will come back with more details on my problem and how i have setup things to have everything working

Thanks

well for blocking social sites i recommend squid3 with squidguard to block only http and https you have 2 choices use WPAD or use PfblockerNG

@aGeekHere:

Then it was said NOT use LAN_IP, use 127.0.0.1

No. No such thing has ever been said. You were told to make Squid listen on loopback in addition to whatever other interface in case you insist on messing with similar cache managers shit (because that's the only interface allowed by ACLs by default).

That's all there's to it.

@aGeekHere:

I think I am completely confused here.

Yeah. Definitely. Way over your head. Just leave the proxy stuff alone and move on.