Sarg package for pfsense

marcelloc

Hi,
I just wonder, how can I map users name with dynamic IP address if my pfSense act as DHCP Server? Is it possible? In this case I do not use Windows Server.
example: I have 75 users desktop Windows XP or Windows 7 and get dynamic ip address from pfSense DHCP server or I have to map a real user name with ip address one by one at the option "Use association" like this:
172.31.21.22 Don Van Cooper
172.31.21.23 Teun Van Laarhoven
172.31.21.24 Marijon Kooijstra > until 75 users.

Try to enable squid basic authentication with local users.

@Donny:

at option "Ntlm User Format" When I have changed from "domainname+username(default)" to "Username" and Realtime report is not working. what is differences between "domainname+username" and "Username" to use?

This option is usefull only when you have ntlm authentication using samba and active directory.

Donny

@marcelloc:

@Donny:

Hi,
I just wonder, how can I map users name with dynamic IP address if my pfSense act as DHCP Server? Is it possible? In this case I do not use Windows Server.
example: I have 75 users desktop Windows XP or Windows 7 and get dynamic ip address from pfSense DHCP server or I have to map a real user name with ip address one by one at the option "Use association" like this:
172.31.21.22 Don Van Cooper
172.31.21.23 Teun Van Laarhoven
172.31.21.24 Marijon Kooijstra > until 75 users.

Try to enable squid basic authentication with local users.

@Donny:

at option "Ntlm User Format" When I have changed from "domainname+username(default)" to "Username" and Realtime report is not working. what is differences between "domainname+username" and "Username" to use?

This option is usefull only when you have ntlm authentication using samba and active directory.

Thank u Marcelloc, One more question. When I have changed from "domainname+username(default)" to "Username" and why a realtime report is not working?

marcelloc

@Donny:

Thank u Marcelloc, One more question. When I have changed from "domainname+username(default)" to "Username" and why a realtime report is not working?

this is a config bug in sarg

config file says:

TAG: ntlm_user_format username|domainname+username

NTLM users format.

#ntlm_user_format domainname+username
ntlm_user_format username

but sarg returns with:
SARG: Unknown value "username" for parameter "ntlm_user_format"

if I change this option to 'user' it works.

I'm publishing a patch right now, whait 15 minutes and reinstall sarg

Donny

@marcelloc:

@Donny:

Thank u Marcelloc, One more question. When I have changed from "domainname+username(default)" to "Username" and why a realtime report is not working?

this is a config bug in sarg

config file says:

TAG: ntlm_user_format username|domainname+username

NTLM users format.

#ntlm_user_format domainname+username
ntlm_user_format username

but sarg returns with:
SARG: Unknown value "username" for parameter "ntlm_user_format"

if I change this option to 'user' it works.

I'm publishing a patch right now, whait 15 minutes and reinstall sarg

Now I do a basic to authenticate and create local user on Squid-reverse. At authentication settings, they say that I have to turn off "Transparent proxy" and I have done it.
at shedule tab I try to "force Update now" but at realtime report tab when I click "Show log", it does not show any report. It does not work when I use local user and authetication:local.

LocalUsers.png_thumb

AuthenticatLocal.png_thumb

RealTimeReportNotwork.png_thumb

marcelloc

After disabling transparente proxy, you are able to filter ssl but you need first to configure proxy settings on client browsers.

Donny

@marcelloc:

After disabling transparente proxy, you are able to filter ssl but you need first to configure proxy settings on client browsers.

at the web browsers client I have configured proxy setting and I tried to log in with local user name and password that I created from Squid proxy. after log in success I try to check at realtime report on SARG but the report only show ip address and it is not show user name that I used log in.

marcelloc

Are you using just squid?

Can you check in log files if you can see the auth user?

klamath

Thanks Marcelo…

I've got some problem to get it done...
It doesn't work for me...
Can you help me?

[Sarg]Sarg config error: log file () does not exists .:.

Apr 10 23:00:29 php: /pkg_edit.php: executing squid log rotate after sarg.
Apr 10 23:00:29 php: /pkg_edit.php: executing squidguard log rotate after sarg.
Apr 10 23:00:29 php: /pkg_edit.php: The command '/usr/local/bin/sarg ' returned exit code '1', the output was 'SARG: Records in file: 49003, reading: 0.00%^MSARG: Records in file: 5000, reading: 10.20%^MSARG: Records in file: 10000, reading: 20.41%^MSARG: Records in file: 15000, reading: 30.61%^MSARG: Records in file: 20000, reading: 40.81%^MSARG: Records in file: 25000, reading: 51.02%^MSARG: Records in file: 30000, reading: 61.22%^MSARG: Records in file: 35000, reading: 71.42%^MSARG: Records in file: 40000, reading: 81.63%^MSARG: Records in file: 45000, reading: 91.83%^MSARG: Cannot delete /usr/local/www/sarg-reports/08Apr2012-10Apr2012/d192_168_1_106.html - No such file or directory SARG: Records in file: 49003, reading: 100.00%'
Apr 10 23:00:28 php: /pkg_edit.php: Sarg: force refresh now with '' args and rotate action after sarg finish.

Command line

sarg
SARG: Records in file: 49194, reading: 100.00%
SARG: Cannot delete /usr/local/www/sarg-reports/2012/04/08-10/d192_168_1_106.html - No such file or directory

marcelloc

Can you clean this problematic folder and try to run Sarg again?

My current schedules are
1h with no action after sarg
1d with rotate and restart.

Index options are selected on sarg configuration as well report overwrite.

Donny

@marcelloc:

Are you using just squid?

Can you check in log files if you can see the auth user?

First I have uninstall SARG and Squid-reverse because It is not work. After that I tried to install normal Squid-proxy and SARG again. When I created local user on Squid-proxy, I can not use capital and small letter like this: "Donny" but just only small letter: "donny" if I try to login via web browsers otherwise I can not login.

Now I turn off authenticate and go back to use "Transparent proxy" again. I will check log file in this evening and test again. I have to go to work now. bye

Thank u Marcelloc

Donny

Hello all, SARG with authenticate local user from the Squid is working now. At "realtime report and View report tab" show a local user name that I used to login via web browser. This is my step:
1. I have installed Squid-reverse and config a basic option that I need to use and I also create Local user and enable authentication to "local"
2. I installed SARGv.0.4.1. At Sarg setting > General > Report Option. I do not select "Use Ip Address instead userid in reports (no)". if I select this option it does not show any local user name. After that I created
schedule to make a report and I select option > action after sarg "Rotate log and Restart proxy daemon" and then "Force Update now". See screenshot
3. At web browser (Firefox) go to Tools > Options > Advanced > at Network tab > Connecting Settings, I configured proxy IP address like this example: 172.31.21.1 and use port 3128.
4. The next step I will try to test SARG with Squid-reverse and Dansguardian.

Thank a lot

SargSettingsLocalUsersWork.png_thumb

RealTimeLocalUsersSquid.png_thumb
Sites&LocalUsersSquid.png
Sites&LocalUsersSquid.png_thumb

Donny

Hello everyone, Can I use SARG and Dansguardian to make some report without Squid-reverse ? because Dansguardian have already included Squid v.2.7.9 .

marcelloc

You can if you configure squid by hand instead of using squid gui.

The package filer could help you on editing file and restarting service.

Donny

@marcelloc:

You can if you configure squid by hand instead of using squid gui.

The package filer could help you on editing file and restarting service.

Thank u, I have tested Dandsguardian right now but it is a little confuse some option. I read a lot at Dansguardian blog on pfsense. I have tried some basic step that some guy has posted in here: http://forum.pfsense.org/index.php/topic,47856.0.html but another option on Dansguardian, it make me too complicated. anyway I will try and test it first and I will ask some help later if I can not solve the problem. (I think many people here need some Dansguardian tutorial basic to understand.)

marcelloc

This dansguardian wiki maybe usefull to understand how it works

http://contentfilter.futuragts.com/wiki/doku.php?id=Main%20Index&DokuWiki=924cce1d7ede32b3512092f5f759126e

Donny

Hello Marcelloc, I just tested Dansguardian to block facebook (http and https). it is working and very usefull package. I really like all this packages "SARG, Squid-reverse and Dansguardian" very much. and Thank u again for your hard work.

Donny

Hello, Just want to know, how far email option system log report work with SARG ?

Thank u

marcelloc

@Donny:

Hello, Just want to know, how far email option system log report work with SARG ?

I'm looking at rrd mail report package to see how it work but I have no idea on when I'll have time to implement it.

Donny

After install SARG I got some error : Sarg config error: dansguardian log file () does not exists. In this case I have already configured Squid3 and also Dansguardian.
At Dansquardian > Report and log tab I selected log File Format to Squid log File Format
At SARG Settings > General tab > proxy server I selected to dansguardian. reboot or not reboot system at this point I always got warning Sarg config error: dansguardian log file () does not exists If I change proxy server to Squid the warning error is disappear.

This is my system log file:

Apr 16 01:19:37 php: : Reloading Dansguardian
Apr 16 01:19:37 php: : Reloading Dansguardian
Apr 16 01:19:38 php: : Reloading Dansguardian
Apr 16 01:19:38 php: : Reloading Dansguardian
Apr 16 01:19:38 php: : Reloading Dansguardian
Apr 16 01:19:40 php: : [squid] xmlrpc sync is starting.
Apr 16 01:19:41 php: : Starting Squid
Apr 16 01:19:41 squid[19250]: Squid Parent: child process 19565 started
Apr 16 01:19:41 check_reload_status: Reloading filter
Apr 16 01:19:41 php: : [squid] xmlrpc sync is starting.
Apr 16 01:19:42 php: : Reloading Squid for configuration sync
Apr 16 01:19:42 check_reload_status: Reloading filter
Apr 16 01:19:42 php: : [squid] xmlrpc sync is starting.
Apr 16 01:19:42 php: : Reloading Squid for configuration sync
Apr 16 01:19:42 php: : [squid] xmlrpc sync is starting.
Apr 16 01:19:43 php: : Reloading Squid for configuration sync
Apr 16 01:19:43 php: : [squid] xmlrpc sync is starting.
Apr 16 01:19:43 php: : Reloading Squid for configuration sync
Apr 16 01:19:43 php: : [squid] xmlrpc sync is starting.
Apr 16 01:19:44 php: : Reloading Squid for configuration sync
Apr 16 01:19:44 php: : Not calling package sync code for dependency squidcache of squid3 because some include files are missing.
Apr 16 01:19:44 php: : Not calling package sync code for dependency squidnac of squid3 because some include files are missing.
Apr 16 01:19:44 php: : Not calling package sync code for dependency squidtraffic of squid3 because some include files are missing.
Apr 16 01:19:44 php: : Not calling package sync code for dependency squidupstream of squid3 because some include files are missing.
Apr 16 01:19:44 php: : Not calling package sync code for dependency squidreverse of squid3 because some include files are missing.
Apr 16 01:19:44 php: : Not calling package sync code for dependency squidauth of squid3 because some include files are missing.
Apr 16 01:19:44 php: : Not calling package sync code for dependency squidusers of squid3 because some include files are missing.
Apr 16 01:19:46 php: : Sarg config error: dansguardian log file () does not exists
Apr 16 01:19:46 php: : New alert found: Sarg config error: dansguardian log file () does not exists
Apr 16 01:19:46 check_reload_status: Syncing firewall
Apr 16 01:19:46 php: : [sarg] sarg_xmlrpc_sync.php is starting.
Apr 16 01:19:46 php: : Sarg config error: dansguardian log file () does not exists
Apr 16 01:19:46 php: : New alert found: Sarg config error: dansguardian log file () does not exists
Apr 16 01:19:46 check_reload_status: Syncing firewall
Apr 16 01:19:46 php: : [sarg] sarg_xmlrpc_sync.php is starting.
Apr 16 01:19:46 php: : Sarg config error: dansguardian log file () does not exists
Apr 16 01:19:46 php: : New alert found: Sarg config error: dansguardian log file () does not exists
Apr 16 01:19:47 php: : [sarg] sarg_xmlrpc_sync.php is starting.
Apr 16 01:19:47 php: : Sarg config error: dansguardian log file () does not exists
Apr 16 01:19:47 php: : New alert found: Sarg config error: dansguardian log file () does not exists
Apr 16 01:19:47 php: : [sarg] sarg_xmlrpc_sync.php is starting.
Apr 16 01:19:50 php: : IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.
Apr 16 01:19:50 login: login on ttyv0 as root
Apr 16 01:19:50 sshlockout[58708]: sshlockout/webConfigurator v3.0 starting up
Apr 16 01:19:54 Squid_Alarm[11282]: Squid has exited. Reconfiguring filter.
Apr 16 01:19:54 Squid_Alarm[11604]: Attempting restart…
Apr 16 01:19:57 Squid_Alarm[13545]: Reconfiguring filter…
Apr 16 01:19:57 check_reload_status: Reloading filter
Apr 16 01:20:16 apinger: Error while feeding rrdtool: Broken pipe
Apr 16 01:21:16 apinger: /usr/local/bin/rrdtool respawning too fast, waiting 300s.

marcelloc

Can you check if /var/log/dansguardian folder exists?