Sarg package for pfsense

marcelloc

On amd64 it can be set to 256. I'll include it on next release.

For now, use http://pfsense.IP/sarg-reports

Hemingway

@marcelloc
First, thanks for this wonderfull Package!

I have installed Squid and Sarg and both work fine. I make daily reports with the scheduler.
The Syntax for daily reports is "-d date +%d/%m/%Y-date +%d/%m/%Y", but now
i need weekly, monthly and annual reports. What's the right Syntax to make this?

Thanks, Hemingway

IGIdeus

@marcelloc:

Did you tried to select bytes on user option and sort fields in reverse options on general tab?

Hi,
I also have a problem with sorting Top users & Users report.
I tried mentioned option but it doesn't work.
I need to manually change config file with options:

TAG:  topuser_sort_field field normal/reverse

#      Sort field for the Topuser Report.
#      Allowed fields: USER CONNECT BYTES TIME

topuser_sort_field BYTES REVERSE

TAG:  user_sort_field field normal/reverse

#      Sort field for the User Report.
#      Allowed fields: SITE CONNECT BYTES TIME

user_sort_field BYTES REVERSE

But when I change the configuration in GUI then everything is reverted to NORMAL.
Could you please extend the "User Sort Field" with "BYTES(reverse)"?

Best regards
IGIdeus

marcelloc

I've just pushed a fix to Sort Fields in Reverse order check.

Reinstall the package in 15 minutes.

lucapsg

I'm trying to read the full name of the user via LDAP to show in Sarg reports, but I can not make it work.

In Sarg->User I use the same configuration, functional, used for Squid and pfSense, with a specific user, verified with Diagnostic-> Authentication.

Just about this, I found an oddity …
In the 'LDAP search filter' I put the string '(sAMAccountName =% s)' but in /usr/local/etc/sarg/sarg.conf, is not registered  ::), but every other change, yes.
So, the next page load I was expecting a blank or default value, whereas it appeared the correct string  ???
Where is it recorded? And, above all, irrespective of the position, this is used in the LDAP query?

The LDAP directory is Active Directory on Windows 2003 and in the Event Viewer I have not seen any attempt to access by Sarg. Perhaps because of what I just said?

The software I use are all the latest (I think):

• PfSense 2.0.1-RELEASE (i386) built on Wed Dec 12 18:24:17 EST 2011
• Squid 2.7.9 pkg v.4.3.1
• SquidGuard 1.4_2 pkg v.1.9.1
• Sarg 2.3.2 pkg v.0.4.1

Any suggestions?
Thanks for the nice job, Marcelloc!

marcelloc

lucapsg,

I've just pushed a fix to LDAP filter Search check.

Reinstall the package in 15 minutes.

Thanks for your feedback

lucapsg

Wow, a rocket!
Update installed, now the value entered in the 'LDAP search filter' is properly registered in sarg.conf. (I'm curious, where it was saved before?)
After saving each tab and pressing 'Force update now' in the report still does not appear the full name of the user.
From the Windows logs, there's no news, no attempt to access.
I look forward to doing more tests.

marcelloc

try to tcpdump connections from pfsense to active directory.

maybe you have a ldap server fqdn configured that pfsense can't resolve.

lucapsg

As I said, I'm using the same configuration used in System-> User Manager-> Servers and tests made ​​by Diagnostic-> Authentication confirm it is working.
However, to remove any doubt, in the 'LDAP Hostname' I'm using the IP.
Now I check with tcpdump … stay tuned...

Donny

Hello Marcelloc,

I just a little bit confuse between SARG ldap setting (User tab) and Squid authentication with LDAP. If I understand collect when I used Squid authentication with LDAP, I don't need to use SARG ldap settings right.
Could you explain what is difference between SARG ldap setting and Squid authentication with LDAP, please?

Thank u

lucapsg

During the update of the report and also in the tab 'Realtime', tcpdump has not caught anything on port 389.
To verify that the settings used in 'tcpdump' is correct I tried to capture traffic made ​​with Diagnostic-> Authentication and actually a bit of broth was captured.
pfSense is 192.168.152.1 while Windows 2003 is 192.168.152.200, both in a VMware test environment:

17:08:16.107802 IP 192.168.152.1.61250 > 192.168.152.200.389: tcp 0
17:08:16.109616 IP 192.168.152.200.389 > 192.168.152.1.61250: tcp 0
17:08:16.109692 IP 192.168.152.1.61250 > 192.168.152.200.389: tcp 0
17:08:16.109964 IP 192.168.152.1.61250 > 192.168.152.200.389: tcp 62
17:08:16.112227 IP 192.168.152.200.389 > 192.168.152.1.61250: tcp 22
ecc…

@Donny: In Squid LDAP is used to "authenticate", while in Sarg to replace the username with the full name of the user in reports.

Donny

@lucapsg:

During the update of the report and also in the tab 'Realtime', tcpdump has not caught anything on port 389.
To verify that the settings used in 'tcpdump' is correct I tried to capture traffic made ​​with Diagnostic-> Authentication and actually a bit of broth was captured.
pfSense is 192.168.152.1 while Windows 2003 is 192.168.152.200, both in a VMware test environment:

17:08:16.107802 IP 192.168.152.1.61250 > 192.168.152.200.389: tcp 0
17:08:16.109616 IP 192.168.152.200.389 > 192.168.152.1.61250: tcp 0
17:08:16.109692 IP 192.168.152.1.61250 > 192.168.152.200.389: tcp 0
17:08:16.109964 IP 192.168.152.1.61250 > 192.168.152.200.389: tcp 62
17:08:16.112227 IP 192.168.152.200.389 > 192.168.152.1.61250: tcp 22
ecc…

@Donny: In Squid LDAP is used to "authenticate", while in Sarg to replace the username with the full name of the user in reports.

Hello lucapsg,

It mean, I have to use both if I need full user name of the user in sarg reports. Is it correct?

Thank u

Hugovsky

HI all.  I have same problem with ldap. With system>user manager some traffic shows up in tcpdump and correctly connects. Nothing with users in sarg reports.

Edit: last package update was just now.

lucapsg

@Donny, well, if you have an LDAP directory and you want to authenticate users (Squid) And you also want to display the full name of the user in report (Sarg), then YES.
Or at least we're working on so that this is possible  ;)

Sarg can do also (and already does) replacement using its own internal function. See field 'Users Association' in Status->Sarg Reports->Users, but in my judgment is only recommended for a small number of users and/or if Squid authenticates users with their own list.

@ Marcelloc, any news?

marcelloc

@lucapsg:

Marcelloc, any news?

try to run sarg on console/ssh to see if it returns ldap erros or something.

lucapsg

I tried this …

[2.0.1-RELEASE][admin@pfsense.virtualdomain.lan]/root(9): sarg
SARG: Records in file: 1093, reading: 100.00%
SARG: Successful report generated on /usr/local/www/sarg-reports/24Apr2012-24Apr2012
SARG: (removetmp) Cannot open file /usr/local/www/sarg-reports/24Apr2012-24Apr2012/sarg-general

…but...

[2.0.1-RELEASE][admin@pfsense.virtualdomain.lan]/root(10): ls -l /usr/local/www/sarg-reports/24Apr2012-24Apr2012
ls: /usr/local/www/sarg-reports/24Apr2012-24Apr2012: No such file or directory

… is it useful?

klamath

@marcelloc:

I've just pushed a fix to Sort Fields in Reverse order check.

Reinstall the package in 15 minutes.

Thanks for the user_sort_field BYTES REVERSE!!!
This is Exactly what I was expected!

Donny

@lucapsg:

@Donny, well, if you have an LDAP directory and you want to authenticate users (Squid) And you also want to display the full name of the user in report (Sarg), then YES.
Or at least we're working on so that this is possible  ;)

Sarg can do also (and already does) replacement using its own internal function. See field 'Users Association' in Status->Sarg Reports->Users, but in my judgment is only recommended for a small number of users and/or if Squid authenticates users with their own list.

@ Marcelloc, any news?

Thank a lot,

OK, Do I need to create authentication servers for LDAP at option System-> User Manager >Servers, when I use both of Squid authenticate and SARG Ldap setting. Is it possible if you can show me how you configuration SARG Ldap setting option? Did you success to get full user name in sarg report?. for me I only got user name login in sarg report. It is not full name.

lucapsg

For user authentication with Squid/LDAP see this post:
http://forum.pfsense.org/index.php/topic, 47409.0.html

As for replacing the username with the corresponding user's full name with Sarg/LDAP instructions are given in this tread, but there is still something that does not work, at least in my case  :-\

Donny

@lucapsg:

For user authentication with Squid/LDAP see this post:
http://forum.pfsense.org/index.php/topic, 47409.0.html

As for replacing the username with the corresponding user's full name with Sarg/LDAP instructions are given in this tread, but there is still something that does not work, at least in my case  :-\

The links that you give it to me, I already done and tested before but I only get user login name. you can check the links below.
http://forum.pfsense.org/index.php/topic,48347.msg257526.html#msg257526

Thank u