Sarg package for pfsense

Donny

@lucapsg:

During the update of the report and also in the tab 'Realtime', tcpdump has not caught anything on port 389.
To verify that the settings used in 'tcpdump' is correct I tried to capture traffic made ​​with Diagnostic-> Authentication and actually a bit of broth was captured.
pfSense is 192.168.152.1 while Windows 2003 is 192.168.152.200, both in a VMware test environment:

17:08:16.107802 IP 192.168.152.1.61250 > 192.168.152.200.389: tcp 0
17:08:16.109616 IP 192.168.152.200.389 > 192.168.152.1.61250: tcp 0
17:08:16.109692 IP 192.168.152.1.61250 > 192.168.152.200.389: tcp 0
17:08:16.109964 IP 192.168.152.1.61250 > 192.168.152.200.389: tcp 62
17:08:16.112227 IP 192.168.152.200.389 > 192.168.152.1.61250: tcp 22
ecc…

@Donny: In Squid LDAP is used to "authenticate", while in Sarg to replace the username with the full name of the user in reports.

Hello lucapsg,

It mean, I have to use both if I need full user name of the user in sarg reports. Is it correct?

Thank u

Hugovsky

HI all.  I have same problem with ldap. With system>user manager some traffic shows up in tcpdump and correctly connects. Nothing with users in sarg reports.

Edit: last package update was just now.

lucapsg

@Donny, well, if you have an LDAP directory and you want to authenticate users (Squid) And you also want to display the full name of the user in report (Sarg), then YES.
Or at least we're working on so that this is possible  ;)

Sarg can do also (and already does) replacement using its own internal function. See field 'Users Association' in Status->Sarg Reports->Users, but in my judgment is only recommended for a small number of users and/or if Squid authenticates users with their own list.

@ Marcelloc, any news?

marcelloc

@lucapsg:

Marcelloc, any news?

try to run sarg on console/ssh to see if it returns ldap erros or something.

lucapsg

I tried this …

[2.0.1-RELEASE][admin@pfsense.virtualdomain.lan]/root(9): sarg
SARG: Records in file: 1093, reading: 100.00%
SARG: Successful report generated on /usr/local/www/sarg-reports/24Apr2012-24Apr2012
SARG: (removetmp) Cannot open file /usr/local/www/sarg-reports/24Apr2012-24Apr2012/sarg-general

…but...

[2.0.1-RELEASE][admin@pfsense.virtualdomain.lan]/root(10): ls -l /usr/local/www/sarg-reports/24Apr2012-24Apr2012
ls: /usr/local/www/sarg-reports/24Apr2012-24Apr2012: No such file or directory

… is it useful?

klamath

@marcelloc:

I've just pushed a fix to Sort Fields in Reverse order check.

Reinstall the package in 15 minutes.

Thanks for the user_sort_field BYTES REVERSE!!!
This is Exactly what I was expected!

Donny

@lucapsg:

@Donny, well, if you have an LDAP directory and you want to authenticate users (Squid) And you also want to display the full name of the user in report (Sarg), then YES.
Or at least we're working on so that this is possible  ;)

Sarg can do also (and already does) replacement using its own internal function. See field 'Users Association' in Status->Sarg Reports->Users, but in my judgment is only recommended for a small number of users and/or if Squid authenticates users with their own list.

@ Marcelloc, any news?

Thank a lot,

OK, Do I need to create authentication servers for LDAP at option System-> User Manager >Servers, when I use both of Squid authenticate and SARG Ldap setting. Is it possible if you can show me how you configuration SARG Ldap setting option? Did you success to get full user name in sarg report?. for me I only got user name login in sarg report. It is not full name.

lucapsg

For user authentication with Squid/LDAP see this post:
http://forum.pfsense.org/index.php/topic, 47409.0.html

As for replacing the username with the corresponding user's full name with Sarg/LDAP instructions are given in this tread, but there is still something that does not work, at least in my case  :-\

Donny

@lucapsg:

For user authentication with Squid/LDAP see this post:
http://forum.pfsense.org/index.php/topic, 47409.0.html

As for replacing the username with the corresponding user's full name with Sarg/LDAP instructions are given in this tread, but there is still something that does not work, at least in my case  :-\

The links that you give it to me, I already done and tested before but I only get user login name. you can check the links below.
http://forum.pfsense.org/index.php/topic,48347.msg257526.html#msg257526

Thank u

Donny

Hello Marcelloc,

At Sarg "Users" tab, I try to config Ldap to get it work for full user name. At sarg ldap setting, I have configured the same CN, OU and DC as I have done with squid Ldap authenticate. so, I try many time to get full user name but it is not work. anyway try again tomorrow.

Thank u

IGIdeus

@klamath:

@marcelloc:

I've just pushed a fix to Sort Fields in Reverse order check.

Reinstall the package in 15 minutes.

Thanks for the user_sort_field BYTES REVERSE!!!
This is Exactly what I was expected!

Hi,

I can also confirm. But first I had to uncheck and check option again to work.

Best regards
IGIdeus

Donny

Have any news over SARG reports with full usernames instead of user name logins?

Thank u

marcelloc

@Donny:

Have any news over SARG reports with full usernames instead of user name logins?

No time to test yet.

Did you tried to run sarg on console with ldap info? did it returned any error?

Donny

@marcelloc:

@Donny:

Have any news over SARG reports with full usernames instead of user name logins?

No time to test yet.

Did you tried to run sarg on console with ldap info? did it returned any error?

Ok, I will try

Sarg detail from console. I could not find any returned  error.

[2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(1): sarg
SARG: Records in file: 2140, reading: 100.00%
SARG: Successful report generated on /usr/local/www/sarg-reports/25Apr2012-25Apr 2012
[2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(2): sarg -z
SARG: TAG: access_log /var/squid/logs/access.log
SARG: TAG: graphs yes
SARG: TAG: output_dir /usr/local/www/sarg-reports
SARG: TAG: anonymous_output_files no
SARG: TAG: resolve_ip no
SARG: TAG: user_ip no
SARG: TAG: topuser_sort_field BYTES NORMAL
SARG: TAG: user_sort_field BYTES NORMAL
SARG: TAG: exclude_users /usr/local/etc/sarg/exclude_users.conf
SARG: TAG: exclude_hosts /usr/local/etc/sarg/exclude_hosts.conf
SARG: TAG: date_format e
SARG: TAG: lastlog 0
SARG: TAG: remove_temp_files yes
SARG: TAG: index yes
SARG: TAG: index_tree file
SARG: TAG: overwrite_report yes
SARG: TAG: use_comma yes
SARG: TAG: exclude_codes /usr/local/etc/sarg/exclude_codes
SARG: TAG: max_elapsed 0
SARG: TAG: report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
SARG: TAG: usertab none
SARG: TAG: LDAPHost 172.31.21.10
SARG: TAG: LDAPBindDN cn=Administrator,cn=Users,dc=nxxxter,dc=dsns
SARG: TAG: LDAPBindPW MyLdapPassWord
SARG: TAG: LDAPBaseSearch dc=nxxxter,dc=dsns
SARG: TAG: LDAPFilterSearch sAMAccountName=%s
SARG: TAG: long_url no
SARG: TAG: date_time_by bytes
SARG: TAG: charset UTF-8
SARG: TAG: privacy no
SARG: TAG: bytes_in_sites_users_report no
SARG: TAG: topuser_num 0
SARG: TAG: dansguardian_conf
SARG: TAG: show_sarg_info no
SARG: TAG: show_sarg_logo no
SARG: TAG: displayed_values bytes
SARG: TAG: authfail_report_limit 0
SARG: TAG: denied_report_limit 0
SARG: TAG: siteusers_report_limit 0
SARG: TAG: user_report_limit 0
SARG: TAG: www_document_root /usr/local/www
SARG: TAG: ntlm_user_format domainname+username
SARG: TAG: realtime_refresh_time 0
SARG: TAG: realtime_types GET,PUT,CONNECT
SARG: TAG: realtime_unauthenticated_records show
SARG: TAG: sorttable /sarg_sorttable.js
SARG: TAG: hostalias /usr/local/etc/sarg/hostalias
SARG: Records in file: 2140, reading: 100.00%
SARG: (info) date=25/04/2012
SARG: (info) period=25 Apr 2012
SARG: (info) outdirname=/usr/local/www/sarg-reports/25Apr2012-25Apr2012
SARG: (info) Dansguardian report not produced because no dansguardian configuration file was provided
SARG: (info) No redirector logs provided to produce that kind of report
SARG: (info) Downloaded files report not generated as it is empty
SARG: (info) Denied report not produced because it is empty
SARG: (info) Redirector report not generated because it is empty
SARG: Successful report generated on /usr/local/www/sarg-reports/25Apr2012-25Apr2012
[2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(3):

[2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(9): sarg -x
SARG: Init
SARG: Loading configuration from /usr/local/etc/sarg/sarg.conf
SARG: Loading exclude host file from: /usr/local/etc/sarg/exclude_hosts.conf
SARG: Loading exclude file from: /usr/local/etc/sarg/exclude_users.conf
SARG: Reading host alias file "/usr/local/etc/sarg/hostalias"
SARG: List of host names to alias:
SARG: Parameters:
SARG:           Hostname or IP address (-a) =
SARG:                    Useragent log (-b) =
SARG:                     Exclude file (-c) = /usr/local/etc/sarg/exclude_hosts.conf
SARG:                  Date from-until (-d) =
SARG:    Email address to send reports (-e) =
SARG:                      Config file (-f) = /usr/local/etc/sarg/sarg.conf
SARG:                      Date format (-g) = Europe (dd/mm/yyyy)
SARG:                        IP report (-i) = No
SARG:                        Input log (-l) = /var/squid/logs/access.log
SARG:               Resolve IP Address (-n) = No
SARG:                       Output dir (-o) = /usr/local/www/sarg-reports/
SARG: Use Ip Address instead of userid (-p) = No
SARG:                    Accessed site (-s) =
SARG:                             Time (-t) =
SARG:                             User (-u) =
SARG:                    Temporary dir (-w) = /tmp/sarg
SARG:                   Debug messages (-x) = Yes
SARG:                 Process messages (-z) = No
SARG:  Previous reports to keep (--lastlog) = 0
SARG:
SARG: sarg version: 2.3.2 Nov-23-2011
SARG: Reading access log file: /var/squid/logs/access.log
SARG: Records in file: 61, reading: 100.00%
SARG:    Records read: 61, written: 61, excluded: 0
SARG: Squid log format
SARG: Period: 26 Apr 2012
SARG: pre-sorting files
SARG: Making file: /tmp/sarg/noppy
SARG: Sorting file: /tmp/sarg/noppy.utmp
SARG: Making report: noppy
SARG: Making index.html
SARG: Successful report generated on /usr/local/www/sarg-reports/26Apr2012-26Apr2012
SARG: Purging temporary file sarg-general
SARG: End

marcelloc

I saw no ldap info on sarg output.

I'll check sarg compile options.

att,
Marcello Coutinho

marcelloc

I've compiled latest sarg code,checked build output and found ldap info there

checking ldap.h usability... yes
checking ldap.h presence... yes
checking for ldap.h... yes
checking for ldap_init in -lldap... yes

Can you try this new build on your system/lab?

amd64
http://e-sac.siteseguro.ws/packages/amd64/8/All/sarg-2.3.2_4.tbz

i386
http://e-sac.siteseguro.ws/packages/8/All/sarg-2.3.2_4.tbz

On console/ssh:

To list current sarg freebsd package use: pkg_info | grep -i sarg
To delete sarg freebsd package use: pkg_delete sarg_version_you_found
To install latest freebsd sarg package use: pkg_add -r http://above_url_with_correct_platform

Also check if you have openldap-sasl-client freebsd package installed too.

Donny

@marcelloc:

I've compiled latest sarg code,checked build output and found ldap info there

checking ldap.h usability... yes
checking ldap.h presence... yes
checking for ldap.h... yes
checking for ldap_init in -lldap... yes

Can you try this new build on your system/lab?

amd64
http://e-sac.siteseguro.ws/packages/amd64/8/All/sarg-2.3.2_4.tbz

i386
http://e-sac.siteseguro.ws/packages/8/All/sarg-2.3.2_4.tbz

On console/ssh:

To list current sarg freebsd package use: pkg_info | grep -i sarg
To delete sarg freebsd package use: pkg_delete sarg_version_you_found
To install latest freebsd sarg package use: pkg_add -r http://above_url_with_correct_platform

Also check if you have openldap-sasl-client freebsd package installed too.

Hello Marcelloc, I already done it a little bit and I will test both of i386 and AMD 64 with my lab system and I inform you within today. Just wake up. Thank u very much, Donny

Donny

Hello Marcelloc

I have installed new build. Here is info.

[2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(9): pkg_info
bsdinstaller-2.0.2011.1212 BSD Installer mega-package
cyrus-sasl-2.1.25_1 RFC 2222 SASL (Simple Authentication and Security Layer)
db41-4.1.25_4       The Berkeley DB package, revision 4.1
freetype2-2.4.7     A free and portable TrueType font rendering engine
gd-2.0.35_7,1       A graphics library for fast creation of images
gettext-0.18.1.1    GNU gettext package
grub-0.97_4         GRand Unified Bootloader
jpeg-8_3            IJG's jpeg compression utilities
libiconv-1.13.1_1   A character set conversion library
openldap-sasl-client-2.4.26 Open source LDAP client implementation with SASL2 support
perl-5.12.4_3       Practical Extraction and Report Language
pkg-config-0.25_1   A utility to retrieve information about installed libraries
png-1.4.8           Library for manipulating PNG images
sarg-2.3.2_4        Squid log analyzer and HTML report generator
squid-3.1.19        HTTP Caching Proxy
[2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(10):

Thank u

marcelloc

Can you see if there's ldap queries during sarg reports with this latest version?

Donny

@marcelloc:

Can you see if there's ldap queries during sarg reports with this latest version?

I only got this version> [2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(10): sarg version: 2.3.2 Nov-23-2011

For ldap queries,you mean that I have to check at access.log.

When I use ldap search the result is 0 success:

[2.0.1-RELEASE][admin@xxxx.nxbuter.dsns]/root(3): ldapsearch -x -h 172.31.21.10 -p 389 -s sub -D "cn=Administrator,cn=Users,dc=nxxxter,dc=dsns" -w "SargLdapPassWord" -b "dc=nxxxter,DC=dsns" "(sAMAccountName=%s)" cn
# extended LDIF
#
# LDAPv3
# base <dc=nxxxter,dc=dsns>with scope subtree
# filter: (sAMAccountName=%s)
# requesting: cn
#

# search reference
ref: ldap://ForestDnsZones.nxxxter.dsns/DC=ForestDnsZones,DC=nxxxter,DC=dsns

# search reference
ref: ldap://DomainDnsZones.nxxxter.dsns/DC=DomainDnsZones,DC=nxxxter,DC=dsns

# search reference
ref: ldap://nxbuter.dsns/CN=Configuration,DC=nxxxter,DC=dsns

# search result
search: 2
result: 0 Success

# numResponses: 4
# numReferences: 3
[2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(4):</dc=nxxxter,dc=dsns>