Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Sarg package for pfsense

    Scheduled Pinned Locked Moved pfSense Packages
    467 Posts 99 Posters 512.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DonnyD
      Donny
      last edited by

      Hello Marcelloc,

      At Sarg "Users" tab, I try to config Ldap to get it work for full user name. At sarg ldap setting, I have configured the same CN, OU and DC as I have done with squid Ldap authenticate. so, I try many time to get full user name but it is not work. anyway try again tomorrow.

      Thank u

      1 Reply Last reply Reply Quote 0
      • I
        IGIdeus
        last edited by

        @klamath:

        @marcelloc:

        I've just pushed a fix to Sort Fields in Reverse order check.

        Reinstall the package in 15 minutes.

        Thanks for the user_sort_field BYTES REVERSE!!!
        This is Exactly what I was expected!

        Hi,

        I can also confirm. But first I had to uncheck and check option again to work.

        Best regards
        IGIdeus

        1 Reply Last reply Reply Quote 0
        • DonnyD
          Donny
          last edited by

          Have any news over SARG reports with full usernames instead of user name logins?

          Thank u

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            @Donny:

            Have any news over SARG reports with full usernames instead of user name logins?

            No time to test yet.

            Did you tried to run sarg on console with ldap info? did it returned any error?

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • DonnyD
              Donny
              last edited by

              @marcelloc:

              @Donny:

              Have any news over SARG reports with full usernames instead of user name logins?

              No time to test yet.

              Did you tried to run sarg on console with ldap info? did it returned any error?

              Ok, I will try

              Sarg detail from console. I could not find any returned  error.

              [2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(1): sarg
              SARG: Records in file: 2140, reading: 100.00%
              SARG: Successful report generated on /usr/local/www/sarg-reports/25Apr2012-25Apr 2012
              [2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(2): sarg -z
              SARG: TAG: access_log /var/squid/logs/access.log
              SARG: TAG: graphs yes
              SARG: TAG: output_dir /usr/local/www/sarg-reports
              SARG: TAG: anonymous_output_files no
              SARG: TAG: resolve_ip no
              SARG: TAG: user_ip no
              SARG: TAG: topuser_sort_field BYTES NORMAL
              SARG: TAG: user_sort_field BYTES NORMAL
              SARG: TAG: exclude_users /usr/local/etc/sarg/exclude_users.conf
              SARG: TAG: exclude_hosts /usr/local/etc/sarg/exclude_hosts.conf
              SARG: TAG: date_format e
              SARG: TAG: lastlog 0
              SARG: TAG: remove_temp_files yes
              SARG: TAG: index yes
              SARG: TAG: index_tree file
              SARG: TAG: overwrite_report yes
              SARG: TAG: use_comma yes
              SARG: TAG: exclude_codes /usr/local/etc/sarg/exclude_codes
              SARG: TAG: max_elapsed 0
              SARG: TAG: report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
              SARG: TAG: usertab none
              SARG: TAG: LDAPHost 172.31.21.10
              SARG: TAG: LDAPBindDN cn=Administrator,cn=Users,dc=nxxxter,dc=dsns
              SARG: TAG: LDAPBindPW MyLdapPassWord
              SARG: TAG: LDAPBaseSearch dc=nxxxter,dc=dsns
              SARG: TAG: LDAPFilterSearch sAMAccountName=%s
              SARG: TAG: long_url no
              SARG: TAG: date_time_by bytes
              SARG: TAG: charset UTF-8
              SARG: TAG: privacy no
              SARG: TAG: bytes_in_sites_users_report no
              SARG: TAG: topuser_num 0
              SARG: TAG: dansguardian_conf
              SARG: TAG: show_sarg_info no
              SARG: TAG: show_sarg_logo no
              SARG: TAG: displayed_values bytes
              SARG: TAG: authfail_report_limit 0
              SARG: TAG: denied_report_limit 0
              SARG: TAG: siteusers_report_limit 0
              SARG: TAG: user_report_limit 0
              SARG: TAG: www_document_root /usr/local/www
              SARG: TAG: ntlm_user_format domainname+username
              SARG: TAG: realtime_refresh_time 0
              SARG: TAG: realtime_types GET,PUT,CONNECT
              SARG: TAG: realtime_unauthenticated_records show
              SARG: TAG: sorttable /sarg_sorttable.js
              SARG: TAG: hostalias /usr/local/etc/sarg/hostalias
              SARG: Records in file: 2140, reading: 100.00%
              SARG: (info) date=25/04/2012
              SARG: (info) period=25 Apr 2012
              SARG: (info) outdirname=/usr/local/www/sarg-reports/25Apr2012-25Apr2012
              SARG: (info) Dansguardian report not produced because no dansguardian configuration file was provided
              SARG: (info) No redirector logs provided to produce that kind of report
              SARG: (info) Downloaded files report not generated as it is empty
              SARG: (info) Denied report not produced because it is empty
              SARG: (info) Redirector report not generated because it is empty
              SARG: Successful report generated on /usr/local/www/sarg-reports/25Apr2012-25Apr2012
              [2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(3):
              
              [2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(9): sarg -x
              SARG: Init
              SARG: Loading configuration from /usr/local/etc/sarg/sarg.conf
              SARG: Loading exclude host file from: /usr/local/etc/sarg/exclude_hosts.conf
              SARG: Loading exclude file from: /usr/local/etc/sarg/exclude_users.conf
              SARG: Reading host alias file "/usr/local/etc/sarg/hostalias"
              SARG: List of host names to alias:
              SARG: Parameters:
              SARG:           Hostname or IP address (-a) =
              SARG:                    Useragent log (-b) =
              SARG:                     Exclude file (-c) = /usr/local/etc/sarg/exclude_hosts.conf
              SARG:                  Date from-until (-d) =
              SARG:    Email address to send reports (-e) =
              SARG:                      Config file (-f) = /usr/local/etc/sarg/sarg.conf
              SARG:                      Date format (-g) = Europe (dd/mm/yyyy)
              SARG:                        IP report (-i) = No
              SARG:                        Input log (-l) = /var/squid/logs/access.log
              SARG:               Resolve IP Address (-n) = No
              SARG:                       Output dir (-o) = /usr/local/www/sarg-reports/
              SARG: Use Ip Address instead of userid (-p) = No
              SARG:                    Accessed site (-s) =
              SARG:                             Time (-t) =
              SARG:                             User (-u) =
              SARG:                    Temporary dir (-w) = /tmp/sarg
              SARG:                   Debug messages (-x) = Yes
              SARG:                 Process messages (-z) = No
              SARG:  Previous reports to keep (--lastlog) = 0
              SARG:
              SARG: sarg version: 2.3.2 Nov-23-2011
              SARG: Reading access log file: /var/squid/logs/access.log
              SARG: Records in file: 61, reading: 100.00%
              SARG:    Records read: 61, written: 61, excluded: 0
              SARG: Squid log format
              SARG: Period: 26 Apr 2012
              SARG: pre-sorting files
              SARG: Making file: /tmp/sarg/noppy
              SARG: Sorting file: /tmp/sarg/noppy.utmp
              SARG: Making report: noppy
              SARG: Making index.html
              SARG: Successful report generated on /usr/local/www/sarg-reports/26Apr2012-26Apr2012
              SARG: Purging temporary file sarg-general
              SARG: End
              
              1 Reply Last reply Reply Quote 0
              • marcellocM
                marcelloc
                last edited by

                I saw no ldap info on sarg output.

                I'll check sarg compile options.

                att,
                Marcello Coutinho

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • marcellocM
                  marcelloc
                  last edited by

                  I've compiled latest sarg code,checked build output and found ldap info there

                  
                  checking ldap.h usability... yes
                  checking ldap.h presence... yes
                  checking for ldap.h... yes
                  checking for ldap_init in -lldap... yes
                  
                  

                  Can you try this new build on your system/lab?

                  amd64
                  http://e-sac.siteseguro.ws/packages/amd64/8/All/sarg-2.3.2_4.tbz

                  i386
                  http://e-sac.siteseguro.ws/packages/8/All/sarg-2.3.2_4.tbz

                  On console/ssh:

                  To list current sarg freebsd package use: pkg_info | grep -i sarg
                  To delete sarg freebsd package use: pkg_delete sarg_version_you_found
                  To install latest freebsd sarg package use: pkg_add -r http://above_url_with_correct_platform

                  Also check if you have openldap-sasl-client freebsd package installed too.

                  Treinamentos de Elite: http://sys-squad.com

                  Help a community developer! ;D

                  1 Reply Last reply Reply Quote 0
                  • DonnyD
                    Donny
                    last edited by

                    @marcelloc:

                    I've compiled latest sarg code,checked build output and found ldap info there

                    
                    checking ldap.h usability... yes
                    checking ldap.h presence... yes
                    checking for ldap.h... yes
                    checking for ldap_init in -lldap... yes
                    
                    

                    Can you try this new build on your system/lab?

                    amd64
                    http://e-sac.siteseguro.ws/packages/amd64/8/All/sarg-2.3.2_4.tbz

                    i386
                    http://e-sac.siteseguro.ws/packages/8/All/sarg-2.3.2_4.tbz

                    On console/ssh:

                    To list current sarg freebsd package use: pkg_info | grep -i sarg
                    To delete sarg freebsd package use: pkg_delete sarg_version_you_found
                    To install latest freebsd sarg package use: pkg_add -r http://above_url_with_correct_platform

                    Also check if you have openldap-sasl-client freebsd package installed too.

                    Hello Marcelloc, I already done it a little bit and I will test both of i386 and AMD 64 with my lab system and I inform you within today. Just wake up. Thank u very much, Donny

                    1 Reply Last reply Reply Quote 0
                    • DonnyD
                      Donny
                      last edited by

                      Hello Marcelloc

                      I have installed new build. Here is info.

                      [2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(9): pkg_info
                      bsdinstaller-2.0.2011.1212 BSD Installer mega-package
                      cyrus-sasl-2.1.25_1 RFC 2222 SASL (Simple Authentication and Security Layer)
                      db41-4.1.25_4       The Berkeley DB package, revision 4.1
                      freetype2-2.4.7     A free and portable TrueType font rendering engine
                      gd-2.0.35_7,1       A graphics library for fast creation of images
                      gettext-0.18.1.1    GNU gettext package
                      grub-0.97_4         GRand Unified Bootloader
                      jpeg-8_3            IJG's jpeg compression utilities
                      libiconv-1.13.1_1   A character set conversion library
                      openldap-sasl-client-2.4.26 Open source LDAP client implementation with SASL2 support
                      perl-5.12.4_3       Practical Extraction and Report Language
                      pkg-config-0.25_1   A utility to retrieve information about installed libraries
                      png-1.4.8           Library for manipulating PNG images
                      sarg-2.3.2_4        Squid log analyzer and HTML report generator
                      squid-3.1.19        HTTP Caching Proxy
                      [2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(10):
                      

                      Thank u

                      1 Reply Last reply Reply Quote 0
                      • marcellocM
                        marcelloc
                        last edited by

                        Can you see if there's ldap queries during sarg reports with this latest version?

                        Treinamentos de Elite: http://sys-squad.com

                        Help a community developer! ;D

                        1 Reply Last reply Reply Quote 0
                        • DonnyD
                          Donny
                          last edited by

                          @marcelloc:

                          Can you see if there's ldap queries during sarg reports with this latest version?

                          I only got this version> [2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(10): sarg version: 2.3.2 Nov-23-2011

                          For ldap queries,you mean that I have to check at access.log.

                          When I use ldap search the result is 0 success:

                          [2.0.1-RELEASE][admin@xxxx.nxbuter.dsns]/root(3): ldapsearch -x -h 172.31.21.10 -p 389 -s sub -D "cn=Administrator,cn=Users,dc=nxxxter,dc=dsns" -w "SargLdapPassWord" -b "dc=nxxxter,DC=dsns" "(sAMAccountName=%s)" cn
                          # extended LDIF
                          #
                          # LDAPv3
                          # base <dc=nxxxter,dc=dsns>with scope subtree
                          # filter: (sAMAccountName=%s)
                          # requesting: cn
                          #
                          
                          # search reference
                          ref: ldap://ForestDnsZones.nxxxter.dsns/DC=ForestDnsZones,DC=nxxxter,DC=dsns
                          
                          # search reference
                          ref: ldap://DomainDnsZones.nxxxter.dsns/DC=DomainDnsZones,DC=nxxxter,DC=dsns
                          
                          # search reference
                          ref: ldap://nxbuter.dsns/CN=Configuration,DC=nxxxter,DC=dsns
                          
                          # search result
                          search: 2
                          result: 0 Success
                          
                          # numResponses: 4
                          # numReferences: 3
                          [2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(4):</dc=nxxxter,dc=dsns> 
                          
                          1 Reply Last reply Reply Quote 0
                          • marcellocM
                            marcelloc
                            last edited by

                            @Donny:

                            For ldap queries,you mean that I have to check at access.log.

                            I mean on a second console/ssh, run tcpdump on lan interface port 389 or host 172.31.21.10 and see if when you run sarg, it tries to search ldap

                            Treinamentos de Elite: http://sys-squad.com

                            Help a community developer! ;D

                            1 Reply Last reply Reply Quote 0
                            • DonnyD
                              Donny
                              last edited by

                              @marcelloc:

                              @Donny:

                              For ldap queries,you mean that I have to check at access.log.

                              I mean on a second console/ssh, run tcpdump on lan interface port 389 or host 172.31.21.10 and see if when you run sarg, it tries to search ldap

                              !!!!! Nothing happen when I run tcpdump with this -ni, -vi, -vvi
                              [2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(10): tcpdump -vvi em1 tcp port 389
                              tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 96 bytes

                              but sometime work and sometime not

                              Do I have to edit sarg.conf with more option enable?

                              1 Reply Last reply Reply Quote 0
                              • marcellocM
                                marcelloc
                                last edited by

                                @Donny:

                                Do I have to edit sarg.conf with more option enable?

                                All ldap options are configured on gui, but of course you can check if there is something missing.

                                Treinamentos de Elite: http://sys-squad.com

                                Help a community developer! ;D

                                1 Reply Last reply Reply Quote 0
                                • DonnyD
                                  Donny
                                  last edited by

                                  @marcelloc:

                                  @Donny:

                                  Do I have to edit sarg.conf with more option enable?

                                  All ldap options are configured on gui, but of course you can check if there is something missing.

                                  Hello Marcelloc,

                                  I don't see any sarg on > pfsense > Status. How can I config SARG on gui?

                                  I asked to edit sarg.conf because I just only enable some option on sarg.conf file and I think maybe some option is missing.

                                  Thank u

                                  1 Reply Last reply Reply Quote 0
                                  • marcellocM
                                    marcelloc
                                    last edited by

                                    @Donny:

                                    I don't see any sarg on > pfsense > Status. How can I config SARG on gui?

                                    status -> sarg reports????

                                    try to reinstall package, the menu is there

                                    Treinamentos de Elite: http://sys-squad.com

                                    Help a community developer! ;D

                                    1 Reply Last reply Reply Quote 0
                                    • DonnyD
                                      Donny
                                      last edited by

                                      @marcelloc:

                                      @Donny:

                                      I don't see any sarg on > pfsense > Status. How can I config SARG on gui?

                                      status -> sarg reports????

                                      try to reinstall package, the menu is there

                                      you mean from this:

                                      pkg_add -r http://e-sac.siteseguro.ws/packages/8/All/sarg-2.3.2_4.tbz

                                      1 Reply Last reply Reply Quote 0
                                      • marcellocM
                                        marcelloc
                                        last edited by

                                        No,

                                        system -> packages -> Available Packages  -> sarg

                                        Treinamentos de Elite: http://sys-squad.com

                                        Help a community developer! ;D

                                        1 Reply Last reply Reply Quote 0
                                        • DonnyD
                                          Donny
                                          last edited by

                                          @marcelloc:

                                          No,

                                          system -> packages -> Available Packages  -> sarg

                                          I understood now, form pfsense console, first just only delete SARGv.xxxx that it has installed before. After SARGv.xxxx deleted with this command  "pkg_delete sarg-x.x.x", SARG gui still remain on
                                          "Status > Sarg Reports". Then install sarg-2.3.2_4 from "pkg_add -r http://e-sac.siteseguro.ws/packages/8/All/sarg-2.3.2_4.tbz", that's it.
                                          Anyway SARG reports with full user name from LDAP still not work.

                                          Thank u

                                          1 Reply Last reply Reply Quote 0
                                          • DonnyD
                                            Donny
                                            last edited by

                                            Hello Marcello, I have some question I use sarg and squid proxy authentication with Ldap Windows 2008. When I use domain user name to login on Chrome or Firefox web browser, at system log I always get
                                            "DNS-rebind attack detected: xxxxter.dsns" . I always have this problem only I put internal DNS server IP address on System > General Setup> DNS Servers. I spend a lot of time to find out to solve this problem but never success. Is it possible to give me some suggestion where is this the problem coming from?

                                            Thank u

                                            Donny

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.