Sarg package for pfsense
-
Have any news over SARG reports with full usernames instead of user name logins?
No time to test yet.
Did you tried to run sarg on console with ldap info? did it returned any error?
-
Have any news over SARG reports with full usernames instead of user name logins?
No time to test yet.
Did you tried to run sarg on console with ldap info? did it returned any error?
Ok, I will try
Sarg detail from console. I could not find any returned error.
[2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(1): sarg SARG: Records in file: 2140, reading: 100.00% SARG: Successful report generated on /usr/local/www/sarg-reports/25Apr2012-25Apr 2012 [2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(2): sarg -z SARG: TAG: access_log /var/squid/logs/access.log SARG: TAG: graphs yes SARG: TAG: output_dir /usr/local/www/sarg-reports SARG: TAG: anonymous_output_files no SARG: TAG: resolve_ip no SARG: TAG: user_ip no SARG: TAG: topuser_sort_field BYTES NORMAL SARG: TAG: user_sort_field BYTES NORMAL SARG: TAG: exclude_users /usr/local/etc/sarg/exclude_users.conf SARG: TAG: exclude_hosts /usr/local/etc/sarg/exclude_hosts.conf SARG: TAG: date_format e SARG: TAG: lastlog 0 SARG: TAG: remove_temp_files yes SARG: TAG: index yes SARG: TAG: index_tree file SARG: TAG: overwrite_report yes SARG: TAG: use_comma yes SARG: TAG: exclude_codes /usr/local/etc/sarg/exclude_codes SARG: TAG: max_elapsed 0 SARG: TAG: report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads SARG: TAG: usertab none SARG: TAG: LDAPHost 172.31.21.10 SARG: TAG: LDAPBindDN cn=Administrator,cn=Users,dc=nxxxter,dc=dsns SARG: TAG: LDAPBindPW MyLdapPassWord SARG: TAG: LDAPBaseSearch dc=nxxxter,dc=dsns SARG: TAG: LDAPFilterSearch sAMAccountName=%s SARG: TAG: long_url no SARG: TAG: date_time_by bytes SARG: TAG: charset UTF-8 SARG: TAG: privacy no SARG: TAG: bytes_in_sites_users_report no SARG: TAG: topuser_num 0 SARG: TAG: dansguardian_conf SARG: TAG: show_sarg_info no SARG: TAG: show_sarg_logo no SARG: TAG: displayed_values bytes SARG: TAG: authfail_report_limit 0 SARG: TAG: denied_report_limit 0 SARG: TAG: siteusers_report_limit 0 SARG: TAG: user_report_limit 0 SARG: TAG: www_document_root /usr/local/www SARG: TAG: ntlm_user_format domainname+username SARG: TAG: realtime_refresh_time 0 SARG: TAG: realtime_types GET,PUT,CONNECT SARG: TAG: realtime_unauthenticated_records show SARG: TAG: sorttable /sarg_sorttable.js SARG: TAG: hostalias /usr/local/etc/sarg/hostalias SARG: Records in file: 2140, reading: 100.00% SARG: (info) date=25/04/2012 SARG: (info) period=25 Apr 2012 SARG: (info) outdirname=/usr/local/www/sarg-reports/25Apr2012-25Apr2012 SARG: (info) Dansguardian report not produced because no dansguardian configuration file was provided SARG: (info) No redirector logs provided to produce that kind of report SARG: (info) Downloaded files report not generated as it is empty SARG: (info) Denied report not produced because it is empty SARG: (info) Redirector report not generated because it is empty SARG: Successful report generated on /usr/local/www/sarg-reports/25Apr2012-25Apr2012 [2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(3):[2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(9): sarg -x SARG: Init SARG: Loading configuration from /usr/local/etc/sarg/sarg.conf SARG: Loading exclude host file from: /usr/local/etc/sarg/exclude_hosts.conf SARG: Loading exclude file from: /usr/local/etc/sarg/exclude_users.conf SARG: Reading host alias file "/usr/local/etc/sarg/hostalias" SARG: List of host names to alias: SARG: Parameters: SARG: Hostname or IP address (-a) = SARG: Useragent log (-b) = SARG: Exclude file (-c) = /usr/local/etc/sarg/exclude_hosts.conf SARG: Date from-until (-d) = SARG: Email address to send reports (-e) = SARG: Config file (-f) = /usr/local/etc/sarg/sarg.conf SARG: Date format (-g) = Europe (dd/mm/yyyy) SARG: IP report (-i) = No SARG: Input log (-l) = /var/squid/logs/access.log SARG: Resolve IP Address (-n) = No SARG: Output dir (-o) = /usr/local/www/sarg-reports/ SARG: Use Ip Address instead of userid (-p) = No SARG: Accessed site (-s) = SARG: Time (-t) = SARG: User (-u) = SARG: Temporary dir (-w) = /tmp/sarg SARG: Debug messages (-x) = Yes SARG: Process messages (-z) = No SARG: Previous reports to keep (--lastlog) = 0 SARG: SARG: sarg version: 2.3.2 Nov-23-2011 SARG: Reading access log file: /var/squid/logs/access.log SARG: Records in file: 61, reading: 100.00% SARG: Records read: 61, written: 61, excluded: 0 SARG: Squid log format SARG: Period: 26 Apr 2012 SARG: pre-sorting files SARG: Making file: /tmp/sarg/noppy SARG: Sorting file: /tmp/sarg/noppy.utmp SARG: Making report: noppy SARG: Making index.html SARG: Successful report generated on /usr/local/www/sarg-reports/26Apr2012-26Apr2012 SARG: Purging temporary file sarg-general SARG: End -
I saw no ldap info on sarg output.
I'll check sarg compile options.
att,
Marcello Coutinho -
I've compiled latest sarg code,checked build output and found ldap info there
checking ldap.h usability... yes checking ldap.h presence... yes checking for ldap.h... yes checking for ldap_init in -lldap... yesCan you try this new build on your system/lab?
amd64
http://e-sac.siteseguro.ws/packages/amd64/8/All/sarg-2.3.2_4.tbzi386
http://e-sac.siteseguro.ws/packages/8/All/sarg-2.3.2_4.tbzOn console/ssh:
To list current sarg freebsd package use: pkg_info | grep -i sarg
To delete sarg freebsd package use: pkg_delete sarg_version_you_found
To install latest freebsd sarg package use: pkg_add -r http://above_url_with_correct_platformAlso check if you have openldap-sasl-client freebsd package installed too.
-
I've compiled latest sarg code,checked build output and found ldap info there
checking ldap.h usability... yes checking ldap.h presence... yes checking for ldap.h... yes checking for ldap_init in -lldap... yesCan you try this new build on your system/lab?
amd64
http://e-sac.siteseguro.ws/packages/amd64/8/All/sarg-2.3.2_4.tbzi386
http://e-sac.siteseguro.ws/packages/8/All/sarg-2.3.2_4.tbzOn console/ssh:
To list current sarg freebsd package use: pkg_info | grep -i sarg
To delete sarg freebsd package use: pkg_delete sarg_version_you_found
To install latest freebsd sarg package use: pkg_add -r http://above_url_with_correct_platformAlso check if you have openldap-sasl-client freebsd package installed too.
Hello Marcelloc, I already done it a little bit and I will test both of i386 and AMD 64 with my lab system and I inform you within today. Just wake up. Thank u very much, Donny
-
Hello Marcelloc
I have installed new build. Here is info.
[2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(9): pkg_info bsdinstaller-2.0.2011.1212 BSD Installer mega-package cyrus-sasl-2.1.25_1 RFC 2222 SASL (Simple Authentication and Security Layer) db41-4.1.25_4 The Berkeley DB package, revision 4.1 freetype2-2.4.7 A free and portable TrueType font rendering engine gd-2.0.35_7,1 A graphics library for fast creation of images gettext-0.18.1.1 GNU gettext package grub-0.97_4 GRand Unified Bootloader jpeg-8_3 IJG's jpeg compression utilities libiconv-1.13.1_1 A character set conversion library openldap-sasl-client-2.4.26 Open source LDAP client implementation with SASL2 support perl-5.12.4_3 Practical Extraction and Report Language pkg-config-0.25_1 A utility to retrieve information about installed libraries png-1.4.8 Library for manipulating PNG images sarg-2.3.2_4 Squid log analyzer and HTML report generator squid-3.1.19 HTTP Caching Proxy [2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(10):Thank u
-
Can you see if there's ldap queries during sarg reports with this latest version?
-
Can you see if there's ldap queries during sarg reports with this latest version?
I only got this version> [2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(10): sarg version: 2.3.2 Nov-23-2011
For ldap queries,you mean that I have to check at access.log.
When I use ldap search the result is 0 success:
[2.0.1-RELEASE][admin@xxxx.nxbuter.dsns]/root(3): ldapsearch -x -h 172.31.21.10 -p 389 -s sub -D "cn=Administrator,cn=Users,dc=nxxxter,dc=dsns" -w "SargLdapPassWord" -b "dc=nxxxter,DC=dsns" "(sAMAccountName=%s)" cn # extended LDIF # # LDAPv3 # base <dc=nxxxter,dc=dsns>with scope subtree # filter: (sAMAccountName=%s) # requesting: cn # # search reference ref: ldap://ForestDnsZones.nxxxter.dsns/DC=ForestDnsZones,DC=nxxxter,DC=dsns # search reference ref: ldap://DomainDnsZones.nxxxter.dsns/DC=DomainDnsZones,DC=nxxxter,DC=dsns # search reference ref: ldap://nxbuter.dsns/CN=Configuration,DC=nxxxter,DC=dsns # search result search: 2 result: 0 Success # numResponses: 4 # numReferences: 3 [2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(4):</dc=nxxxter,dc=dsns> -
For ldap queries,you mean that I have to check at access.log.
I mean on a second console/ssh, run tcpdump on lan interface port 389 or host 172.31.21.10 and see if when you run sarg, it tries to search ldap
-
For ldap queries,you mean that I have to check at access.log.
I mean on a second console/ssh, run tcpdump on lan interface port 389 or host 172.31.21.10 and see if when you run sarg, it tries to search ldap
!!!!! Nothing happen when I run tcpdump with this -ni, -vi, -vvi
[2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(10): tcpdump -vvi em1 tcp port 389
tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 96 bytesbut sometime work and sometime not
Do I have to edit sarg.conf with more option enable?
-
Do I have to edit sarg.conf with more option enable?
All ldap options are configured on gui, but of course you can check if there is something missing.
-
Do I have to edit sarg.conf with more option enable?
All ldap options are configured on gui, but of course you can check if there is something missing.
Hello Marcelloc,
I don't see any sarg on > pfsense > Status. How can I config SARG on gui?
I asked to edit sarg.conf because I just only enable some option on sarg.conf file and I think maybe some option is missing.
Thank u
-
I don't see any sarg on > pfsense > Status. How can I config SARG on gui?
status -> sarg reports????
try to reinstall package, the menu is there
-
I don't see any sarg on > pfsense > Status. How can I config SARG on gui?
status -> sarg reports????
try to reinstall package, the menu is there
you mean from this:
pkg_add -r http://e-sac.siteseguro.ws/packages/8/All/sarg-2.3.2_4.tbz
-
No,
system -> packages -> Available Packages -> sarg
-
No,
system -> packages -> Available Packages -> sarg
I understood now, form pfsense console, first just only delete SARGv.xxxx that it has installed before. After SARGv.xxxx deleted with this command "pkg_delete sarg-x.x.x", SARG gui still remain on
"Status > Sarg Reports". Then install sarg-2.3.2_4 from "pkg_add -r http://e-sac.siteseguro.ws/packages/8/All/sarg-2.3.2_4.tbz", that's it.
Anyway SARG reports with full user name from LDAP still not work.Thank u
-
Hello Marcello, I have some question I use sarg and squid proxy authentication with Ldap Windows 2008. When I use domain user name to login on Chrome or Firefox web browser, at system log I always get
"DNS-rebind attack detected: xxxxter.dsns" . I always have this problem only I put internal DNS server IP address on System > General Setup> DNS Servers. I spend a lot of time to find out to solve this problem but never success. Is it possible to give me some suggestion where is this the problem coming from?Thank u
Donny
-
Somebody posted these day a workaround for this, try to search on forum for dns rebind ad.
-
Somebody posted these day a workaround for this, try to search on forum for dns rebind ad.
No more ask again because I have 2 or 3 times posted.
Thank u very much Marcelloc
Donny
-
Hi marcelloc,
Great package. But how to manually delete the sarg reports?
My pfsense got problem with full hard disk error and the largest directory is from the sarg reports.
I forgot to use the rotate logs before.And what does Cache-in and Cache-out mean?
Thanks in advance.
