Sarg package for pfsense
-
Hello Marcelloc
I have installed new build. Here is info.
[2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(9): pkg_info bsdinstaller-2.0.2011.1212 BSD Installer mega-package cyrus-sasl-2.1.25_1 RFC 2222 SASL (Simple Authentication and Security Layer) db41-4.1.25_4 The Berkeley DB package, revision 4.1 freetype2-2.4.7 A free and portable TrueType font rendering engine gd-2.0.35_7,1 A graphics library for fast creation of images gettext-0.18.1.1 GNU gettext package grub-0.97_4 GRand Unified Bootloader jpeg-8_3 IJG's jpeg compression utilities libiconv-1.13.1_1 A character set conversion library openldap-sasl-client-2.4.26 Open source LDAP client implementation with SASL2 support perl-5.12.4_3 Practical Extraction and Report Language pkg-config-0.25_1 A utility to retrieve information about installed libraries png-1.4.8 Library for manipulating PNG images sarg-2.3.2_4 Squid log analyzer and HTML report generator squid-3.1.19 HTTP Caching Proxy [2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(10):Thank u
-
Can you see if there's ldap queries during sarg reports with this latest version?
-
Can you see if there's ldap queries during sarg reports with this latest version?
I only got this version> [2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(10): sarg version: 2.3.2 Nov-23-2011
For ldap queries,you mean that I have to check at access.log.
When I use ldap search the result is 0 success:
[2.0.1-RELEASE][admin@xxxx.nxbuter.dsns]/root(3): ldapsearch -x -h 172.31.21.10 -p 389 -s sub -D "cn=Administrator,cn=Users,dc=nxxxter,dc=dsns" -w "SargLdapPassWord" -b "dc=nxxxter,DC=dsns" "(sAMAccountName=%s)" cn # extended LDIF # # LDAPv3 # base <dc=nxxxter,dc=dsns>with scope subtree # filter: (sAMAccountName=%s) # requesting: cn # # search reference ref: ldap://ForestDnsZones.nxxxter.dsns/DC=ForestDnsZones,DC=nxxxter,DC=dsns # search reference ref: ldap://DomainDnsZones.nxxxter.dsns/DC=DomainDnsZones,DC=nxxxter,DC=dsns # search reference ref: ldap://nxbuter.dsns/CN=Configuration,DC=nxxxter,DC=dsns # search result search: 2 result: 0 Success # numResponses: 4 # numReferences: 3 [2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(4):</dc=nxxxter,dc=dsns> -
For ldap queries,you mean that I have to check at access.log.
I mean on a second console/ssh, run tcpdump on lan interface port 389 or host 172.31.21.10 and see if when you run sarg, it tries to search ldap
-
For ldap queries,you mean that I have to check at access.log.
I mean on a second console/ssh, run tcpdump on lan interface port 389 or host 172.31.21.10 and see if when you run sarg, it tries to search ldap
!!!!! Nothing happen when I run tcpdump with this -ni, -vi, -vvi
[2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(10): tcpdump -vvi em1 tcp port 389
tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 96 bytesbut sometime work and sometime not
Do I have to edit sarg.conf with more option enable?
-
Do I have to edit sarg.conf with more option enable?
All ldap options are configured on gui, but of course you can check if there is something missing.
-
Do I have to edit sarg.conf with more option enable?
All ldap options are configured on gui, but of course you can check if there is something missing.
Hello Marcelloc,
I don't see any sarg on > pfsense > Status. How can I config SARG on gui?
I asked to edit sarg.conf because I just only enable some option on sarg.conf file and I think maybe some option is missing.
Thank u
-
I don't see any sarg on > pfsense > Status. How can I config SARG on gui?
status -> sarg reports????
try to reinstall package, the menu is there
-
I don't see any sarg on > pfsense > Status. How can I config SARG on gui?
status -> sarg reports????
try to reinstall package, the menu is there
you mean from this:
pkg_add -r http://e-sac.siteseguro.ws/packages/8/All/sarg-2.3.2_4.tbz
-
No,
system -> packages -> Available Packages -> sarg
-
No,
system -> packages -> Available Packages -> sarg
I understood now, form pfsense console, first just only delete SARGv.xxxx that it has installed before. After SARGv.xxxx deleted with this command "pkg_delete sarg-x.x.x", SARG gui still remain on
"Status > Sarg Reports". Then install sarg-2.3.2_4 from "pkg_add -r http://e-sac.siteseguro.ws/packages/8/All/sarg-2.3.2_4.tbz", that's it.
Anyway SARG reports with full user name from LDAP still not work.Thank u
-
Hello Marcello, I have some question I use sarg and squid proxy authentication with Ldap Windows 2008. When I use domain user name to login on Chrome or Firefox web browser, at system log I always get
"DNS-rebind attack detected: xxxxter.dsns" . I always have this problem only I put internal DNS server IP address on System > General Setup> DNS Servers. I spend a lot of time to find out to solve this problem but never success. Is it possible to give me some suggestion where is this the problem coming from?Thank u
Donny
-
Somebody posted these day a workaround for this, try to search on forum for dns rebind ad.
-
Somebody posted these day a workaround for this, try to search on forum for dns rebind ad.
No more ask again because I have 2 or 3 times posted.
Thank u very much Marcelloc
Donny
-
Hi marcelloc,
Great package. But how to manually delete the sarg reports?
My pfsense got problem with full hard disk error and the largest directory is from the sarg reports.
I forgot to use the rotate logs before.And what does Cache-in and Cache-out mean?
Thanks in advance.
-
Hi marcelloc,
Great package. But how to manually delete the sarg reports?
My pfsense got problem with full hard disk error and the largest directory is from the sarg reports.
I forgot to use the rotate logs before.Just delete reports on /usr/local/www/sarg-reports using rm on console/ssh.
-
Hi all,
Just published version 0.4.2 with fixes on squidguard log rotate and a faster boot startup process.
att,
Marcello Coutinho -
here it doesn't show realtime logs since latest upgrade.
anyone else with this problem?
-
Cannot generate anything at all.
Package has been removed, re-installed, directory deleted (under www), recreated, given write rights and still :
sarg -x
SARG: Init
SARG: Loading configuration from /usr/local/etc/sarg/sarg.conf
SARG: Loading exclude host file from: /usr/local/etc/sarg/exclude_hosts.conf
SARG: Loading exclude file from: /usr/local/etc/sarg/exclude_users.conf
SARG: Reading host alias file "/usr/local/etc/sarg/hostalias"
SARG: List of host names to alias:
SARG: Parameters:
SARG: Hostname or IP address (-a) =
SARG: Useragent log (-b) =
SARG: Exclude file (-c) = /usr/local/etc/sarg/exclude_hosts.conf
SARG: Date from-until (-d) =
SARG: Email address to send reports (-e) =
SARG: Config file (-f) = /usr/local/etc/sarg/sarg.conf
SARG: Date format (-g) = Europe (dd/mm/yyyy)
SARG: IP report (-i) = No
SARG: Input log (-l) = /var/squid/logs/access.log
SARG: Resolve IP Address (-n) = No
SARG: Output dir (-o) = /usr/local/www/sarg-reports/
SARG: Use Ip Address instead of userid (-p) = No
SARG: Accessed site (-s) =
SARG: Time (-t) =
SARG: User (-u) =
SARG: Temporary dir (-w) = /tmp/sarg
SARG: Debug messages (-x) = Yes
SARG: Process messages (-z) = No
SARG: Previous reports to keep (–lastlog) = 0
SARG:
SARG: sarg version: 2.3.2 Nov-23-2011
SARG: Reading access log file: /var/squid/logs/access.log
SARG: Records in file: 344851, reading: 100.00%
SARG: Records read: 344851, written: 344691, excluded: 0
SARG: Squid log format
SARG: Period: 06 Apr 2012-07 May 2012
SARG: pre-sorting files
SARG: File /usr/local/www/sarg-reports/2012/04-05/06-07 already exists, moved to /usr/local/www/sarg-reports/2012/04-05/06-07.2
SARG: cannot open /usr/local/www/sarg-reports/2012/04-05/06-07/sarg-date for writing
SARG:: No such file or directorysarg
SARG: Records in file: 344851, reading: 100.00%
SARG: Cannot delete /usr/local/www/sarg-reports/2012/04-05/06-07/d192_168_20_4.html - No such file or directory -
SARG: cannot open /usr/local/www/sarg-reports/2012/04-05/06-07/sarg-date for writing
SARG:: No such file or directory
SARG: Records in file: 344851, reading: 100.00%
SARG: Cannot delete /usr/local/www/sarg-reports/2012/04-05/06-07/d192_168_20_4.html - No such file or directoryYou have permission problems on your install, clean up(not remove) /usr/local/www/sarg-reports and try to run again.
