Sarg package for pfsense
-
For ldap queries,you mean that I have to check at access.log.
I mean on a second console/ssh, run tcpdump on lan interface port 389 or host 172.31.21.10 and see if when you run sarg, it tries to search ldap
!!!!! Nothing happen when I run tcpdump with this -ni, -vi, -vvi
[2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(10): tcpdump -vvi em1 tcp port 389
tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 96 bytesbut sometime work and sometime not
Do I have to edit sarg.conf with more option enable?
-
Do I have to edit sarg.conf with more option enable?
All ldap options are configured on gui, but of course you can check if there is something missing.
-
Do I have to edit sarg.conf with more option enable?
All ldap options are configured on gui, but of course you can check if there is something missing.
Hello Marcelloc,
I don't see any sarg on > pfsense > Status. How can I config SARG on gui?
I asked to edit sarg.conf because I just only enable some option on sarg.conf file and I think maybe some option is missing.
Thank u
-
I don't see any sarg on > pfsense > Status. How can I config SARG on gui?
status -> sarg reports????
try to reinstall package, the menu is there
-
I don't see any sarg on > pfsense > Status. How can I config SARG on gui?
status -> sarg reports????
try to reinstall package, the menu is there
you mean from this:
pkg_add -r http://e-sac.siteseguro.ws/packages/8/All/sarg-2.3.2_4.tbz
-
No,
system -> packages -> Available Packages -> sarg
-
No,
system -> packages -> Available Packages -> sarg
I understood now, form pfsense console, first just only delete SARGv.xxxx that it has installed before. After SARGv.xxxx deleted with this command "pkg_delete sarg-x.x.x", SARG gui still remain on
"Status > Sarg Reports". Then install sarg-2.3.2_4 from "pkg_add -r http://e-sac.siteseguro.ws/packages/8/All/sarg-2.3.2_4.tbz", that's it.
Anyway SARG reports with full user name from LDAP still not work.Thank u
-
Hello Marcello, I have some question I use sarg and squid proxy authentication with Ldap Windows 2008. When I use domain user name to login on Chrome or Firefox web browser, at system log I always get
"DNS-rebind attack detected: xxxxter.dsns" . I always have this problem only I put internal DNS server IP address on System > General Setup> DNS Servers. I spend a lot of time to find out to solve this problem but never success. Is it possible to give me some suggestion where is this the problem coming from?Thank u
Donny
-
Somebody posted these day a workaround for this, try to search on forum for dns rebind ad.
-
Somebody posted these day a workaround for this, try to search on forum for dns rebind ad.
No more ask again because I have 2 or 3 times posted.
Thank u very much Marcelloc
Donny
-
Hi marcelloc,
Great package. But how to manually delete the sarg reports?
My pfsense got problem with full hard disk error and the largest directory is from the sarg reports.
I forgot to use the rotate logs before.And what does Cache-in and Cache-out mean?
Thanks in advance.
-
Hi marcelloc,
Great package. But how to manually delete the sarg reports?
My pfsense got problem with full hard disk error and the largest directory is from the sarg reports.
I forgot to use the rotate logs before.Just delete reports on /usr/local/www/sarg-reports using rm on console/ssh.
-
Hi all,
Just published version 0.4.2 with fixes on squidguard log rotate and a faster boot startup process.
att,
Marcello Coutinho -
here it doesn't show realtime logs since latest upgrade.
anyone else with this problem?
-
Cannot generate anything at all.
Package has been removed, re-installed, directory deleted (under www), recreated, given write rights and still :
sarg -x
SARG: Init
SARG: Loading configuration from /usr/local/etc/sarg/sarg.conf
SARG: Loading exclude host file from: /usr/local/etc/sarg/exclude_hosts.conf
SARG: Loading exclude file from: /usr/local/etc/sarg/exclude_users.conf
SARG: Reading host alias file "/usr/local/etc/sarg/hostalias"
SARG: List of host names to alias:
SARG: Parameters:
SARG: Hostname or IP address (-a) =
SARG: Useragent log (-b) =
SARG: Exclude file (-c) = /usr/local/etc/sarg/exclude_hosts.conf
SARG: Date from-until (-d) =
SARG: Email address to send reports (-e) =
SARG: Config file (-f) = /usr/local/etc/sarg/sarg.conf
SARG: Date format (-g) = Europe (dd/mm/yyyy)
SARG: IP report (-i) = No
SARG: Input log (-l) = /var/squid/logs/access.log
SARG: Resolve IP Address (-n) = No
SARG: Output dir (-o) = /usr/local/www/sarg-reports/
SARG: Use Ip Address instead of userid (-p) = No
SARG: Accessed site (-s) =
SARG: Time (-t) =
SARG: User (-u) =
SARG: Temporary dir (-w) = /tmp/sarg
SARG: Debug messages (-x) = Yes
SARG: Process messages (-z) = No
SARG: Previous reports to keep (–lastlog) = 0
SARG:
SARG: sarg version: 2.3.2 Nov-23-2011
SARG: Reading access log file: /var/squid/logs/access.log
SARG: Records in file: 344851, reading: 100.00%
SARG: Records read: 344851, written: 344691, excluded: 0
SARG: Squid log format
SARG: Period: 06 Apr 2012-07 May 2012
SARG: pre-sorting files
SARG: File /usr/local/www/sarg-reports/2012/04-05/06-07 already exists, moved to /usr/local/www/sarg-reports/2012/04-05/06-07.2
SARG: cannot open /usr/local/www/sarg-reports/2012/04-05/06-07/sarg-date for writing
SARG:: No such file or directorysarg
SARG: Records in file: 344851, reading: 100.00%
SARG: Cannot delete /usr/local/www/sarg-reports/2012/04-05/06-07/d192_168_20_4.html - No such file or directory -
SARG: cannot open /usr/local/www/sarg-reports/2012/04-05/06-07/sarg-date for writing
SARG:: No such file or directory
SARG: Records in file: 344851, reading: 100.00%
SARG: Cannot delete /usr/local/www/sarg-reports/2012/04-05/06-07/d192_168_20_4.html - No such file or directoryYou have permission problems on your install, clean up(not remove) /usr/local/www/sarg-reports and try to run again.
-
SARG: cannot open /usr/local/www/sarg-reports/2012/04-05/06-07/sarg-date for writing
SARG:: No such file or directory
SARG: Records in file: 344851, reading: 100.00%
SARG: Cannot delete /usr/local/www/sarg-reports/2012/04-05/06-07/d192_168_20_4.html - No such file or directoryYou have permission problems on your install, clean up(not remove) /usr/local/www/sarg-reports and try to run again.
Hi Marcelloc
What do you mean by clean ? rm -rf ?
-
What do you mean by clean ? rm -rf ?
could be a rm -rf /usr/local/www/sarg-reports/*
Please be carefull with rm.
-
What do you mean by clean ? rm -rf ?
could be a rm -rf /usr/local/www/sarg-reports/*
Please be carefull with rm.
Of course I'm :)
Here are results, negative I'm afraid
rm -rf /usr/local/www/sarg-reports/*
[2.0.1-RELEASE][root@xxx]/root(5): ls /usr/local/www/sarg-reports
[2.0.1-RELEASE][root@xxx]/root(6): sarg
SARG: Records in file: 344852, reading: 100.00%
SARG: Cannot delete /usr/local/www/sarg-reports/2012/04-05/06-07/d192_168_20_4.html - No such file or directory
[2.0.1-RELEASE][root@xxx]/root(7): -
Check options you selected on sarg gui and try again.