Sarg package for pfsense
-
No,
system -> packages -> Available Packages -> sarg
I understood now, form pfsense console, first just only delete SARGv.xxxx that it has installed before. After SARGv.xxxx deleted with this command "pkg_delete sarg-x.x.x", SARG gui still remain on
"Status > Sarg Reports". Then install sarg-2.3.2_4 from "pkg_add -r http://e-sac.siteseguro.ws/packages/8/All/sarg-2.3.2_4.tbz", that's it.
Anyway SARG reports with full user name from LDAP still not work.Thank u
-
Hello Marcello, I have some question I use sarg and squid proxy authentication with Ldap Windows 2008. When I use domain user name to login on Chrome or Firefox web browser, at system log I always get
"DNS-rebind attack detected: xxxxter.dsns" . I always have this problem only I put internal DNS server IP address on System > General Setup> DNS Servers. I spend a lot of time to find out to solve this problem but never success. Is it possible to give me some suggestion where is this the problem coming from?Thank u
Donny
-
Somebody posted these day a workaround for this, try to search on forum for dns rebind ad.
-
Somebody posted these day a workaround for this, try to search on forum for dns rebind ad.
No more ask again because I have 2 or 3 times posted.
Thank u very much Marcelloc
Donny
-
Hi marcelloc,
Great package. But how to manually delete the sarg reports?
My pfsense got problem with full hard disk error and the largest directory is from the sarg reports.
I forgot to use the rotate logs before.And what does Cache-in and Cache-out mean?
Thanks in advance.
-
Hi marcelloc,
Great package. But how to manually delete the sarg reports?
My pfsense got problem with full hard disk error and the largest directory is from the sarg reports.
I forgot to use the rotate logs before.Just delete reports on /usr/local/www/sarg-reports using rm on console/ssh.
-
Hi all,
Just published version 0.4.2 with fixes on squidguard log rotate and a faster boot startup process.
att,
Marcello Coutinho -
here it doesn't show realtime logs since latest upgrade.
anyone else with this problem?
-
Cannot generate anything at all.
Package has been removed, re-installed, directory deleted (under www), recreated, given write rights and still :
sarg -x
SARG: Init
SARG: Loading configuration from /usr/local/etc/sarg/sarg.conf
SARG: Loading exclude host file from: /usr/local/etc/sarg/exclude_hosts.conf
SARG: Loading exclude file from: /usr/local/etc/sarg/exclude_users.conf
SARG: Reading host alias file "/usr/local/etc/sarg/hostalias"
SARG: List of host names to alias:
SARG: Parameters:
SARG: Hostname or IP address (-a) =
SARG: Useragent log (-b) =
SARG: Exclude file (-c) = /usr/local/etc/sarg/exclude_hosts.conf
SARG: Date from-until (-d) =
SARG: Email address to send reports (-e) =
SARG: Config file (-f) = /usr/local/etc/sarg/sarg.conf
SARG: Date format (-g) = Europe (dd/mm/yyyy)
SARG: IP report (-i) = No
SARG: Input log (-l) = /var/squid/logs/access.log
SARG: Resolve IP Address (-n) = No
SARG: Output dir (-o) = /usr/local/www/sarg-reports/
SARG: Use Ip Address instead of userid (-p) = No
SARG: Accessed site (-s) =
SARG: Time (-t) =
SARG: User (-u) =
SARG: Temporary dir (-w) = /tmp/sarg
SARG: Debug messages (-x) = Yes
SARG: Process messages (-z) = No
SARG: Previous reports to keep (–lastlog) = 0
SARG:
SARG: sarg version: 2.3.2 Nov-23-2011
SARG: Reading access log file: /var/squid/logs/access.log
SARG: Records in file: 344851, reading: 100.00%
SARG: Records read: 344851, written: 344691, excluded: 0
SARG: Squid log format
SARG: Period: 06 Apr 2012-07 May 2012
SARG: pre-sorting files
SARG: File /usr/local/www/sarg-reports/2012/04-05/06-07 already exists, moved to /usr/local/www/sarg-reports/2012/04-05/06-07.2
SARG: cannot open /usr/local/www/sarg-reports/2012/04-05/06-07/sarg-date for writing
SARG:: No such file or directorysarg
SARG: Records in file: 344851, reading: 100.00%
SARG: Cannot delete /usr/local/www/sarg-reports/2012/04-05/06-07/d192_168_20_4.html - No such file or directory -
SARG: cannot open /usr/local/www/sarg-reports/2012/04-05/06-07/sarg-date for writing
SARG:: No such file or directory
SARG: Records in file: 344851, reading: 100.00%
SARG: Cannot delete /usr/local/www/sarg-reports/2012/04-05/06-07/d192_168_20_4.html - No such file or directoryYou have permission problems on your install, clean up(not remove) /usr/local/www/sarg-reports and try to run again.
-
SARG: cannot open /usr/local/www/sarg-reports/2012/04-05/06-07/sarg-date for writing
SARG:: No such file or directory
SARG: Records in file: 344851, reading: 100.00%
SARG: Cannot delete /usr/local/www/sarg-reports/2012/04-05/06-07/d192_168_20_4.html - No such file or directoryYou have permission problems on your install, clean up(not remove) /usr/local/www/sarg-reports and try to run again.
Hi Marcelloc
What do you mean by clean ? rm -rf ?
-
What do you mean by clean ? rm -rf ?
could be a rm -rf /usr/local/www/sarg-reports/*
Please be carefull with rm.
-
What do you mean by clean ? rm -rf ?
could be a rm -rf /usr/local/www/sarg-reports/*
Please be carefull with rm.
Of course I'm :)
Here are results, negative I'm afraid
rm -rf /usr/local/www/sarg-reports/*
[2.0.1-RELEASE][root@xxx]/root(5): ls /usr/local/www/sarg-reports
[2.0.1-RELEASE][root@xxx]/root(6): sarg
SARG: Records in file: 344852, reading: 100.00%
SARG: Cannot delete /usr/local/www/sarg-reports/2012/04-05/06-07/d192_168_20_4.html - No such file or directory
[2.0.1-RELEASE][root@xxx]/root(7): -
Check options you selected on sarg gui and try again.
-
Hi there,
I think I found two minor bugs with the sarg configuration:
When configuring exclude strings, the resulting configuration entry looks like this:
exclude_string"testasd' # note the missing space and the wrong quote character at the end
Also, when setting exclude_codes, these are written to the correct configuration file (exclude_codes.conf), but in sarg.conf "exclude_code" (without the .conf", probably the default) is referenced.
Another side note / question:
I'm combining squid and squidGuard. This works quite good so far. My squidGuard config defines several ACLs. After generating some sample reports I noticed that blocked URLs are not marked as blocked in the Squid log file. At least not in the same way when "Plain Squid" would be blocking them. This throws Sarg off, and blocked URLs are included in the list of visited websites without a special marker that these were blocked / redirected.
Is there any way around that? I tried to remove these entries with exclude_strings or exclude_codes (to remove all 403 redirects) - which did not work because of the mentioned bugs. But aside from these options, is there any other way?
Thanks for the good work on the package btw!
Manuel
-
der.tale,
Thanks for your feedback. I've pushed version 0.4.2_1 with these fixes.
check if you can use exclude codes and exclude_string now.
att,
Marcello Coutinho -
Check options you selected on sarg gui and try again.
I have tried to enable and disable options in GUI, tried as well schedule forced.
Unfortunately still no go.Error is the same. -
miodzicho,
Try sarg with the same options I use.
att,
Marcello Coutinho
-
miodzicho,
Try sarg with the same options I use.
att,
Marcello CoutinhoMarcello, you are star :) It works as it should. Many thanks !
-
marcelloc,
thanks for the quick fix, it works now as expected!
der.tale
