Sarg package for pfsense
-
Hi marcelloc
looks like sarg can't handle large entries on file /var/squidGuard/log/block.log
I don't want erase the file /var/squidGuard/log/block.log, could u help me?
php: /pkg_edit.php: The command '/usr/local/bin/sarg ' returned exit code '1', the output was 'SARG: Records in file: 27976, reading: 0.00%^MSARG: Records in file: 5000, reading: 17.87%^MSARG: Records in file: 10000, reading: 35.74%^MSARG: Records in file: 15000, reading: 53.62%^MSARG: Records in file: 20000, reading: 71.49%^MSARG: Records in file: 25000, reading: 89.36%^MSARG: Hour string too long in redirector log file /var/squidGuard/log/block.log SARG: Records in file: 27976, reading: 100.00%'
-
looks like sarg can't handle large entries on file /var/squidGuard/log/block.log
I don't want erase the file /var/squidGuard/log/block.log, could u help me?try to split this log or use sarg args to limit log search.
Hour string too long in redirector log file /var/squidGuard/log/block.log SARG: Records in file: 27976, reading: 100.00%'
I understand this error as some format error on log file/line not a too many records errors.
-
Thanks!
I've set the User_report_limit to 300 and rotate squidguard block log…
It's work for a while... than stopped sudenly again!
php: /pkg_edit.php: The command '/usr/local/bin/sarg ' returned exit code '1', the output was 'SARG: Records in file: 86169, reading: 0.00%^MSARG: Records in file: 5000, reading: 5.80%^MSARG: Records in file: 10000, reading: 11.61%^MSARG: Records in file: 15000, reading: 17.41%^MSARG: Records in file: 20000, reading: 23.21%^MSARG: Records in file: 25000, reading: 29.01%^MSARG: Records in file: 30000, reading: 34.82%^MSARG: Records in file: 35000, reading: 40.62%^MSARG: Records in file: 40000, reading: 46.42%^MSARG: Records in file: 45000, reading: 52.22%^MSARG: Records in file: 50000, reading: 58.03%^MSARG: Records in file: 55000, reading: 63.83%^MSARG: Records in file: 60000, reading: 69.63%^MSARG: Records in file: 65000, reading: 75.43%^MSARG: Records in file: 70000, reading: 81.24%^MSARG: Records in file: 75000, reading: 87.04%^MSARG: Records in file: 80000, reading: 92.84%^MSARG: Records in file: 85000, reading: 98.64%^MSARG: Successful report generated on /usr/local/sarg-reports/29May2
-
i did conf like you,http://forum.pfsense.org/index.php/topic,47765.165.html
its ok now ,thank you for great jobhello marcelloc,i got this error while testing sarg with squid and squidguard,and can't see reports on view report tab
Error: Could not find report index file.
Check and save sarg settings and try to force sarg schedule.php: : The command '/usr/local/bin/sarg ' returned exit code '1', the output was 'SARG: Records in file: 72216, reading: 0.00%^MSARG: Records in file: 5000, reading: 6.92%^MSARG: Records in file: 10000, reading: 13.85%^MSARG: Records in file: 15000, reading: 20.77%^MSARG: Records in file: 20000, reading: 27.69%^MSARG: Records in file: 25000, reading: 34.62%^MSARG: Records in file: 30000, reading: 41.54%^MSARG: Records in file: 35000, reading: 48.47%^MSARG: Records in file: 40000, reading: 55.39%^MSARG: Records in file: 45000, reading: 62.31%^MSARG: Records in file: 50000, reading: 69.24%^MSARG: Records in file: 55000, reading: 76.16%^MSARG: Records in file: 60000, reading: 83.08%^MSARG: Records in file: 65000, reading: 90.01%^MSARG: Records in file: 70000, reading: 96.93%^MSARG: Cannot delete /usr/local/sarg-reports/2012/06/12/debakim.html - No such file or directory SARG: Records in file: 72216, reading: 100.00%'
-
Is Sarg currently broken?
I am running Sarg on Squid2 logs, kept the default Report Options, selected all entries in Report to generate, and set up an hourly schedule.
After forcing the update, the View Report gives me:
Error: Could not find report index file.
Check and save sarg settings and try to force sarg schedule.{$dir}/{$url} in sarg_frame-php contains /usr/local/sarg-reports/index.html, which does not exist, but report files have been generated under /usr/local/sarg-reports/2012/07/26 which mirrors today's date.
Any suggestions what to do?
-
Is Sarg currently broken?
No, I have 6 working with latest version
{$dir}/{$url} in sarg_frame-php contains /usr/local/sarg-reports/index.html, which does not exist, but report files have been generated under /usr/local/sarg-reports/2012/07/26 which mirrors today's date.
Any suggestions what to do?
Did you selected "Generate the main index.html" option on gui?
I've attached a screenshot with my current setup.
-
Did you selected "Generate the main index.html" option on gui?
No, I didn't. Now that I did it, it is working.
Thanx.
-
Can somebody explain if I need to set up log rotation in the schedule or not? And how this works?
I have it set to default ( do nothing) in SAR and have my squid settings set to 186 days log rotation (aprox 6 months).
Do I need to use the log rotation of SARG as wel? What does it do exactly? Clean up my old logs?
-
Do I need to use the log rotation of SARG as wel?
No, just one log rotate is fine.
What does it do exactly? Clean up my old logs?
Rotate logs and keep last 10 rotated files.(access.log.0 access.log.1 access.log.2…)
att,
Marcello Coutinho -
Thanks for your reply.
Does it mean that it reads through the whole file everytime? So If I have it set to rotate in squid settings every 6 months will this cause it to be slow at generating the report?
-
Thanks for your reply.
Does it mean that it reads through the whole file everytime? So If I have it set to rotate in squid settings every 6 months will this cause it to be slow at generating the report?
Yes, you can use date arg in schedules, but sarg will read all file the same way looking for logs on that date range.
-
If I change the rotation to 1 month in squid settings? Will it "save" my old logs in SARG? So I can view the internet logs older than one month?
So.. if I set squid to rotate every 30 days, does SARG delete the old data? Or does it display the old logs (from the last months) even though they have been rotated? (renamed?)
-
If I change the rotation to 1 month in squid settings? Will it "save" my old logs in SARG? So I can view the internet logs older than one month?
yes
So.. if I set squid to rotate every 30 days, does SARG delete the old data? Or does it display the old logs (from the last months) even though they have been rotated? (renamed?)
no
-
Maybe a language barrier here.. but do you mean yes I can still view the older internet proxy logs (older than 30 days) in SARG even though I set it to rotate every 30 days in Squid?
-
Maybe a language barrier here.. but do you mean yes I can still view the older internet proxy logs (older than 30 days) in SARG even though I set it to rotate every 30 days in Squid?
yes, you can. Sarg create html static reports on /usr/local/sarg-reports.
If you delete your squid logs, reports will be there.
if you run sarg after rotating logs, old reports will not be deleted. -
Hi.
I am struggling to get Sarg to work for me with Squid.
I initially created some reports, and they showed many users, everything seemed fine.
Now, if I click to create logs on the schedule (force), using a wide date range, I get just one user in the report? I know there is more activity than that!
I tried to delete sarg (and used file manager to delete sarg folders I could see), reinstalled (it seemed to still remember my settings), but now I just get:
Error: Could not find report index file.
Check and save sarg settings and try to force sarg schedule.when I try to view reports (after trying to force them again). There are loads of log files in the squid log folder.
I set the schedule to 1d, rotate and restart, but it never seemed to create a report when I looked, only when I forced it?
What am I doing wrong?
Thanks :)
-
Check my config on previous thread page
http://forum.pfsense.org/index.php/topic,47765.msg277422.html#msg277422 -
Thanks.
My setup is similar to your screen shot, except I turn userid into IP address. I have changed the config and resaved, but it still will not work correctly.
I managed to get it to create a single report, but the report shows 0 users and has nothing in it.
I then left it a few days and tried to create a new report in the same way but nothing appears on the report page?
Is it possible to remove the package completely and re-install? When I tried that, when reinstalling, it knew all my settings from the last time, so obviously did not fully uninstall? What files would I need to delete to have a completely clean re-install?
When you select "restart proxy" on the schedule, does this clear the squid logs?
Should the schedule run every day if I enter 1d? When during the day would it?
Really struggling to get this going!
Cheers.
-
Is it possible to remove the package completely and re-install? When I tried that, when reinstalling, it knew all my settings from the last time, so obviously did not fully uninstall? What files would I need to delete to have a completely clean re-install?
There is no file to delete, all sarg settings stays on pfsense xml file.
When you select "restart proxy" on the schedule, does this clear the squid logs?
No, just a restart.
Should the schedule run every day if I enter 1d? When during the day would it?
It runs at 00:00 via cron job. You can install cron package to see it.
-
Thanks.
I can see it in Cron.
I am able to run the schedule fanualy (force button) and the reports do now create for the day, but the schedule is not working?
I have it set to do a report for the day each day.
Where do I look to see why it wont run on the schedule?
Thanks.
