Sarg package for pfsense

ilium007

Hi - the reports all work, that's not the issue. My problem is that you can access them with a direct URL with no authentication. Is there anyway to resolve this ? Cheers

marcelloc

Reports on /usar/local/www/sarg-reports are visible to everyone.

Since version 0.5 reports are saved on /usr/local/sarg-reports out of www http server.

Check what dirs you have and where new reports are being saved.

Also, enabling report compress, it will not be visible without php script that reads it.

ilium007

Cool - I will check tonight but even if I have both, how do I prevent reports being made into the publicly accessible directory. I don't want anyone able to access those reports.

marcelloc

Just move old reports to current sarg dir.

ilium007

Still having issues here !

The sarg-reports folder is in /usr/local (as shown below) but I log out of the pfsense console and then go to the URL:

http://pfsense.harland/sarg_frame.php?prevent=900651242816820700?

and can still see the reports with no authentication. What am doing wrong !!

[2.0.1-RELEASE][admin@pfSense.harland]/usr/local(35): ls -la
total 54
drwxr-xr-x  16 root  wheel    512 Sep 28 00:27 .
drwxr-xr-x  11 root  wheel    512 Mar 11  2012 ..
drwxr-xr-x   2 root  wheel   4608 Sep 28 00:26 bin
drwxr-xr-x   2 root  wheel    512 Mar 11  2012 captiveportal
drwxr-xr-x  18 root  wheel    512 Sep 28 00:24 etc
drwxr-xr-x  27 root  wheel   1536 Sep 28 00:26 include
drwxr-xr-x   2 root  wheel    512 Sep 26 16:43 info
drwxr-xr-x  16 root  wheel  12288 Sep 28 00:26 lib
drwxr-xr-x   5 root  wheel    512 Sep 28 00:24 libdata
drwxr-xr-x   5 root  wheel    512 Sep 26 20:31 libexec
drwxr-xr-x  28 root  wheel    512 Dec 13  2011 man
drwxr-xr-x   6 root  wheel   2560 Sep 28 00:26 pkg
drwxr-xr-x   4 root  wheel    512 Sep 28 00:27 sarg-reports
drwxr-xr-x   2 root  wheel   1536 Sep 28 00:24 sbin
drwxr-xr-x  38 root  wheel   1024 Sep 26 22:18 share
drwxr-xr-x  20 root  wheel   8192 Sep 28 00:27 www
[2.0.1-RELEASE][admin@pfSense.harland]/usr/local(36): ls -la ./www/sarg*
-rwxr-xr-x  1 root  wheel   2152 Sep 28 00:26 ./www/sarg.php
-rwxr-xr-x  1 root  wheel   4308 Sep 28 00:26 ./www/sarg_about.php
-rwxr-xr-x  1 root  wheel   3120 Sep 28 00:26 ./www/sarg_frame.php
-rwxr-xr-x  1 root  wheel   9739 Sep 28 00:26 ./www/sarg_realtime.php
-rwxr-xr-x  1 root  wheel   3314 Sep 28 00:26 ./www/sarg_reports.php
-rwxr-xr-x  1 root  wheel  16917 Sep 28 00:26 ./www/sarg_sorttable.js

./www/sarg-images:
total 26
drwxr-xr-x   3 root  wheel   512 Sep 28 00:27 .
drwxr-xr-x  20 root  wheel  8192 Sep 28 00:27 ..
-rw-r--r--   1 root  wheel   199 Sep 28 00:27 datetime.png
-rw-r--r--   1 root  wheel    95 Sep 28 00:27 graph.png
-rw-r--r--   1 root  wheel   291 Sep 28 00:27 sarg-squidguard-block.png
-rw-r--r--   1 root  wheel  7153 Sep 28 00:27 sarg.png
drwxr-xr-x   2 root  wheel   512 Sep 28 00:27 temp
[2.0.1-RELEASE][admin@pfSense.harland]/usr/local(37): 

marcelloc

@ilium007:

http://pfsense.harland/sarg_frame.php?prevent=900651242816820700?

and can still see the reports with no authentication. What am doing wrong !!

Now I got what you were accessing.

I'm checking sarg_frame.php code.

ilium007

Glad I am not going mad !!

marcelloc

Reinstall the package in 15 minutes and check if it's ok now.

Thanks for the feedback!  :)

ilium007

Will do !! Thanks !

periko

I had follow this package and read this thread, I had try sarg and works, but I have seen that cron run 2 jobs in my system.

I setup squid without any log rotate, but I see that my system rotate my logs twice.

Sep 29 23:00:02 gw php: : Sarg: force refresh now with  args, compress() and rotate action after sarg finish.
Sep 29 23:00:17 gw php: : executing squid log rotate after sarg.
Sep 30 00:00:01 gw php: : Sarg: force refresh now with  args, compress() and rotate action after sarg finish.
Sep 30 00:00:17 gw php: : executing squid log rotate after sarg.

I setup sarg to rotate at 23h, I have this on cron:

0  *  *  *  *  root  /usr/bin/nice -n20 newsyslog 
1,31  0-5  *  *  *  root  /usr/bin/nice -n20 adjkerntz -a 
1  3  1  *  *  root  /usr/bin/nice -n20 /etc/rc.update_bogons.sh 
*/60  *  *  *  *  root  /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout 
1  1  *  *  *  root  /usr/bin/nice -n20 /etc/rc.dyndns.update 
*/60  *  *  *  *  root  /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot 
30  12  *  *  *  root  /usr/bin/nice -n20 /etc/rc.update_urltables 
0  0  *  *  *  root  /bin/rm /var/squid/cache/swap.state; /usr/local/sbin/squid -k rotate 
*/15  *  *  *  *  root  /usr/local/pkg/swapstate_check.php 
0  */23  *  *  *  root  /usr/local/bin/php /usr/local/www/sarg.php 0

Why it run at 00:00?

sarg-2.3.2_2        Squid log analyzer and HTML report generator
squid-2.7.9_1      HTTP Caching Proxy

Any tip will be appreciate, thanks!!!

Tom70

Hi,

The daily report works great.
But what are the arguments for a weekly and a monthly report.

Tom

marcelloc

@Tom70:

But what are the arguments for a weekly and a monthly report.

google search could help a lot  ;).

I've  found this on http://lists.freebsd.org/pipermail/freebsd-ports/2005-November/027512.html

TODAY=$(date +%d/%m/%Y)
YESTERDAY=$(date -v-1d +%d/%m/%Y)
WEEKAGO=$(date -v-1w -v-1d +%d/%m/%Y)
MONTHAGO=$(date -v-1m -v-1d +%d/%m/%Y)
YEARAGO=$(date -v-1y -v-1d +%d/%m/%Y)

Tom70

@marcelloc:

google search could help a lot  ;).

I've  found this on http://lists.freebsd.org/pipermail/freebsd-ports/2005-November/027512.html

TODAY=$(date +%d/%m/%Y)
YESTERDAY=$(date -v-1d +%d/%m/%Y)
WEEKAGO=$(date -v-1w -v-1d +%d/%m/%Y)
MONTHAGO=$(date -v-1m -v-1d +%d/%m/%Y)
YEARAGO=$(date -v-1y -v-1d +%d/%m/%Y)

Hi Marcelloc

This page I had already found. But somehow it did not work.
But I get no errors.

Tom

marcelloc

Are you rotating the squid log?

Tom70

Yes. Every 60 days.

marcelloc

@Tom70:

Yes. Every 60 days.

did you tried  -d date -v-1w +%d/%m/%Y-date +%d/%m/%Y for a week report?

stramato

hi guys, i've been reading this thread. I just installed Sarg today.

I'm using Squid Transparent with SquidGuard. Just standard config, with log turned on (log rotate also).

I can view Realtime just fine, but I can't seem to generate a report when I try forcing a sched with the following args:

-d date +%d/%m/%Y-date +%d/%m/%Y

I just get this:

Error: Could not find report index file.
Check and save sarg settings and try to force sarg schedule.

Should I do anything special config to make it work?

marcelloc

@stramato:

Should I do anything special config to make it work?

yes, check all sarg config options, reports to generate and create a schedule to run.

Default sarg options has (yes) after it's description. Select all to create a default config.

stramato

@marcelloc:

@stramato:

Should I do anything special config to make it work?

yes, check all sarg config options, reports to generate and create a schedule to run.

Default sarg options has (yes) after it's description. Select all to create a default config.

Thank you. I had to simply select (ctrl+click to highlight) the config options then click save. I got confused because I thought they're already enabled since they already have a (yes) on them.

ckuecker

I have Sarg running on multiple pfsense boxes.  One of my boxes has about 100 users behind it and the report will only work for about the first 4 hours after I wipe out the squid logs.  After that I am guessing the squid log gets too big and the sarg report will no longer work.

I am using the -d arguments and I have tried limiting the number of users.

Any suggestions on how I can get sarg to accept a larger log file?