Sarg package for pfsense

ilium007

Cool - I will check tonight but even if I have both, how do I prevent reports being made into the publicly accessible directory. I don't want anyone able to access those reports.

marcelloc

Just move old reports to current sarg dir.

ilium007

Still having issues here !

The sarg-reports folder is in /usr/local (as shown below) but I log out of the pfsense console and then go to the URL:

http://pfsense.harland/sarg_frame.php?prevent=900651242816820700?

and can still see the reports with no authentication. What am doing wrong !!

[2.0.1-RELEASE][admin@pfSense.harland]/usr/local(35): ls -la
total 54
drwxr-xr-x  16 root  wheel    512 Sep 28 00:27 .
drwxr-xr-x  11 root  wheel    512 Mar 11  2012 ..
drwxr-xr-x   2 root  wheel   4608 Sep 28 00:26 bin
drwxr-xr-x   2 root  wheel    512 Mar 11  2012 captiveportal
drwxr-xr-x  18 root  wheel    512 Sep 28 00:24 etc
drwxr-xr-x  27 root  wheel   1536 Sep 28 00:26 include
drwxr-xr-x   2 root  wheel    512 Sep 26 16:43 info
drwxr-xr-x  16 root  wheel  12288 Sep 28 00:26 lib
drwxr-xr-x   5 root  wheel    512 Sep 28 00:24 libdata
drwxr-xr-x   5 root  wheel    512 Sep 26 20:31 libexec
drwxr-xr-x  28 root  wheel    512 Dec 13  2011 man
drwxr-xr-x   6 root  wheel   2560 Sep 28 00:26 pkg
drwxr-xr-x   4 root  wheel    512 Sep 28 00:27 sarg-reports
drwxr-xr-x   2 root  wheel   1536 Sep 28 00:24 sbin
drwxr-xr-x  38 root  wheel   1024 Sep 26 22:18 share
drwxr-xr-x  20 root  wheel   8192 Sep 28 00:27 www
[2.0.1-RELEASE][admin@pfSense.harland]/usr/local(36): ls -la ./www/sarg*
-rwxr-xr-x  1 root  wheel   2152 Sep 28 00:26 ./www/sarg.php
-rwxr-xr-x  1 root  wheel   4308 Sep 28 00:26 ./www/sarg_about.php
-rwxr-xr-x  1 root  wheel   3120 Sep 28 00:26 ./www/sarg_frame.php
-rwxr-xr-x  1 root  wheel   9739 Sep 28 00:26 ./www/sarg_realtime.php
-rwxr-xr-x  1 root  wheel   3314 Sep 28 00:26 ./www/sarg_reports.php
-rwxr-xr-x  1 root  wheel  16917 Sep 28 00:26 ./www/sarg_sorttable.js

./www/sarg-images:
total 26
drwxr-xr-x   3 root  wheel   512 Sep 28 00:27 .
drwxr-xr-x  20 root  wheel  8192 Sep 28 00:27 ..
-rw-r--r--   1 root  wheel   199 Sep 28 00:27 datetime.png
-rw-r--r--   1 root  wheel    95 Sep 28 00:27 graph.png
-rw-r--r--   1 root  wheel   291 Sep 28 00:27 sarg-squidguard-block.png
-rw-r--r--   1 root  wheel  7153 Sep 28 00:27 sarg.png
drwxr-xr-x   2 root  wheel   512 Sep 28 00:27 temp
[2.0.1-RELEASE][admin@pfSense.harland]/usr/local(37): 

marcelloc

@ilium007:

http://pfsense.harland/sarg_frame.php?prevent=900651242816820700?

and can still see the reports with no authentication. What am doing wrong !!

Now I got what you were accessing.

I'm checking sarg_frame.php code.

ilium007

Glad I am not going mad !!

marcelloc

Reinstall the package in 15 minutes and check if it's ok now.

Thanks for the feedback!  :)

ilium007

Will do !! Thanks !

periko

I had follow this package and read this thread, I had try sarg and works, but I have seen that cron run 2 jobs in my system.

I setup squid without any log rotate, but I see that my system rotate my logs twice.

Sep 29 23:00:02 gw php: : Sarg: force refresh now with  args, compress() and rotate action after sarg finish.
Sep 29 23:00:17 gw php: : executing squid log rotate after sarg.
Sep 30 00:00:01 gw php: : Sarg: force refresh now with  args, compress() and rotate action after sarg finish.
Sep 30 00:00:17 gw php: : executing squid log rotate after sarg.

I setup sarg to rotate at 23h, I have this on cron:

0  *  *  *  *  root  /usr/bin/nice -n20 newsyslog 
1,31  0-5  *  *  *  root  /usr/bin/nice -n20 adjkerntz -a 
1  3  1  *  *  root  /usr/bin/nice -n20 /etc/rc.update_bogons.sh 
*/60  *  *  *  *  root  /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout 
1  1  *  *  *  root  /usr/bin/nice -n20 /etc/rc.dyndns.update 
*/60  *  *  *  *  root  /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot 
30  12  *  *  *  root  /usr/bin/nice -n20 /etc/rc.update_urltables 
0  0  *  *  *  root  /bin/rm /var/squid/cache/swap.state; /usr/local/sbin/squid -k rotate 
*/15  *  *  *  *  root  /usr/local/pkg/swapstate_check.php 
0  */23  *  *  *  root  /usr/local/bin/php /usr/local/www/sarg.php 0

Why it run at 00:00?

sarg-2.3.2_2        Squid log analyzer and HTML report generator
squid-2.7.9_1      HTTP Caching Proxy

Any tip will be appreciate, thanks!!!

Tom70

Hi,

The daily report works great.
But what are the arguments for a weekly and a monthly report.

Tom

marcelloc

@Tom70:

But what are the arguments for a weekly and a monthly report.

google search could help a lot  ;).

I've  found this on http://lists.freebsd.org/pipermail/freebsd-ports/2005-November/027512.html

TODAY=$(date +%d/%m/%Y)
YESTERDAY=$(date -v-1d +%d/%m/%Y)
WEEKAGO=$(date -v-1w -v-1d +%d/%m/%Y)
MONTHAGO=$(date -v-1m -v-1d +%d/%m/%Y)
YEARAGO=$(date -v-1y -v-1d +%d/%m/%Y)

Tom70

@marcelloc:

google search could help a lot  ;).

I've  found this on http://lists.freebsd.org/pipermail/freebsd-ports/2005-November/027512.html

TODAY=$(date +%d/%m/%Y)
YESTERDAY=$(date -v-1d +%d/%m/%Y)
WEEKAGO=$(date -v-1w -v-1d +%d/%m/%Y)
MONTHAGO=$(date -v-1m -v-1d +%d/%m/%Y)
YEARAGO=$(date -v-1y -v-1d +%d/%m/%Y)

Hi Marcelloc

This page I had already found. But somehow it did not work.
But I get no errors.

Tom

marcelloc

Are you rotating the squid log?

Tom70

Yes. Every 60 days.

marcelloc

@Tom70:

Yes. Every 60 days.

did you tried  -d date -v-1w +%d/%m/%Y-date +%d/%m/%Y for a week report?

stramato

hi guys, i've been reading this thread. I just installed Sarg today.

I'm using Squid Transparent with SquidGuard. Just standard config, with log turned on (log rotate also).

I can view Realtime just fine, but I can't seem to generate a report when I try forcing a sched with the following args:

-d date +%d/%m/%Y-date +%d/%m/%Y

I just get this:

Error: Could not find report index file.
Check and save sarg settings and try to force sarg schedule.

Should I do anything special config to make it work?

marcelloc

@stramato:

Should I do anything special config to make it work?

yes, check all sarg config options, reports to generate and create a schedule to run.

Default sarg options has (yes) after it's description. Select all to create a default config.

stramato

@marcelloc:

@stramato:

Should I do anything special config to make it work?

yes, check all sarg config options, reports to generate and create a schedule to run.

Default sarg options has (yes) after it's description. Select all to create a default config.

Thank you. I had to simply select (ctrl+click to highlight) the config options then click save. I got confused because I thought they're already enabled since they already have a (yes) on them.

ckuecker

I have Sarg running on multiple pfsense boxes.  One of my boxes has about 100 users behind it and the report will only work for about the first 4 hours after I wipe out the squid logs.  After that I am guessing the squid log gets too big and the sarg report will no longer work.

I am using the -d arguments and I have tried limiting the number of users.

Any suggestions on how I can get sarg to accept a larger log file?

marcelloc

@ckuecker:

Any suggestions on how I can get sarg to accept a larger log file?

I have large files working fine.

try to run sarg on console to check what it returns.

ckuecker

@marcelloc:

@ckuecker:

Any suggestions on how I can get sarg to accept a larger log file?

I have large files working fine.

try to run sarg on console to check what it returns.

Seems to be working fine now.  I just need to figure out my schedule because, like others my report is pretty empty at 00:00.  I need to figure out Cron now.

I have highlighted what I am questioning.  Is this rotating my squid logs even after I have set them not to rotate?