Sarg package for pfsense
-
Ok, I did some further tests. the sarg.inc is - as far as I tested it - correct.
But for squidguard it means:
If logging in squid is disabled then SARG cannot display only the blocked URL squidguard reported.
So in my situation I cannot use SARG because I am not allowed to have the squid access.log file. :(What changes you did to get squidguard working? can you push it ot github?
Try to point sarg to an access.empty.log file on squid config at sarg.inc. this may solve your problem.
-
Ok, I did some further tests. the sarg.inc is - as far as I tested it - correct.
But for squidguard it means:
If logging in squid is disabled then SARG cannot display only the blocked URL squidguard reported.
So in my situation I cannot use SARG because I am not allowed to have the squid access.log file. :(What changes you did to get squidguard working? can you push it ot github?
Try to point sarg to an access.empty.log file on squid config at sarg.inc. this may solve your problem.
I tried that with an access.log file which just contains some entries but this didn't help me on the SARG reports. It doesn't show me blocked entries newer than the access.log file entries.
So there isn't anything I could push on github ;-)
In general it is working with your config with squidguard but you need the access.log from squid. If this file isn't present and actual you cannot generate reports.
Is dansguardian doing that without squid access.log file ?
-
I have also run into the error that others are seeing:
Error: Could not find report index file.
Check and save sarg settings and try to force sarg schedule.Here's what I've done.
- Totally uninstalled Sarg pkg.
- Used "find" command to locate and remove every directory or file referencing sarg in the name.
- Upgraded to absolute latest (2nd release from today) pfsense package.
- Rebooted.
- Reinstalled Sarg.
- Selected all report options and report types on the Sarg page in pfsense.
- Hit Save.
- Set up a 1h schedule and saved it.
- Hit "force update" under the schedule.
ls -al /usr/local/sarg-reports/
total 4
drwxr-xr-x 2 root wheel 512 Dec 10 21:19 .
drwxr-xr-x 19 root wheel 512 Dec 10 21:19 ..No index file(s) of any kind appear there.
This is a drag. What does it take to get a simple package to just install and work the first time?
Does anyone have a solution on how to fix this manually?
Thanks in advance for any help you can offer.
ps - I did find this in system.log:
Dec 10 21:20:24 gw php: /pkg_edit.php: [sarg] sarg_xmlrpc_sync.php is starting.
Dec 10 21:20:32 gw php: /pkg_edit.php: Sarg: force refresh now with args, compress() and none action after sarg finish.
Dec 10 21:20:32 gw php: /pkg_edit.php: The command '/usr/pbi/sarg-i386/bin/sarg ' returned exit code '1', the output was 'SARG: Cannot set the locale LC_ALL to the environment variable' -
Caldwell, there is no bug on sarg package for squid and dansguardian logs.
just take a a look on forum for a working config that I'm using and check your squid access log config.
-
Nachtfalke,
Maybe a grep on squid log file for denied entries????
This way there will be only denied access to report.
Did you tried to select only denied sites on reports to generate?
-
Nachtfalke,
Maybe a grep on squid log file for denied entries????
This way there will be only denied access to report.
You think of a possibility that a script could do the grep on the access.log, just save the denied entries in a new file and delete the original one ?
Didn't try that but could be a possibility.Did you tried to select only denied sites on reports to generate?
Not sure if I did that. But I saw all sites so I suppose that I didn't try that. Perhaps I can try this if I find some spare time. I uninstalled SARG some days ago.
-
2.0.1-RELEASE (amd64)
Hello i'm getting this error on logs:
php: : The command '/usr/local/bin/sarg ' returned exit code '1', the output was 'SARG: Records in file: 16119722, reading: 0.00%^MSARG: Records in file: 5000, reading: 0.03%^MSARG: Records in file: 10000, reading: 0.06%^MSARG: Records in file: 15000, reading: 0.09%^MSARG: Records in file: 20000, reading: 0.12%^MSARG: Records in file: 25000, reading: 0.16%^MSARG: Records in file: 30000, reading: 0.19%^MSARG: Records in file: 35000, reading: 0.22%^MSARG: Records in file: 40000, reading: 0.25%^MSARG: Records in file: 45000, reading: 0.28%^MSARG: Records in file: 50000, reading: 0.31%^MSARG: Records in file: 55000, reading: 0.34%^MSARG: Records in file: 60000, reading: 0.37%^MSARG: Records in file: 65000, reading: 0.40%^MSARG: Records in file: 70000, reading: 0.43%^MSARG: Records in file: 75000, reading: 0.47%^MSARG: Records in file: 80000, reading: 0.50%^MSARG: Records in file: 85000, reading: 0.53%^MSARG: Records in file: 90000, reading: 0.56%^MSARG: Records in file: 95000, reading: 0.59%^MS
and when i try running sarg from console getting this log:
sarg
SARG: Records in file: 16121346, reading: 100.00%
sort: open failed: /tmp/sarg/denied.log.unsort: No such file or directory
SARG: sort command return status 2
SARG: sort command: sort -T "/tmp/sarg" -t " " -k 3,3 -k 5,5 -o "/tmp/sarg/denied.log" "/tmp/sarg/denied.log.unsort"i did reinstall
-
Hi, I just did a fresh installation of pfSense, then squid 2.7.9 pkg v.4.3.1 and after that Sarg 2.3.2 pkg v.0.6.1.
Running a simple report generation with "force update now" gives this output:
php: /pkg_edit.php: The command '/usr/local/bin/sarg ' returned exit code '1', the output was 'SARG: Records in file: 13455, reading: 0.00%^MSARG: Records in file: 5000, reading: 37.16%^MSARG: Records in file: 10000, reading: 74.32%^MSARG: cannot open /usr/local/sarg-reports/2013/01/18-19/sarg-date for writing SARG:: No such file or directory SARG: Records in file: 13455, reading: 100.00%'
Sarg created a folder at that time: /usr/local/sarg-reports/2013/01/18-19.5 with the content
drwxr-xr-x 2 root wheel 114176 Jan 19 16:00 192_168_24_10
drwxr-xr-x 2 root wheel 512 Jan 19 16:00 192_168_24_201
-rw-r–r-- 1 root wheel 1402 Jan 19 16:00 download.html.gz
-rw-r--r-- 1 root wheel 1581 Jan 19 16:00 index.html.gz
-rw-r--r-- 1 root wheel 22 Jan 19 16:00 sarg-date
-rw-r--r-- 1 root wheel 177652 Jan 19 16:00 sarg-general
-rw-r--r-- 1 root wheel 65450 Jan 19 16:00 sarg-sites
-rw-r--r-- 1 root wheel 2 Jan 19 16:00 sarg-users
-rw-r--r-- 1 root wheel 23027 Jan 19 16:00 siteuser.html.gz
-rw-r--r-- 1 root wheel 4893 Jan 19 16:00 topsites.html.gzSo I do not understand what to with "MSARG: cannot open /usr/local/sarg-reports/2013/01/18-19/sarg-date for writing SARG:: No such file or directory"
Can someone help me?
-
What sarg options did you selected on GUI? Did you tried to remove this report before running sarg again?
-
I only selected Report Options "Convert to IP address" and "Top Users" and "Top Sites" on the General Tab. The scheduled report has no Sarg args set.
No, I didn't try to remove a report. Tab "View Report" says always
Error: Could not find report index file.
Check and save sarg settings and try to force sarg schedule. -
Check config options. One you will need is create index file
-
Selected all options wich were default "(yes)". And - as expected - got: "Error: Could not find report index file. Check and save sarg settings and try to force sarg schedule."
As you can see in my first post, the index.html is there but cannot be found.
Today /usr/local/sarg-reports/18Jan2013-20Jan2013 contains
-rw-r–r-- 1 root wheel 1156 Jan 20 11:38 index.html.gz
-rw-r--r-- 1 root wheel 22 Jan 20 11:38 sarg-date
-rw-r--r-- 1 root wheel 408865 Jan 20 11:38 sarg-general
-rw-r--r-- 1 root wheel 100 Jan 20 11:38 topLog says today:
php: /pkg_edit.php: The command '/usr/local/bin/sarg ' returned exit code '1', the output was 'SARG: Records in file: 29632, reading: 0.00%^MSARG: Records in file: 5000, reading: 16.87%^MSARG: Records in file: 10000, reading: 33.75%^MSARG: Records in file: 15000, reading: 50.62%^MSARG: Records in file: 20000, reading: 67.49%^MSARG: Records in file: 25000, reading: 84.37%^MSARG: Cannot delete /usr/local/sarg-reports/18Jan2013-20Jan2013/d192_168_24_201.html - No such file or directory SARG: Records in file: 29632, reading: 100.00%' -
I did a fresh install of pfSense, squid 3 and Sarg, selected all Sarg default options and it works. Thanks for your effort anyway.
-
Raising a Necro-Thread instead of creating a new one.
Is there way to configure Sarg to show denied access reporting and what Proxy\Dans acl triggered it? Can that be done in the GUI or is it in CLI only?
Thanks!
-
Is there way to configure Sarg to show denied access reporting and what Proxy\Dans acl triggered it? Can that be done in the GUI or is it in CLI only?
Sarg only understands squid log format, so I think it sarg is not able to log what ACL denied a url.
Do you have a sarg config that does it?
-
Hi all,
I've just published sarg package for pfsense with squid,squidguard and dansguardian log Analysis as well real time report tab.
Squidguard functions are under devel yet but squid and dansguardians(as well as I tested) are working.
After almost everything done, I found an old sarg package published on forum by joaohf and merged some function calls from this old thread.
Another good point is that sarg is able to forward logs via email, so I'm planning to include it for nanobsd installs.
have fun and feedback! :)
att,
Marcello Coutinhoขอบคุณครับ (khob kun krub) Thank you verymuch
-
For over a week I've been trying to config SARG because sometimes it works and sometimes not.
The problem is: "SARG: Cannot set the locale LC_ALL to the environment variable".
Sometimes when I restart webconfigurator and in shell set LC_ALL: setenv LC_ALL "en_US" it works from webGUI,
but more often it does not work at all.Could you give me some trail where I can look for my mistakes, please?
Graphs should be generated from squid access log.
I can generate it from shell without any problem but not by command
"/usr/local/bin/php /usr/local/www/sarg.php 1"
it gives above error. -
what version of sarg and pfsense are you using?
-
Hello,
I have
2.1-BETA1 (amd64)
built on Wed Apr 10 18:48:44 EDT 2013
FreeBSD 8.3-RELEASE-p7squidGuard Network Management 1.4_4 pkg v.1.9.2
Lightsquid Network Report 1.8.2 pkg v.2.32
Sarg Network Report 2.3.2 pkg v.0.6.1
squid3 Network 3.1.20 pkg 2.0.6I get for View Report
Error: Could not find report index file.
Check and save sarg settings and try to force sarg schedule.In the system log
php: /pkg_edit.php: The command '/usr/pbi/sarg-amd64/bin/sarg ' returned exit code '1', the output was 'SARG: Cannot set the locale LC_ALL to the environment variable'Realtime works
-
I have also pfSense 2.1-BETA and the Sarg package 2.3.2 pkg v.0.6.1.
