Sarg package for pfsense

sully

@Lectrician:

Now I don't get any reports generated, just the

"Error: Could not find report index file.
Check and save sarg settings and try to force sarg schedule."

error message.

I have checked and saved the settings a few times, tried to force the update, waited 24hr etc.

Any ideas how to get this back up and running?

What I have learned is to check the sarg config file, and manually edit the values to what you want and then force the update. If this works, then inspect the GUI and see what is setting values the give conflict. In my case it was a value that I had not set, but was written to the config and caused error.

Also you can look at the system log and see different errors sarg returns. Thats how I started tracking down my errors with sarg.

HTH.

Lectrician

I recall being here before now, and to fix it, I installed CRON, and edited the sarg entry.  The entry was for midnight, for the previous day, but was set for the actual day, so changing it to 23:59 gets it working again.

lou

SARG: Init
SARG: Loading configuration from /usr/local/etc/sarg/sarg.conf
SARG: Loading exclude host file from: /usr/local/etc/sarg/exclude_hosts.conf
SARG: Loading exclude file from: /usr/local/etc/sarg/exclude_users.conf
SARG: Reading host alias file "/usr/local/etc/sarg/hostalias"
SARG: List of host names to alias:
SARG: Deleting temporary directory "/tmp/sarg"
SARG: Parameters:
SARG:          Hostname or IP address (-a) =
SARG:                    Useragent log (-b) =
SARG:                    Exclude file (-c) = /usr/local/etc/sarg/exclude_hosts.conf
SARG:                  Date from-until (-d) =
SARG:    Email address to send reports (-e) =
SARG:                      Config file (-f) = /usr/local/etc/sarg/sarg.conf
SARG:                      Date format (-g) = Europe (dd/mm/yyyy)
SARG:                        IP report (-i) = No
SARG:            Keep temporary files (-k) = No
SARG:                        Input log (-l) = /var/squid/logs/access.log
SARG:              Resolve IP Address (-n) = No
SARG:                      Output dir (-o) = /usr/local/sarg-reports/
SARG: Use Ip Address instead of userid (-p) = No
SARG:                    Accessed site (-s) =
SARG:                            Time (-t) =
SARG:                            User (-u) =
SARG:                    Temporary dir (-w) = /tmp/sarg
SARG:                  Debug messages (-x) = Yes
SARG:                Process messages (-z) = No
SARG:  Previous reports to keep (–lastlog) = 0
SARG:
SARG: sarg version: 2.3.6 Arp-21-2013
SARG: Reading access log file: /var/squid/logs/access.log
SARG: Records in file: 99, reading: 100.00%
SARG:    Records read: 99, written: 99, excluded: 0
SARG: Squid log format
SARG: Period: 09 Aug 2013
SARG: File /usr/local/sarg-reports/09Aug2013-09Aug2013 already exists, moved to /usr/local/sarg-reports/09Aug2013-09Aug2013.1
SARG: Sorting log /tmp/sarg/0.user_unsort
SARG: Making file: /tmp/sarg/0
SARG: Sorting log /tmp/sarg/1.user_unsort
SARG: Making file: /tmp/sarg/1
SARG: Sorting log /tmp/sarg/2.user_unsort
SARG: Making file: /tmp/sarg/2
SARG: Sorting log /tmp/sarg/3.user_unsort
SARG: Making file: /tmp/sarg/3
SARG: Sorting log /tmp/sarg/4.user_unsort
SARG: Making file: /tmp/sarg/4
SARG: Sorting log /tmp/sarg/5.user_unsort
SARG: Making file: /tmp/sarg/5
SARG: Sorting log /tmp/sarg/6.user_unsort
SARG: Making file: /tmp/sarg/6
SARG: Sorting log /tmp/sarg/7.user_unsort
SARG: Making file: /tmp/sarg/7
SARG: Sorting log /tmp/sarg/8.user_unsort
SARG: Making file: /tmp/sarg/8
SARG: Sorting log /tmp/sarg/9.user_unsort
SARG: Making file: /tmp/sarg/9
SARG: Cannot delete "/usr/local/sarg-reports/09Aug2013-09Aug2013/d8.html": No such file or directory

Hi all!! I'm trying to run SARG. But when run it. i have this error. I tried to remove all files and remove sarg-reports directory. But still having with the same problem.

do you have Any idea what happening?

Thanks a lot!

scornaky

Hi all,

I had this problem too:
" Error: Could not find report index file.
Check and save sarg settings and try to force sarg schedule."

A working solution for me was :

Report Options :

user graphics
remove temporary files
generate the main index
generate the index tree
overwrite report
use comma instead pint in reports
show de downloaded volume ond date/time reports

Report to generate:

select all

Schedule :

Sarg args:  -d date +%d/%m/%Y-date +%d/%m/%Y
frequency: 4h

FORCE UPDATE NOW

and that-s it!

crashdump

got the same error as the other folks around here. The link below fixed the issue.

http://sourceforge.net/p/sarg/discussion/363374/thread/ac055758/

basically, the "date_time_by" parameter on the config file does not have the value needed. Either use "date_time_by bytes" or just comment out the line.

maverick_slo

Well I freshly installed Squid3 + HAVP and SARG reports and now I get this:

php: /pkg_edit.php: The command '/usr/pbi/sarg-i386/bin/sarg ' returned exit code '1', the output was 'SARG: Cannot set the locale LC_ALL to the environment variable'

Any idea?

Thanks!

firefox

Hello
Have you encountered this problem with sarg

I installed the package sarg
I adjusted it
It worked just fine
I do not know what I did
But somehow sarg generates only 10 reports

The package is directed to a new report every hour
And maintain 24 Recent reports
When the 25th hour report comes the report of the of the first hour deleted

Now for some reason
There are only 10 reports
Some old 5 days

What could be the problem?

http://forum.pfsense.org/index.php/topic,66031.0.html

Here is a screenshot of the same day I did the other screenshot from the first Message

Taken second screen is from today

According to settings the report should be maintained 24 hours and erased

As you can see it does not happen

First of all should be more reports

Second report Oldest supposed to be a 24 hour old

If the question disturbs thread
Please delete

MaxHeadroom

Hi,

upgrade to 2.1 and installing sarg
i can see in the  system log:

php: /pkg_edit.php: Sarg: force refresh now with args, compress() and none action after sarg finish.
php: /pkg_edit.php: The command '/usr/pbi/sarg-i386/bin/sarg ' returned exit code '1', the output was 'SARG: Cannot set the locale LC_ALL to the environment variable'

But no report is generated
Does anybody know whats wrong ?
regards max

marcelloc

I've updated package today to 0.6.2.

I'll test again if I missed something.

EDIT

my  /usr/pbi/sarg-amd64/etc/sarg/sarg.conf is working fine  :(

MaxHeadroom

Hi,
i tried to run from ssh and i found out that (some)  SARG:TAG:  make  troubles…
after set a comment # in front of a lot of tags it works now...

have now only this TAG's

SARG: TAG: access_log /var/squid/logs/access.log
SARG: TAG: output_dir /usr/local/sarg-reports
SARG: TAG: resolve_ip no
SARG: TAG: user_ip no
SARG: TAG: index no
SARG: TAG: overwrite_report no
SARG: TAG: privacy no
SARG: TAG: dansguardian_conf
SARG: TAG: denied_report_limit 0
SARG: TAG: sorttable /sarg_sorttable.js
SARG: Deleting temporary directory "/tmp/sarg"

(change something in the sarg config –> restore defect config )

It's realy hard to find out who is (are) the fault one.

But run from web i get still the "Cannot set the locale LC_ALL..." error

readers max

vielfede

Hi,
months ago I configured sarg on a test fw proxy server with squid+squidguard.
I remember "denied sites" were "highlighted" on userid reports by the string "DENIED" placed on right side of denied url, outside the last column(%TIME).

Now I cannot reproduce this feature on my production proxy.
I activated every log option on squid and squidguard: I can see denied sites on squidguard log, but no "DENIED" string appear on sarg report.
Moreover I can't find any "Denied sites" report despite I have enabled that option on "report to generate" section  of general tab.

Do you have any idea/same problem?
Thank you in advance

marcelloc

@vielfede:

Do you have any idea/same problem?

While using squidguard, all errors pages will be logged there.
Are your report set to squid or squidguard logs?

vielfede

@marcelloc:

@vielfede:

Do you have any idea/same problem?

While using squidguard, all errors pages will be logged there.
Are your report set to squid or squidguard logs?

Squidguard.

Meanwhile I answered to my question: DENIED "message" appear on sarg report only if the blocked site is in squid blacklist (Access control tab).
I forgot/I did not notice that. Sorry….

It'd be nice if the same sarg feature was reproduced for squidguard blocked sites...
But if i do not get wrong sarg is a closed project....

marcelloc

You can have squidguard denied sites by squidguard by changing squidguard report and squid acl.

Squid3-dev package has this feature, take a look and see how to include it on your current config.

vielfede

@marcelloc:

You can have squidguard denied sites by squidguard by changing squidguard report and squid acl.

Squid3-dev package has this feature, take a look and see how to include it on your current config.

Thanks Marcello!

Finally I get Squid3-dev, SquidGuard-squid3 and sarge to work:
1) after many install/uninstall squidguard started to work only after I selected the transparent proxy interface (not present in the previous squid installed version)
2) On sarge I had to change the squidguard.conf path to /usr/pbi/squidguard-squid3-amd64/etc/squidguard/squidguard.conf on  /usr/pbi/sarg-amd64/etc/sarg/sarge.conf

Now I was trying to understand how to get "denied" sites… sorry but what do you mean by "by changing squidguard report and squid acl"? I can't find any "help" on forum..
Thank you in advance.

marcelloc

Take a look on squid3-dev general tab

Follow instructions on field "Log denied pages by squidguard"

steel_dragon

Hi there !
I have a problem with my Sarg 2.3.6_2 pkg v.0.6.3
Because of my network had many VLANS so i NAT them with a Internet IP, and I put the Pfsensen in edge of the Internet gateway router (next to)
In my Sarg's report , it can't be show the UserID mapping with IP , because these ips were NAT
So , How can i modify the output of report , can its show only UserID field ? guide me ?

Thanks so much !

marcelloc

@steel_dragon:

So , How can i modify the output of report , can its show only UserID field ? guide me ?

Do you have the usernames logged on you proxy log?

steel_dragon

Do you have the usernames logged on you proxy log?

NO, there are no Usernames in proxy log, they appear with "-" instead of "Username"

Here is my log in /var/squid/logs/access.log

such as :

1385086726.539    483 192.168.10.10 TCP_MISS/200 1936 POST http://ocsp.thawte.com/ - DIRECT/199.7.52.72 application/ocsp-response
1385086730.465      9 192.168.10.10 TCP_MISS/200 2159 GET http://192.168.10.1/filebrowser/browser.php? - DIRECT/192.168.10.1 text/html
1385086731.484    873 192.168.10.10 TCP_MISS/200 5842 CONNECT vn.data.toolbar.yahoo.com:443 - DIRECT/206.190.42.32 -
1385086732.471      9 192.168.10.10 TCP_MISS/200 2864 GET http://192.168.10.1/filebrowser/browser.php? - DIRECT/192.168.10.1 text/html
1385086732.479      0 192.168.10.10 TCP_MISS/200 1088 GET http://192.168.10.1/filebrowser/images/file_system.gif - DIRECT/192.168.10.1 image/gif

marcelloc

There is nothing sarg can do if squid logs does not have the client ip.

Look for logging X_forwarded_for info on squid.
This topic may help http://forum.pfsense.org/index.php/topic,54227.msg322323.html#msg322323