Sarg package for pfsense
-
SARG: Init
SARG: Loading configuration from /usr/local/etc/sarg/sarg.conf
SARG: Loading exclude host file from: /usr/local/etc/sarg/exclude_hosts.conf
SARG: Loading exclude file from: /usr/local/etc/sarg/exclude_users.conf
SARG: Reading host alias file "/usr/local/etc/sarg/hostalias"
SARG: List of host names to alias:
SARG: Deleting temporary directory "/tmp/sarg"
SARG: Parameters:
SARG: Hostname or IP address (-a) =
SARG: Useragent log (-b) =
SARG: Exclude file (-c) = /usr/local/etc/sarg/exclude_hosts.conf
SARG: Date from-until (-d) =
SARG: Email address to send reports (-e) =
SARG: Config file (-f) = /usr/local/etc/sarg/sarg.conf
SARG: Date format (-g) = Europe (dd/mm/yyyy)
SARG: IP report (-i) = No
SARG: Keep temporary files (-k) = No
SARG: Input log (-l) = /var/squid/logs/access.log
SARG: Resolve IP Address (-n) = No
SARG: Output dir (-o) = /usr/local/sarg-reports/
SARG: Use Ip Address instead of userid (-p) = No
SARG: Accessed site (-s) =
SARG: Time (-t) =
SARG: User (-u) =
SARG: Temporary dir (-w) = /tmp/sarg
SARG: Debug messages (-x) = Yes
SARG: Process messages (-z) = No
SARG: Previous reports to keep (–lastlog) = 0
SARG:
SARG: sarg version: 2.3.6 Arp-21-2013
SARG: Reading access log file: /var/squid/logs/access.log
SARG: Records in file: 99, reading: 100.00%
SARG: Records read: 99, written: 99, excluded: 0
SARG: Squid log format
SARG: Period: 09 Aug 2013
SARG: File /usr/local/sarg-reports/09Aug2013-09Aug2013 already exists, moved to /usr/local/sarg-reports/09Aug2013-09Aug2013.1
SARG: Sorting log /tmp/sarg/0.user_unsort
SARG: Making file: /tmp/sarg/0
SARG: Sorting log /tmp/sarg/1.user_unsort
SARG: Making file: /tmp/sarg/1
SARG: Sorting log /tmp/sarg/2.user_unsort
SARG: Making file: /tmp/sarg/2
SARG: Sorting log /tmp/sarg/3.user_unsort
SARG: Making file: /tmp/sarg/3
SARG: Sorting log /tmp/sarg/4.user_unsort
SARG: Making file: /tmp/sarg/4
SARG: Sorting log /tmp/sarg/5.user_unsort
SARG: Making file: /tmp/sarg/5
SARG: Sorting log /tmp/sarg/6.user_unsort
SARG: Making file: /tmp/sarg/6
SARG: Sorting log /tmp/sarg/7.user_unsort
SARG: Making file: /tmp/sarg/7
SARG: Sorting log /tmp/sarg/8.user_unsort
SARG: Making file: /tmp/sarg/8
SARG: Sorting log /tmp/sarg/9.user_unsort
SARG: Making file: /tmp/sarg/9
SARG: Cannot delete "/usr/local/sarg-reports/09Aug2013-09Aug2013/d8.html": No such file or directoryHi all!! I'm trying to run SARG. But when run it. i have this error. I tried to remove all files and remove sarg-reports directory. But still having with the same problem.
do you have Any idea what happening?
Thanks a lot!
-
Hi all,
I had this problem too:
" Error: Could not find report index file.
Check and save sarg settings and try to force sarg schedule."A working solution for me was :
Report Options :
user graphics
remove temporary files
generate the main index
generate the index tree
overwrite report
use comma instead pint in reports
show de downloaded volume ond date/time reportsReport to generate:
select all
Schedule :
Sarg args: -d
date +%d/%m/%Y
-date +%d/%m/%Y
frequency: 4hFORCE UPDATE NOW
and that-s it!
-
got the same error as the other folks around here. The link below fixed the issue.
http://sourceforge.net/p/sarg/discussion/363374/thread/ac055758/
basically, the "date_time_by" parameter on the config file does not have the value needed. Either use "date_time_by bytes" or just comment out the line.
-
Well I freshly installed Squid3 + HAVP and SARG reports and now I get this:
php: /pkg_edit.php: The command '/usr/pbi/sarg-i386/bin/sarg ' returned exit code '1', the output was 'SARG: Cannot set the locale LC_ALL to the environment variable'
Any idea?
Thanks!
-
Hello
Have you encountered this problem with sargI installed the package sarg
I adjusted it
It worked just fine
I do not know what I did
But somehow sarg generates only 10 reportsThe package is directed to a new report every hour
And maintain 24 Recent reports
When the 25th hour report comes the report of the of the first hour deletedNow for some reason
There are only 10 reports
Some old 5 daysWhat could be the problem?
http://forum.pfsense.org/index.php/topic,66031.0.html
Here is a screenshot of the same day I did the other screenshot from the first Message
Taken second screen is from today
According to settings the report should be maintained 24 hours and erased
As you can see it does not happen
First of all should be more reports
Second report Oldest supposed to be a 24 hour old
If the question disturbs thread
Please delete -
Hi,
upgrade to 2.1 and installing sarg
i can see in the system log:php: /pkg_edit.php: Sarg: force refresh now with args, compress() and none action after sarg finish.
php: /pkg_edit.php: The command '/usr/pbi/sarg-i386/bin/sarg ' returned exit code '1', the output was 'SARG: Cannot set the locale LC_ALL to the environment variable'But no report is generated
Does anybody know whats wrong ?
regards max -
I've updated package today to 0.6.2.
I'll test again if I missed something.
EDIT
my /usr/pbi/sarg-amd64/etc/sarg/sarg.conf is working fine :(
-
Hi,
i tried to run from ssh and i found out that (some) SARG:TAG: make troubles…
after set a comment # in front of a lot of tags it works now...have now only this TAG's
SARG: TAG: access_log /var/squid/logs/access.log SARG: TAG: output_dir /usr/local/sarg-reports SARG: TAG: resolve_ip no SARG: TAG: user_ip no SARG: TAG: index no SARG: TAG: overwrite_report no SARG: TAG: privacy no SARG: TAG: dansguardian_conf SARG: TAG: denied_report_limit 0 SARG: TAG: sorttable /sarg_sorttable.js SARG: Deleting temporary directory "/tmp/sarg"
(change something in the sarg config –> restore defect config )
It's realy hard to find out who is (are) the fault one.
But run from web i get still the "Cannot set the locale LC_ALL..." error
readers max
-
Hi,
months ago I configured sarg on a test fw proxy server with squid+squidguard.
I remember "denied sites" were "highlighted" on userid reports by the string "DENIED" placed on right side of denied url, outside the last column(%TIME).Now I cannot reproduce this feature on my production proxy.
I activated every log option on squid and squidguard: I can see denied sites on squidguard log, but no "DENIED" string appear on sarg report.
Moreover I can't find any "Denied sites" report despite I have enabled that option on "report to generate" section of general tab.Do you have any idea/same problem?
Thank you in advance -
Do you have any idea/same problem?
While using squidguard, all errors pages will be logged there.
Are your report set to squid or squidguard logs? -
Do you have any idea/same problem?
While using squidguard, all errors pages will be logged there.
Are your report set to squid or squidguard logs?Squidguard.
Meanwhile I answered to my question: DENIED "message" appear on sarg report only if the blocked site is in squid blacklist (Access control tab).
I forgot/I did not notice that. Sorry….It'd be nice if the same sarg feature was reproduced for squidguard blocked sites...
But if i do not get wrong sarg is a closed project.... -
You can have squidguard denied sites by squidguard by changing squidguard report and squid acl.
Squid3-dev package has this feature, take a look and see how to include it on your current config.
-
You can have squidguard denied sites by squidguard by changing squidguard report and squid acl.
Squid3-dev package has this feature, take a look and see how to include it on your current config.
Thanks Marcello!
Finally I get Squid3-dev, SquidGuard-squid3 and sarge to work:
1) after many install/uninstall squidguard started to work only after I selected the transparent proxy interface (not present in the previous squid installed version)
2) On sarge I had to change the squidguard.conf path to /usr/pbi/squidguard-squid3-amd64/etc/squidguard/squidguard.conf on /usr/pbi/sarg-amd64/etc/sarg/sarge.confNow I was trying to understand how to get "denied" sites… sorry but what do you mean by "by changing squidguard report and squid acl"? I can't find any "help" on forum..
Thank you in advance. -
Take a look on squid3-dev general tab
Follow instructions on field "Log denied pages by squidguard"
-
Hi there !
I have a problem with my Sarg 2.3.6_2 pkg v.0.6.3
Because of my network had many VLANS so i NAT them with a Internet IP, and I put the Pfsensen in edge of the Internet gateway router (next to)
In my Sarg's report , it can't be show the UserID mapping with IP , because these ips were NAT
So , How can i modify the output of report , can its show only UserID field ? guide me ?Thanks so much !
-
So , How can i modify the output of report , can its show only UserID field ? guide me ?
Do you have the usernames logged on you proxy log?
-
Do you have the usernames logged on you proxy log?
NO, there are no Usernames in proxy log, they appear with "-" instead of "Username"
Here is my log in /var/squid/logs/access.log
such as :
1385086726.539 483 192.168.10.10 TCP_MISS/200 1936 POST http://ocsp.thawte.com/ - DIRECT/199.7.52.72 application/ocsp-response
1385086730.465 9 192.168.10.10 TCP_MISS/200 2159 GET http://192.168.10.1/filebrowser/browser.php? - DIRECT/192.168.10.1 text/html
1385086731.484 873 192.168.10.10 TCP_MISS/200 5842 CONNECT vn.data.toolbar.yahoo.com:443 - DIRECT/206.190.42.32 -
1385086732.471 9 192.168.10.10 TCP_MISS/200 2864 GET http://192.168.10.1/filebrowser/browser.php? - DIRECT/192.168.10.1 text/html
1385086732.479 0 192.168.10.10 TCP_MISS/200 1088 GET http://192.168.10.1/filebrowser/images/file_system.gif - DIRECT/192.168.10.1 image/gif -
There is nothing sarg can do if squid logs does not have the client ip.
Look for logging X_forwarded_for info on squid.
This topic may help http://forum.pfsense.org/index.php/topic,54227.msg322323.html#msg322323 -
Yes, I have looked for many other way, but not found something good !
Here is my network :MultiVLAN <–-> Layer3Switch <----> FirewallCisco <----> InternetGW_router <-----> Pfsense (squid+sarg+lightsquid) <----> Internet
Should I change my position of Proxy ?? Where do I put ?
Thanks so much !
-
Enable nat ony on pfsense. Configure all other devices as routers