SARG and Dansguardian problem
-
Hi,
I was able to setup SARG to view Dansguardian reports. If I do a force update I get an updated report. If I let the schedule go, no report is generated and the following errors are found in the system logs:
Nov 7 10:00:03 php: : The command 'export LC_ALL=C && /usr/local/bin/sarg ' returned exit code '1', the output was 'SARG: Records in file: 2956, reading: 0.00%^MSARG: getword loop detected after 11 bytes. SARG: Line="9107c8304014ef293005303f6c9f4ab0c.exe 39460 TCP_MISS/206 1015 """ SARG: Record="9107c8304014ef293005303f6c9f4ab0c.exe 39460 TCP_MISS/206 1015 """ SARG: searching for 'x9' SARG: There is a broken record or garbage in file /tmp/sarg/10_20_10_1.user_log SARG: Records in file: 2956, reading: 100.00%' Nov 7 10:00:01 php: : The command 'export LC_ALL=C && /usr/local/bin/sarg ' returned exit code '1', the output was 'SARG: Records in file: 2956, reading: 0.00%^Msort: open failed: /tmp/sarg/denied.int_unsort: No such file or directory SARG: sort command return status 2 SARG: sort command: sort -T "/tmp/sarg" -t " " -k 3,3 -k 5,5 -o "/tmp/sarg/denied.int_log" "/tmp/sarg/denied.int_unsort" SARG: Records in file: 2956, reading: 100.00%'
Any ideas?
-
Are you using squid log format on squid?
-
Dansguardian I had to set the log to Squid format.
For Squid, its a default install.. So I assume that the logs are in Squid format. -
Just a bit of an update. I may have found my problem. In trying to limit the scope of a report, I had put 24h(86400000) in the Max Elapsed filed. Reading that there were many problems with a 24h/1d period I changed it to 12h (43200000) and the reports worked.
However, my goal was to limit each report to the last 24/12h block of time. Having set Max Elapsed to 12h, I would assume the reports will only show the last 12h of usage, but my report still shows an untruncated time period. How do I fix this? Is using the Max Elapsed filed the correct way to do this? Do I need to set the logs to rotate in the schedule?
-
try this arg to create report using yesterday logs
TODAY: -d
date +%d/%m/%Y
YESTERDAY: -ddate -v-1d +%d/%m/%Y
WEEKAGO: -ddate -v-1w +%d/%m/%Y
-date -v-1d +%d/%m/%Y
MONTHAGO: -ddate -v-1m +01/%m/%Y
-`date -v-1m +31/%m/%Y -
I'll give that a try. What about the Max Elapsed setting? Do I just leave that at the default blank? Also should I set the schedule to rotate logs?
-
try this arg to create report using yesterday logs
TODAY: -d
date +%d/%m/%Y
YESTERDAY: -ddate -v-1d +%d/%m/%Y
WEEKAGO: -ddate -v-1w +%d/%m/%Y
-date -v-1d +%d/%m/%Y
MONTHAGO: -ddate -v-1m +01/%m/%Y
-`date -v-1m +31/%m/%YThis seemed to have fixed my problem. Though when I look at the system logs I seem to always get the following line:
php: : The command 'export LC_ALL=C && /usr/local/bin/sarg -d `date +%d/%m/%Y`-`date +%d/%m/%Y`' returned exit code '1', the output was 'SARG: Records in file: 17732, reading: 0.00%^MSARG: Records in file: 5000, reading: 28.20%^MSARG: Records in file: 10000, reading: 56.40%^MSARG: Records in file: 15000, reading: 84.59%^MSARG: Period covered by log files: 12/11/2013-12/11/2013 sort: open failed: /tmp/sarg/denied.int_unsort: No such file or directory SARG: sort command return status 2 SARG: sort command: sort -T "/tmp/sarg" -t " " -k 3,3 -k 5,5 -o "/tmp/sarg/denied.int_log" "/tmp/sarg/denied.int_unsort" SARG: Records in file: 17732, reading: 100.00%'
Is this something I should be worried about? How would I fix this?
-
Can you try to run sarg via console?
-
I could try to use the console, what commands would I need to run?
Funny thing is if I go to the schedule and do a "force update now", no errors are produced in the log.