SARG + E2guardian

ghislenidroid

@marcelloc
Apaguei o agendamento, informei os mesmos parametros.

Comparando os arquivos a principio não identifiquei diferenças.
Local do arquivo: /usr/local/etc/sarg/sarg.conf

jdsonc

Segue o arquivo antes de aplicar o agendamento.

# sarg.conf
#
# TAG:  access_log file
#       Where is the access.log
#       sarg -l file
#
access_log

# TAG: graphs yes|no
#       Use graphics where possible.
#           graph_days_bytes_bar_color blue|green|yellow|orange|brown|red
#
graphs yes
#graph_days_bytes_bar_color orange

# TAG:  graph_font
#       The full path to the TTF font file to use to create the graphs. It is required
#       if graphs is set to yes.
#
#graph_font /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf

# TAG:  title
#       Specify the title for html page.
#
#title "Squid User Access Reports"
title "E2guardian User Access Reports"
# TAG:  font_face
#       Specify the font for html page.
#
#font_face Tahoma,Verdana,Arial

# TAG:  header_color
#       Specify the header color
#
#header_color darkblue

# TAG:  header_bgcolor
#       Specify the header bgcolor
#
#header_bgcolor blanchedalmond

# TAG:  font_size
#       Specify the text font size
#
#font_size 9px

# TAG:  header_font_size
#       Specify the header font size
#
#header_font_size 9px

# TAG:  title_font_size
#       Specify the title font size
#
#title_font_size 11px

# TAG:  background_color
# TAG:  background_color
#       Html page background color
#
# background_color white

# TAG:  text_color
#       Html page text color
#
#text_color #000000

# TAG:  text_bgcolor
#       Html page text background color
#
#text_bgcolor lavender

# TAG:  title_color
#       Html page title color
#
#title_color green

# TAG:  logo_image
#       Html page logo.
#
#logo_image none

# TAG:  logo_text
#       Html page logo text.
#
#logo_text ""

# TAG:  logo_text_color
#       Html page logo texti color.
#
#logo_text_color #000000

# TAG:  logo_image_size
#       Html page logo image size.
#       width height
#
#image_size 80 45

# TAG:  background_image
#       Html page background image
#
#background_image none

# TAG:  password
#       User password file used by Squid authentication scheme
#       If used, generate reports just for those users.
#
#password none

# TAG:  temporary_dir
#       Temporary directory name for work files
#       sarg -w dir
#
#temporary_dir /tmp

# TAG:  output_dir
#       The reports will be saved in that directory
#       sarg -o dir
#
output_dir /usr/local/sarg-reports

# TAG:  anonymous_output_files yes/no
#       Use anonymous file and directory names in the report. If it is set to
#       no (the default), the user ID/IP/name is slightly mangled to create a
#       suitable file name to store the report of the user but the user's
#       identity can easily be guessed from the mangled name. If this option is
#       set, any file or directory belonging to the user is replaced by a short
#       number.  The purpose is to hide the identity of the user when looking
#       at the report file names but it may serve to shorten the path too.
#
anonymous_output_files no

# TAG:  output_email
#       Email address to send the reports. If you use this tag, no html reports will be generated.
#       sarg -e email
#
#output_email none

# TAG:  resolve_ip yes/no
#       Convert IP address to DNS name
#       sarg -n
resolve_ip no

# TAG:  user_ip yes/no
#       Use IP address instead of userid in reports.
#       sarg -p
user_ip no

# TAG:  topuser_sort_field field normal/reverse
#       Sort field for the Topuser Report.
#       Allowed fields: USER CONNECT BYTES TIME
#
topuser_sort_field BYTES normal

# TAG:  user_sort_field field normal/reverse
#       Sort field for the User Report.
#       Allowed fields: SITE CONNECT BYTES TIME
#
user_sort_field BYTES normal

# TAG:  exclude_users file
#       users within the file will be excluded from reports.
#       You can use indexonly to have only index.html file.
#
exclude_users /usr/local/etc/sarg/exclude_users.conf

# TAG:  exclude_hosts file
#       Hosts, domains or subnets will be excluded from reports.
#
#       Eg.: 192.168.10.10 - exclude this IP address only
#            192.168.10.0/24 - exclude entire subnet
#            host1.example.com - exclude this hostname only
#            *.example.com - exclude entire domain
#
exclude_hosts /usr/local/etc/sarg/exclude_hosts.conf

# TAG:  useragent_log file
#       useragent.log file path to generate useragent report.
#
#useragent_log none

# TAG:  date_format
#       Date format in reports: e (European=dd/mm/yy), u (American=mm/dd/yy), w (Weekly=yy.ww)
#
#date_format u
date_format u

# TAG:  per_user_limit file MB
#       Saves userid on file if download exceed n MB.
#       This option allows you to disable user access if user exceeds a download limit.
#
#per_user_limit none

# TAG: lastlog n
#      How many reports files will be kept in reports directory.
#      The oldest report file will be automatically removed.
#      0 - no limit.
#
#lastlog 0
lastlog 0

# TAG: remove_temp_files yes
#      Remove temporary files from root report directory.
#
remove_temp_files yes

# TAG: index yes|no|only
#      Generate the main index.html.
#      only - generate only the main index.html
#
index yes

# TAG: index_tree date|file
#      How to generate the index.
#
index_tree file

# TAG: index_fields
#      The columns to show in the index of the reports
#      Columns are: dirsize
#
#index_fields dirsize

# TAG: overwrite_report yes|no
#      yes - if report date already exist it will be overwrited.
#       no - if report date already exist it will be renamed to filename.n, filename.n+1
#
overwrite_report yes

# TAG: records_without_userid ignore|ip|everybody
#      What can I do with records without user id (no authentication) in access.log file ?
#
#      ignore - This record will be ignored.
#          ip - Use IP address instead. (default)
#   everybody - Use "everybody" instead.
#
#records_without_userid ip

# TAG: use_comma no|yes
#      Use comma instead of dot in reports.
#      Eg.: use_comma yes => 23,450,110
#           use_comma no  => 23.450.110
#
use_comma yes

# TAG: mail_utility
#      Mail command to use to send reports via SMTP. Sarg calls it like this:
#         mail_utility -s "SARG report, date" "output_email" <"mail_content"
#
#      Therefore, it is possible to add more arguments to the command by specifying them
#      here.
#
#      If you need too, you can use a shell script to process the content of /dev/stdin
#      (/dev/stdin is the mail_content passed by Sarg to the script) and call whatever
#      command you like. It is not limited to mailing the report via SMTP.
#
#      Don't forget to quote the command if necessary (i.e. if the path contains
#      characters that must be quoted).
#
#mail_utility mailx

# TAG: topsites_num n
#      How many sites in topsites report.
#
#topsites_num 100

# TAG: topsites_sort_order CONNECT|BYTES|TIME A|D
#      Sort for topsites report, where A=Ascending, D=Descending
#
#topsites_sort_order CONNECT D

# TAG: index_sort_order A/D
#      Sort for index.html, where A=Ascending, D=Descending
#
#index_sort_order D

# TAG: exclude_codes file
#      Ignore records with these Squid return codes. Eg.: NONE/400
#      Write one code per line. Lines starting with a # are ignored.
#      Only codes matching exactly one of the line is rejected. The
#      comparison is not case sensitive.
#
exclude_codes /usr/local/etc/sarg/exclude_codes

# TAG: replace_index string
#      Replace "index.html" in the main index file with this string
#      If null, "index.html" is used
#
#replace_index <?php echo str_replace(".", "_", ); echo ".html"; ?>

# TAG: max_elapsed milliseconds
#      If elapsed time recorded in log is greater than max_elapsed, use 0 for elapsed time.
#      Use 0 for no checking
#
#max_elapsed 28800000
# 8 Hours
max_elapsed 0

# TAG: report_type type
#      What kind of reports to generate.
#      topusers            - users, sites, times, bytes, connects, links to accessed sites, etc.
#      topsites            - site, connect and bytes report
#      sites_users         - users and sites report
#      users_sites         - accessed sites by the user report
#      date_time           - bytes used per day and hour report
#      denied              - denied sites with full URL report
#      auth_failures       - autentication failures report
#      site_user_time_date - sites, dates, times and bytes report
#      downloads           - downloads per user report
#
#      Eg.: report_type topsites denied
#
#report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads

# TAG: usertab filename
#      You can change the "userid" or the "IP address" to be a real user name on the reports.
#      If resolve_ip is active, the IP address is resolved before being looked up in this
#      file. That is, if you want to map the ip address, be sure to set resolve_ip to no or
#      the resolved name will be looked up in the file instead of the IP address. Note that
#      it can be used to resolve any IP address known to the DNS and then map the unresolved
#      IP addresses to a name found in the usertab file.
#      Table syntax:
#               userid name   or   ip address name
#      Eg:
#               SirIsaac Isaac Newton
#               vinci Leonardo da Vinci
#               192.168.10.1 Karol Wojtyla
#
#      Each line must be terminated with '\ n'
#      If usertab is set to value "ldap" (case ignored), user names
#      will be taken from LDAP server. Use this method to obtain usernames
#      LDAP / Active Directory.
#
#usertab none
usertab none

# TAG: LDAPHost hostname
#       FQDN or IP address of host with LDAP service or AD DC
#       default is '127.0.0.1'
#LDAPHost 127.0.0.1


# TAG: LDAPPort port
#       LDAP service port number
#       default is '389'
#LDAPPort 389


# TAG: LDAPBindDN CN=username,OU=group,DC=mydomain,DC=com
#       DN of the LDAP user who is authorized to the search the LDAP database
#       default is empty line
#LDAPBindDN cn=proxy,dc=mydomain,dc=local


# TAG: LDAPBindPW secret
#       Password for LDAPBindDN specified above.
#       default is empty line
#LDAPBindPW secret


# TAG: LDAPBaseSearch OU=users,DC=mydomain,DC=com
#       LDAP search base DN. The search base is the place in the hierarchical LDAP structure
#       where the search for user accounts starts.
#       default is empty line
#LDAPBaseSearch ou=users,dc=mydomain,dc=local


# TAG: LDAPFilterSearch (uid=%s)
#       Use this to filter the user login entries to be returned for a search operation in LDAP.
#       First founded record will be used
#       %s - will be changed to userlogins from access.log file
#       Search filter string can have up to 5 '%s' tags.
#       default value is '(uid=%s)'
#LDAPFilterSearch (uid=%s)


# TAG: LDAPTargetAttr attributename
#       Name of the attribute containing the login name of the user.
#       default value is 'cn'
#LDAPTargetAttr cn


# TAG: long_url yes|no
#      If yes, the full url is showed in report.
#      If no, only the site will be showed
#
#      YES option generate very big sort files and reports.
#
long_url no

# TAG: date_time_by bytes|elap
#      Date/Time reports show the downloaded volume or the elapsed time or both.
#
#date_time_by bytes
date_time_by bytes

# TAG: charset name
#      ISO 8859 is a full series of 10 standardized multilingual single-byte coded (8bit)
#      graphic character sets for writing in alphabetic languages
#      You can use the following charsets:
#               Latin1          - West European
#               Latin2          - Central and East European
#               Latin3          - Southeast European
#               Latin4          - Scandinavian/Baltic
#               Cyrillic
#               Arabic
#               Greek
#               Hebrew
#               Latin5          - Turkish
#               Latin6          - Lappish/Nordic/Eskimo
#               Windows-1251
#               Japan
#               Koi8-r
#               UTF-8
#
#charset Latin1
charset UTF-8

# TAG: user_invalid_char "&/"
#      Records that contain invalid characters in userid will be ignored by Sarg.
#
#user_invalid_char "&/"

# TAG: privacy yes|no
#      privacy_string "***.***.***.***"
#      privacy_string_color blue
#      In some countries the sysadm cannot see the visited sites by a restrictive law.
#      Using privacy 'yes', the visited url will be changes by privacy_string and the link
#      will be removed from reports.
#
privacy no
#privacy_string "***.***.***.***"
#privacy_string_color blue

# TAG: include_users "user1:user2:...:usern"
#      Reports will be generated only for listed users.
#
#include_users none


# TAG: exclude_string "string1:string2:...:stringn"
#      Records from access.log file that contain one of listed strings will be ignored.
#
#exclude_string none
exclude_string "e2gerror.php:[inet"
# TAG: show_successful_message yes|no
#      Shows "Successful report generated on dir" at end of process.
#
#show_successful_message yes

# TAG: show_read_statistics yes|no
#      Shows some reading statistics.
#
#show_read_statistics yes

# TAG: topuser_fields
#      Which fields must be in Topuser report.
#
#topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE

# TAG: user_report_fields
#      Which fields must be in User report.
#
#user_report_fields CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE

# TAG: bytes_in_sites_users_report yes|no
#      Bytes field must be in Site & Users Report ?
#
#bytes_in_sites_users_report no
bytes_in_sites_users_report no

# TAG: topuser_num n
#      How many users in topsites report. 0 = no limit
#
#topuser_num 0
topuser_num 0

# TAG: datafile file
#      Save the report results in a file to populate some database
#
#datafile none

# TAG: datafile_delimiter "     "
#      ascii character to use as a field separator in datafile
#
#datafile_delimiter ""

# TAG: datafile_fields all
#      Which data fields must be in datafile
#      user;date;time;url;connect;bytes;in_cache;out_cache;elapsed
#
#datafile_fields user;date;time;url;connect;bytes;in_cache;out_cache;elapsed


# TAG: datafile_url ip|name
#      Saves the URL as IP or name in datafile
#
#datafile_url ip

# TAG: weekdays
#      The weekdays to take into account ( Sunday->0, Saturday->6 )
# Example:
#weekdays 1-3,5
# Default:
#weekdays 0-6

# TAG: hours
#      The hours to take into account
# Example:
#hours 7-12,14,16,18-20
# Default:
#hours 0-23

# TAG: dansguardian_conf file
#      DansGuardian.conf file path
#      Generate reports from DansGuardian logs.
#      Use 'none' to disable it.
#      dansguardian_conf /usr/dansguardian/dansguardian.conf
#
dansguardian_conf

# TAG: dansguardian_filter_out_date on|off
#      This option replaces dansguardian_ignore_date (its name was not appropriate with respect to its action).
#      Note the change of parameter value compared to the old option.
#      'off' use the record even if its date is outside of the range found in the input log file.
#      'on'  use the record only if its date is in the range found in the input log file.
#
dansguardian_filter_out_date on

# TAG: squidguard_conf file
#      path to squidGuard.conf file
#      Generate reports from SquidGuard logs.
#      Use 'none' to disable.
#      You can use sarg -L filename to use an alternate squidGuard log.
#      squidguard_conf /usr/local/squidGuard/squidGuard.conf
#
squidguard_conf none

# TAG: redirector_log file
#      The location of the web proxy redirector log, such as one created by squidGuard or Rejik. The option
#      may be repeated up to 64 times to read multiple files.
#      If this option is specified, it takes precedence over squidguard_conf.
#      The command line option -L override this option.
#
#redirector_log /usr/local/squidGuard/var/logs/urls.log

# TAG: redirector_filter_out_date on|off
#      This option replaces squidguard_ignore_date and redirector_ignore_date (their names were not
#      appropriate with respect to their actions).
#      Note the change of parameter value compared to the old options.
#      'off' use the record even if its date is outside of the range found in the input log file.
#      'on'  use the record only if its date is in the range found in the input log file.
#
#redirector_filter_out_date on

# TAG: redirector_log_format
#      Format string for web proxy redirector logs.
#      This option was named squidguard_log_format before Sarg 2.3.
#      REJIK       #year#-#mon#-#day# #hour# #list#:#tmp# #ip# #user# #tmp#/#tmp#/#url#/#end#
#      SQUIDGUARD  #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#
#redirector_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#

# TAG: show_sarg_info yes|no
#      shows Sarg information and site path on each report bottom
#
show_sarg_info no

# TAG: show_sarg_logo yes|no
#      shows Sarg logo
#
show_sarg_logo no

# TAG: parsed_output_log directory
#      Saves the processed log in a Sarg format after parsing the squid log file.
#      This is a way to dump all of the data structures out, after parsing from
#      the logs (presumably this data will be much smaller than the log files themselves),
#      and pull them back in for later processing and merging with data from previous logs.
#
#parsed_output_log none

# TAG: parsed_output_log_compress /bin/gzip|/usr/bin/bzip2|nocompress
#      Command to run to compress sarg parsed output log. It may contain
#      options (such as -f to overwrite existing target file). The name of
#      the file to compresse is provided at the end of this
#      command line. Don't forget to quote things appropriately.
#
#parsed_output_log_compress /bin/gzip

# TAG: displayed_values bytes|abbreviation
#      how the values will be displayed in reports.
#      eg. bytes        -  209.526
#          abbreviation -  210K
#
#displayed_values bytes
displayed_values bytes

# Report limits
# TAG: authfail_report_limit n
# TAG: denied_report_limit n
# TAG: siteusers_report_limit n
# TAG: squidguard_report_limit n
# TAG: user_report_limit n
# TAG: dansguardian_report_limit n
# TAG: download_report_limit n
#      report limits (lines).
#      '0' no limit
#
#authfail_report_limit 10
authfail_report_limit 0
#denied_report_limit 10
denied_report_limit 0
#siteusers_report_limit 0
#squidguard_report_limit 10
#dansguardian_report_limit 10
#user_report_limit 10
#user_report_limit 50
siteusers_report_limit 0
user_report_limit 0
dansguardian_report_limit 0


# TAG: www_document_root dir
#     Where is your Web DocumentRoot
#     Sarg will create sarg-php directory with some PHP modules:
#     - sarg-squidguard-block.php - add urls from user reports to squidGuard DB
#
#www_document_root /var/www/html
www_document_root /usr/local/www

# TAG: block_it module_url
#     This tag allows you to pass urls from user reports to a cgi or php module,
#     to be blocked by some Squid acl.
#
#     Eg.: block_it /sarg-php/sarg-block-it.php
#     sarg-block-it is a php that will append a url to a flat file.
#     You must change /var/www/html/sarg-php/sarg-block-it to point to your file
#     in  variable, and chown to the httpd owner.
#
#     Sarg will pass http://module_url?url=url
#
#block_it none

# TAG: external_css_file path
#     Provide the path to an external CSS file to link into the HTML reports instead of
#     the inline CSS written by sarg when this option is not set.
#
#     In versions prior to 2.3, this used to be an absolute file name to
#     a file to include verbatim in each HTML page but, as it takes a lot of
#     space, version 2.3 switched to a link to an external CSS file.
#     Therefore, this option must contain the HTTP server path on which a client
#     browser may find the CSS file.
#
#     Sarg use theses style classes:
#       .logo           logo class
#       .info           sarg information class, align=center
#       .title_c        title class, align=center
#       .header_c       header class, align:center
#       .header_l       header class, align:left
#       .header_r       header class, align:right
#       .text           text class, align:right
#       .data           table text class, align:right
#       .data2          table text class, align:left
#       .data3          table text class, align:center
#       .link           link class
#
#     Sarg can be instructed to output the internal CSS it inline
#     into the reports with this command:
#
#        sarg --css
#
#     You can redirect the output to a file of your choice and edit
#     it to your liking.
#
#external_css_file none
# TAG: user_authentication yes|no
#     Allow user authentication in User Reports using .htaccess
#     Parameters:
#       AuthUserTemplateFile - The template to use to create the
#     .htaccess file. In the template, %u is replaced by the
#     user's ID for which the report is generated. The path of the
#     template is relative to the directory containing sarg
#     configuration file.
#
# user_authentication no
# AuthUserTemplateFile sarg_htaccess

# TAG: download_suffix "suffix,suffix,...,suffix"
#    file suffix to be considered as "download" in Download report.
#    Use 'none' to disable.
#
#download_suffix "zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,mp3,avi,mpg,mpeg"

# TAG: ulimit n
#    The maximum number of open file descriptors to avoid "Too many open files" error message.
#    You need to run Sarg as root to use ulimit tag.
#    If you run Sarg with a low privilege user, set to 'none' to disable ulimit
#
#ulimit 20000

# TAG: ntlm_user_format username|domainname+username
#      NTLM users format.
#
#ntlm_user_format domainname+username
ntlm_user_format domainname+username

# TAG: realtime_refresh_time num sec
#      How many seconds between auto refresh of the realtime report.
#      0 = disable
#
realtime_refresh_time 0

# TAG: realtime_access_log_lines num
#      How many last lines to get from access.log file
#
# realtime_access_log_lines 1000

# TAG: realtime_types: GET,PUT,CONNECT,ICP_QUERY,POST
#      Which records must be in realtime report.
#
realtime_types GET,PUT,CONNECT

# TAG: realtime_unauthenticated_records: ignore|show
#      What to do with unauthenticated records in realtime report.
#
#
realtime_unauthenticated_records show

# TAG: byte_cost value no_cost_limit
#      Cost per byte.
#      Eg. byte_cost 0.01 100000000
#           per byte cost      = 0.01
#           bytes with no cost = 100 Mb
#      0 = disable
#
# byte_cost 0.01 50000000

# TAG: squid24 on|off
#      Compatilibity with squid version <= 2.4 when using emulate_http_log on
#
# squid24 off

# TAG: sorttable path
#      The path to a javascript script to dynamically sort the tables.
#      The path is the link a browser must follow to find the script. For instance,
#      it may be http://www.myproxy.org/sorttable.js or just /sorttable.js if the script
#      is at the root of your web site.
#
#      If the path starts with "../" then it is assumed to be a relative
#      path and Sarg adds as many "../" as necessary to locate the js script from
#      the output directory. Therefore, ../../sorttable.js links to the javascript
#      one level above output_dir.
#
#      If this entry is set, each sortable table will have the "sortable" class set.
#      You may have a look at http://www.kryogenix.org/code/browser/sorttable/
#      for the implementation on which Sarg is based.
#
sorttable /sarg_sorttable.js

# TAG: hostalias
#      The name of a text file containing the host names (one per line) and the
#      optional alias to use in the report instead of that host name.
#      Host names may contain up to one wildcard denoted by a *. The wildcard
#      must not be at the end of the host name.
#      The host name may be followed by an optional alias; if no alias is provided,
#      the host name, including the wildcard, replaces any matching host name found
#      in the log.
#      Host names replaced by identical aliases are grouped together in the
#      reports.
#      IP addresses are supported and accept the CIDR notation both for IPv4 and
#      IPv6 addresses.
#
#      Example:
#      *.gstatic.com
#      mt*.google.com
#      *.myphone.microsoft.com
#      *.myphone.microsoft.com:443 *.myphone.microsoft.com:secure
#      *.freeav.net antivirus:freeav
#      *.mail.live.com
#      65.52.00.00/14 *.mail.live.com

ghislenidroid

@marcelloc executei o comando na shell e obtive o retorno

code
root: sarg -d `date -v-1w +%d/%m/%Y`-`date -v-1d +%d/%m/%Y`
SARG: Loop detected in getword after 256 bytes.
SARG: Line="1528476366.447    162 192.168.oa er TCP_MISS/204 0 GET"
SARG: Record="https://g.bing.com/uac/request?size=300x600;noperf=1;adclntid=1002;alias=SKYBRPT9;kvmsft_ext_inv_cd=br;kvmsft_muid=34c7d87a37d36b3b228dd3b733d36807;kvmsft_optout=1;kvmsft_sdkversion=8.9;kvpg=%2Fstatic.skypeassets%2Fadserver%2Fadloader-v2.html;kvugc=0;kvrefd=apps.skype.com;kvmn=SKYBRPT9;kvgrp=476601497;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=-180;grp=476601497 - DEFAULT_PARENT/ -"
SARG: searching for 'x20'
SARG: Invalid user ID in file "/var/log/e2guardian/access.log"

Pelo que pude ver, parece que é alguma ACL que mexi e não está sendo carregada corretamente pro relatório.

Edit:

Editei o access.log e retirei a linha que estava apresentando erro, observei então que trouxe

https://advergine.com/stat?&h=www.maxmilhas.com.br&t=0.9895906489163713
https://ch1-client-s.gateway.messenger.live.com
licitacoes/favorites.json
web/public/boletins/1172455570/followups/1417001659.json
[in.168.1.120 -- Esse eu corrigi na unha 

Depois rodei novamente o comando para gerar os relatórios da última semana.
Consegui criar o relatório, vou criar agora o agendamento para ser diário e atualizado a cada 30 minutos.

A dúvida agora, é saber como e porque carregou os dados/sites que citei acima.

ghislenidroid

Acompanhei o processo de atualização do SARG a cada 30 min e aparentemente está td ok.

jdsonc

Meu Sarg esta lendo os logs normalmente por enquanto, mas no SYSTEM LOGS do Pfsense ainda está gerando o erro a seguir.

nginx: 2018/06/14 13:47:05 [error] 46335#100130: *2872 open() "/usr/local/www/sarg_sorttable.js" failed (2: No such file or directory), client: 192.168.0.69, server: , request: "GET /sarg_sorttable.js HTTP/1.1", host: "192.168.0.1", referrer: "http://192.168.0.1/sarg_frame.php?prevent=446666891557765600?"

Q estranho....

clebermedina

Meu sarg esta funcionando perfeitamente, o unico porem e q ele parou de resolver os IP nos relatorio,

Mesmo no terminal quando roda sarg -n ele gera o relatorio com ips somente, alguem tem ideia de como resolver?

Obrigado

marcelloc

Mudou alguma opção de configuração?

clebermedina

@marcelloc não, eu so habilitei o pfblocker

clebermedina

quando pingo uma estação tipo estacao1.dominio no shell do pfsense ele resolve certo.

marcelloc

@clebermedina , Roda o sarg na console, ve se ele acusa algum erro ou dificuldade.

clebermedina

@marcelloc nenhuma pelo visto

sarg -xn
SARG: Init
SARG: Loading configuration from /usr/local/etc/sarg/sarg.conf
SARG: Chaining IP resolving module "dns"
SARG: Chaining IP resolving module "dns"
SARG: Loading exclude host file from: /usr/local/etc/sarg/exclude_hosts.conf
SARG: Loading exclude file from: /usr/local/etc/sarg/exclude_users.conf
SARG: Reading host alias file "/usr/local/etc/sarg/hostalias"
SARG: List of host names to alias:
SARG: Parameters:
SARG:           Hostname or IP address (-a) =
SARG:                    Useragent log (-b) =
SARG:                     Exclude file (-c) = /usr/local/etc/sarg/exclude_hosts.conf
SARG:                  Date from-until (-d) =
SARG:    Email address to send reports (-e) =
SARG:                      Config file (-f) = /usr/local/etc/sarg/sarg.conf
SARG:                      Date format (-g) = Europe (dd/mm/yyyy)
SARG:                        IP report (-i) = No
SARG:             Keep temporary files (-k) = No
SARG:                        Input log (-l) = /var/log/e2guardian/access.log
SARG:               Resolve IP Address (-n) = Yes
SARG:                       Output dir (-o) = /usr/local/sarg-reports/
SARG: Use Ip Address instead of userid (-p) = No
SARG:                    Accessed site (-s) =
SARG:                             Time (-t) =
SARG:                             User (-u) =
SARG:                    Temporary dir (-w) = /tmp/sarg
SARG:                   Debug messages (-x) = Yes
SARG:                 Process messages (-z) = No
SARG:  Previous reports to keep (--lastlog) = 0
SARG:
SARG: SARG version: 2.3.10 Apr-12-2015
SARG: Reading access log file: /var/log/e2guardian/access.log
SARG: Records in file: 27997, reading: 100.00%
SARG:    Records read: 27997, written: 27997, excluded: 0
SARG: Squid log format
SARG: Period: 14 Jun 2018
SARG: File "/usr/local/sarg-reports/14Jun2018-14Jun2018" already exists, moved to "/usr/local/                                                                                                                                               sarg-reports/14Jun2018-14Jun2018.2"
SARG: Sorting log /tmp/sarg/192_168_10_137.user_unsort
SARG: Making file /tmp/sarg/192_168_10_137
SARG: Sorting log /tmp/sarg/192_168_10_109.user_unsort
SARG: Making file /tmp/sarg/192_168_10_109
SARG: Sorting log /tmp/sarg/192_168_10_121.user_unsort
SARG: Making file /tmp/sarg/192_168_10_121
SARG: Sorting log /tmp/sarg/192_168_10_115.user_unsort
SARG: Making file /tmp/sarg/192_168_10_115
SARG: Sorting log /tmp/sarg/192_168_10_106.user_unsort
SARG: Making file /tmp/sarg/192_168_10_106
SARG: Sorting log /tmp/sarg/192_168_10_118.user_unsort
SARG: Making file /tmp/sarg/192_168_10_118
SARG: Sorting log /tmp/sarg/192_168_10_138.user_unsort
SARG: Making file /tmp/sarg/192_168_10_138
SARG: Sorting log /tmp/sarg/192_168_10_108.user_unsort
SARG: Making file /tmp/sarg/192_168_10_108
SARG: Sorting log /tmp/sarg/192_168_10_125.user_unsort
SARG: Making file /tmp/sarg/192_168_10_125
SARG: Sorting log /tmp/sarg/192_168_10_112.user_unsort
SARG: Making file /tmp/sarg/192_168_10_112
SARG: Sorting log /tmp/sarg/192_168_10_116.user_unsort
SARG: Making file /tmp/sarg/192_168_10_116
SARG: Sorting log /tmp/sarg/192_168_10_128.user_unsort
SARG: Making file /tmp/sarg/192_168_10_128
SARG: Sorting log /tmp/sarg/192_168_10_117.user_unsort
SARG: Making file /tmp/sarg/192_168_10_117
SARG: Sorting log /tmp/sarg/192_168_10_134.user_unsort
SARG: Making file /tmp/sarg/192_168_10_134
SARG: Sorting log /tmp/sarg/192_168_10_147.user_unsort
SARG: Making file /tmp/sarg/192_168_10_147
SARG: Sorting log /tmp/sarg/192_168_10_110.user_unsort
SARG: Making file /tmp/sarg/192_168_10_110
SARG: Sorting log /tmp/sarg/192_168_10_126.user_unsort
SARG: Making file /tmp/sarg/192_168_10_126
SARG: Sorting log /tmp/sarg/192_168_10_141.user_unsort
SARG: Making file /tmp/sarg/192_168_10_141
SARG: Sorting log /tmp/sarg/192_168_10_107.user_unsort
SARG: Making file /tmp/sarg/192_168_10_107
SARG: Sorting log /tmp/sarg/192_168_10_113.user_unsort
SARG: Making file /tmp/sarg/192_168_10_113
SARG: Using the dansguardian log file "/var/log/e2guardian/access.log" found in your configura                                                                                                                                               tion file "/usr/local/etc/e2guardian/e2guardian.conf"
SARG: Reading DansGuardian log file "/var/log/e2guardian/access.log"
SARG: Sorting file "/tmp/sarg/dansguardian.int_log"
SARG: Sorting file "/tmp/sarg/192_168_10_137.utmp"
SARG: Making report 192.168.10.137
SARG: Sorting file "/tmp/sarg/192_168_10_109.utmp"
SARG: Making report 192.168.10.109
SARG: Sorting file "/tmp/sarg/192_168_10_121.utmp"
SARG: Making report 192.168.10.121
SARG: Sorting file "/tmp/sarg/192_168_10_115.utmp"
SARG: Making report 192.168.10.115
SARG: Sorting file "/tmp/sarg/192_168_10_106.utmp"
SARG: Making report 192.168.10.106
SARG: Sorting file "/tmp/sarg/192_168_10_118.utmp"
SARG: Making report 192.168.10.118
SARG: Sorting file "/tmp/sarg/192_168_10_138.utmp"
SARG: Making report 192.168.10.138
SARG: Sorting file "/tmp/sarg/192_168_10_108.utmp"
SARG: Making report 192.168.10.108
SARG: Sorting file "/tmp/sarg/192_168_10_125.utmp"
SARG: Making report 192.168.10.125
SARG: Sorting file "/tmp/sarg/192_168_10_112.utmp"
SARG: Making report 192.168.10.112
SARG: Sorting file "/tmp/sarg/192_168_10_116.utmp"
SARG: Making report 192.168.10.116
SARG: Sorting file "/tmp/sarg/192_168_10_128.utmp"
SARG: Making report 192.168.10.128
SARG: Sorting file "/tmp/sarg/192_168_10_117.utmp"
SARG: Making report 192.168.10.117
SARG: Sorting file "/tmp/sarg/192_168_10_134.utmp"
SARG: Making report 192.168.10.134
SARG: Sorting file "/tmp/sarg/192_168_10_147.utmp"
SARG: Making report 192.168.10.147
SARG: Sorting file "/tmp/sarg/192_168_10_110.utmp"
SARG: Making report 192.168.10.110
SARG: Sorting file "/tmp/sarg/192_168_10_126.utmp"
SARG: Making report 192.168.10.126
SARG: Sorting file "/tmp/sarg/192_168_10_141.utmp"
SARG: Making report 192.168.10.141
SARG: Sorting file "/tmp/sarg/192_168_10_107.utmp"
SARG: Making report 192.168.10.107
SARG: Sorting file "/tmp/sarg/192_168_10_113.utmp"
SARG: Making report 192.168.10.113
SARG: Making index.html
SARG: Successful report generated on /usr/local/sarg-reports/14Jun2018-14Jun2018
SARG: Purging temporary file sarg-general
SARG: End

marcelloc

Se está gerando mais de uma vez por dia, marca a opção overwrite report. Isso vai gerar um único relatório do dia que vai "se completando" com o passar das horas.

a opção que resolve o nome das estações é Convert IP address to DNS name, ela está marcada?

clebermedina

Entao @marcelloc, eu entendo o funcionamento, a overwrite esta disabilitada para eu comparar os resultados nos testes

A opção Convert IP address to DNS name esta habilitada tambem.

O interessante e que parou de resolver do nada.

jdsonc

Meu sarg so atualiza os relatorios quando rodo o comando ...
sarg -nx no terminal, não esta atualizando com o schedule no cron.
Ja removi o pacote, ja reinstalei, removi todos os logs, exclui todos os diretorios do sarg e o mesmo problema continua.
Alguem tem ideia do que possa ser?

gahgon

Boa noite , realizei a instalação do e2g + sarg , e ocorre que não abre o relatório, segui os passos do topico e posto o conteudo do comando sarg-x via ssh

marcelloc

Roda o comando que esta agendado no cron e qual é a saída dele.

ghislenidroid

@marcelloc iniciei a validação do pacote UserAuth e agora ao rodar o Sarg está apresentando a mensagem

code
login as: /root: sarg -n
SARG: File "" not found

Vacilei em algum ponto?

marcelloc

Salva as configurações do sarg novamente.
Estou veriifcando esse bug do pacote sarg. em algum momento o sarg.conf é gerado sem a informação do log.

A Former User

@marcelloc Hello,

I installed e2Guardian5 with your guide to my pfsense 2.4.4 and than i found video of you for sarg package but i could not run sarg ?

i got this error via console with sarg -x ;

SARG: Init
SARG: Loading configuration from /usr/local/etc/sarg/sarg.conf
SARG: Chaining IP resolving module "dns"
SARG: Loading exclude host file from: /usr/local/etc/sarg/exclude_hosts.conf
SARG: Loading exclude file from: /usr/local/etc/sarg/exclude_users.conf
SARG: Reading host alias file "/usr/local/etc/sarg/hostalias"
SARG: List of host names to alias:
SARG: Deleting temporary directory "/tmp/sarg"
SARG: Parameters:
SARG: Hostname or IP address (-a) =
SARG: Useragent log (-b) =
SARG: Exclude file (-c) = /usr/local/etc/sarg/exclude_hosts.conf
SARG: Date from-until (-d) =
SARG: Email address to send reports (-e) =
SARG: Config file (-f) = /usr/local/etc/sarg/sarg.conf
SARG: Date format (-g) = Europe (dd/mm/yyyy)
SARG: IP report (-i) = No
SARG: Keep temporary files (-k) = No
SARG: Input log (-l) = /var/log/e2guardian/access.log
SARG: Resolve IP Address (-n) = Yes
SARG: Output dir (-o) = /usr/local/sarg-reports/
SARG: Use Ip Address instead of userid (-p) = Yes
SARG: Accessed site (-s) =
SARG: Time (-t) =
SARG: User (-u) =
SARG: Temporary dir (-w) = /tmp/sarg
SARG: Debug messages (-x) = Yes
SARG: Process messages (-z) = No
SARG: Previous reports to keep (--lastlog) = 0
SARG:
SARG: SARG version: 2.3.11 Jan-14-2018
SARG: Reading access log file: /var/log/e2guardian/access.log
SARG: Loop detected in getword_multisep after 30 bytes.
SARG: Line="2.168.70.204 http"
SARG: Record="//init-p01st.push.apple.com/bag - GET 8043 0 - 1 200 - 192.168.70.204 Default - - - - -"
SARG: searching for 'x20'
SARG: Invalid date in file "/var/log/e2guardian/access.log"

Could you share with me any idea ?

Thank you so much .

Also there is another problem how i can block file extensions for HTTPS protocol ? and there is one notification via pfsense E2guardian - is not a valid access denied url ... ? What is that meaning ? How can i solve ?

Thank you so much again .

hugolrb

@marcelloc So pra constar e ajudar na comunidade
Usando o Pfsense 2.5 deu o erro tambem.
Fiz conforme o amigo instruiu: deleteir o access.log e fiz o reload no e2guardian e o meu funcionou perfeitamente.
Obrigado por seus ensinamentos