SARG + E2guardian
-
@marcelloc executei o comando na shell e obtive o retorno
code root: sarg -d `date -v-1w +%d/%m/%Y`-`date -v-1d +%d/%m/%Y` SARG: Loop detected in getword after 256 bytes. SARG: Line="1528476366.447 162 192.168.oa er TCP_MISS/204 0 GET" SARG: Record="https://g.bing.com/uac/request?size=300x600;noperf=1;adclntid=1002;alias=SKYBRPT9;kvmsft_ext_inv_cd=br;kvmsft_muid=34c7d87a37d36b3b228dd3b733d36807;kvmsft_optout=1;kvmsft_sdkversion=8.9;kvpg=%2Fstatic.skypeassets%2Fadserver%2Fadloader-v2.html;kvugc=0;kvrefd=apps.skype.com;kvmn=SKYBRPT9;kvgrp=476601497;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=-180;grp=476601497 - DEFAULT_PARENT/ -" SARG: searching for 'x20' SARG: Invalid user ID in file "/var/log/e2guardian/access.log"Pelo que pude ver, parece que é alguma ACL que mexi e não está sendo carregada corretamente pro relatório.
Edit:
Editei o access.log e retirei a linha que estava apresentando erro, observei então que trouxe
https://advergine.com/stat?&h=www.maxmilhas.com.br&t=0.9895906489163713 https://ch1-client-s.gateway.messenger.live.com licitacoes/favorites.json web/public/boletins/1172455570/followups/1417001659.json [in.168.1.120 -- Esse eu corrigi na unhaDepois rodei novamente o comando para gerar os relatórios da última semana.
Consegui criar o relatório, vou criar agora o agendamento para ser diário e atualizado a cada 30 minutos.A dúvida agora, é saber como e porque carregou os dados/sites que citei acima.
-
Acompanhei o processo de atualização do SARG a cada 30 min e aparentemente está td ok.
-
Meu Sarg esta lendo os logs normalmente por enquanto, mas no SYSTEM LOGS do Pfsense ainda está gerando o erro a seguir.
nginx: 2018/06/14 13:47:05 [error] 46335#100130: *2872 open() "/usr/local/www/sarg_sorttable.js" failed (2: No such file or directory), client: 192.168.0.69, server: , request: "GET /sarg_sorttable.js HTTP/1.1", host: "192.168.0.1", referrer: "http://192.168.0.1/sarg_frame.php?prevent=446666891557765600?"
Q estranho....
-
Meu sarg esta funcionando perfeitamente, o unico porem e q ele parou de resolver os IP nos relatorio,
Mesmo no terminal quando roda sarg -n ele gera o relatorio com ips somente, alguem tem ideia de como resolver?
Obrigado
-
Mudou alguma opção de configuração?
Treinamentos de Elite: http://sys-squad.com
-
@marcelloc não, eu so habilitei o pfblocker
-
quando pingo uma estação tipo estacao1.dominio no shell do pfsense ele resolve certo.
-
@clebermedina , Roda o sarg na console, ve se ele acusa algum erro ou dificuldade.
Treinamentos de Elite: http://sys-squad.com
-
@marcelloc nenhuma pelo visto
sarg -xn SARG: Init SARG: Loading configuration from /usr/local/etc/sarg/sarg.conf SARG: Chaining IP resolving module "dns" SARG: Chaining IP resolving module "dns" SARG: Loading exclude host file from: /usr/local/etc/sarg/exclude_hosts.conf SARG: Loading exclude file from: /usr/local/etc/sarg/exclude_users.conf SARG: Reading host alias file "/usr/local/etc/sarg/hostalias" SARG: List of host names to alias: SARG: Parameters: SARG: Hostname or IP address (-a) = SARG: Useragent log (-b) = SARG: Exclude file (-c) = /usr/local/etc/sarg/exclude_hosts.conf SARG: Date from-until (-d) = SARG: Email address to send reports (-e) = SARG: Config file (-f) = /usr/local/etc/sarg/sarg.conf SARG: Date format (-g) = Europe (dd/mm/yyyy) SARG: IP report (-i) = No SARG: Keep temporary files (-k) = No SARG: Input log (-l) = /var/log/e2guardian/access.log SARG: Resolve IP Address (-n) = Yes SARG: Output dir (-o) = /usr/local/sarg-reports/ SARG: Use Ip Address instead of userid (-p) = No SARG: Accessed site (-s) = SARG: Time (-t) = SARG: User (-u) = SARG: Temporary dir (-w) = /tmp/sarg SARG: Debug messages (-x) = Yes SARG: Process messages (-z) = No SARG: Previous reports to keep (--lastlog) = 0 SARG: SARG: SARG version: 2.3.10 Apr-12-2015 SARG: Reading access log file: /var/log/e2guardian/access.log SARG: Records in file: 27997, reading: 100.00% SARG: Records read: 27997, written: 27997, excluded: 0 SARG: Squid log format SARG: Period: 14 Jun 2018 SARG: File "/usr/local/sarg-reports/14Jun2018-14Jun2018" already exists, moved to "/usr/local/ sarg-reports/14Jun2018-14Jun2018.2" SARG: Sorting log /tmp/sarg/192_168_10_137.user_unsort SARG: Making file /tmp/sarg/192_168_10_137 SARG: Sorting log /tmp/sarg/192_168_10_109.user_unsort SARG: Making file /tmp/sarg/192_168_10_109 SARG: Sorting log /tmp/sarg/192_168_10_121.user_unsort SARG: Making file /tmp/sarg/192_168_10_121 SARG: Sorting log /tmp/sarg/192_168_10_115.user_unsort SARG: Making file /tmp/sarg/192_168_10_115 SARG: Sorting log /tmp/sarg/192_168_10_106.user_unsort SARG: Making file /tmp/sarg/192_168_10_106 SARG: Sorting log /tmp/sarg/192_168_10_118.user_unsort SARG: Making file /tmp/sarg/192_168_10_118 SARG: Sorting log /tmp/sarg/192_168_10_138.user_unsort SARG: Making file /tmp/sarg/192_168_10_138 SARG: Sorting log /tmp/sarg/192_168_10_108.user_unsort SARG: Making file /tmp/sarg/192_168_10_108 SARG: Sorting log /tmp/sarg/192_168_10_125.user_unsort SARG: Making file /tmp/sarg/192_168_10_125 SARG: Sorting log /tmp/sarg/192_168_10_112.user_unsort SARG: Making file /tmp/sarg/192_168_10_112 SARG: Sorting log /tmp/sarg/192_168_10_116.user_unsort SARG: Making file /tmp/sarg/192_168_10_116 SARG: Sorting log /tmp/sarg/192_168_10_128.user_unsort SARG: Making file /tmp/sarg/192_168_10_128 SARG: Sorting log /tmp/sarg/192_168_10_117.user_unsort SARG: Making file /tmp/sarg/192_168_10_117 SARG: Sorting log /tmp/sarg/192_168_10_134.user_unsort SARG: Making file /tmp/sarg/192_168_10_134 SARG: Sorting log /tmp/sarg/192_168_10_147.user_unsort SARG: Making file /tmp/sarg/192_168_10_147 SARG: Sorting log /tmp/sarg/192_168_10_110.user_unsort SARG: Making file /tmp/sarg/192_168_10_110 SARG: Sorting log /tmp/sarg/192_168_10_126.user_unsort SARG: Making file /tmp/sarg/192_168_10_126 SARG: Sorting log /tmp/sarg/192_168_10_141.user_unsort SARG: Making file /tmp/sarg/192_168_10_141 SARG: Sorting log /tmp/sarg/192_168_10_107.user_unsort SARG: Making file /tmp/sarg/192_168_10_107 SARG: Sorting log /tmp/sarg/192_168_10_113.user_unsort SARG: Making file /tmp/sarg/192_168_10_113 SARG: Using the dansguardian log file "/var/log/e2guardian/access.log" found in your configura tion file "/usr/local/etc/e2guardian/e2guardian.conf" SARG: Reading DansGuardian log file "/var/log/e2guardian/access.log" SARG: Sorting file "/tmp/sarg/dansguardian.int_log" SARG: Sorting file "/tmp/sarg/192_168_10_137.utmp" SARG: Making report 192.168.10.137 SARG: Sorting file "/tmp/sarg/192_168_10_109.utmp" SARG: Making report 192.168.10.109 SARG: Sorting file "/tmp/sarg/192_168_10_121.utmp" SARG: Making report 192.168.10.121 SARG: Sorting file "/tmp/sarg/192_168_10_115.utmp" SARG: Making report 192.168.10.115 SARG: Sorting file "/tmp/sarg/192_168_10_106.utmp" SARG: Making report 192.168.10.106 SARG: Sorting file "/tmp/sarg/192_168_10_118.utmp" SARG: Making report 192.168.10.118 SARG: Sorting file "/tmp/sarg/192_168_10_138.utmp" SARG: Making report 192.168.10.138 SARG: Sorting file "/tmp/sarg/192_168_10_108.utmp" SARG: Making report 192.168.10.108 SARG: Sorting file "/tmp/sarg/192_168_10_125.utmp" SARG: Making report 192.168.10.125 SARG: Sorting file "/tmp/sarg/192_168_10_112.utmp" SARG: Making report 192.168.10.112 SARG: Sorting file "/tmp/sarg/192_168_10_116.utmp" SARG: Making report 192.168.10.116 SARG: Sorting file "/tmp/sarg/192_168_10_128.utmp" SARG: Making report 192.168.10.128 SARG: Sorting file "/tmp/sarg/192_168_10_117.utmp" SARG: Making report 192.168.10.117 SARG: Sorting file "/tmp/sarg/192_168_10_134.utmp" SARG: Making report 192.168.10.134 SARG: Sorting file "/tmp/sarg/192_168_10_147.utmp" SARG: Making report 192.168.10.147 SARG: Sorting file "/tmp/sarg/192_168_10_110.utmp" SARG: Making report 192.168.10.110 SARG: Sorting file "/tmp/sarg/192_168_10_126.utmp" SARG: Making report 192.168.10.126 SARG: Sorting file "/tmp/sarg/192_168_10_141.utmp" SARG: Making report 192.168.10.141 SARG: Sorting file "/tmp/sarg/192_168_10_107.utmp" SARG: Making report 192.168.10.107 SARG: Sorting file "/tmp/sarg/192_168_10_113.utmp" SARG: Making report 192.168.10.113 SARG: Making index.html SARG: Successful report generated on /usr/local/sarg-reports/14Jun2018-14Jun2018 SARG: Purging temporary file sarg-general SARG: End -
Se está gerando mais de uma vez por dia, marca a opção overwrite report. Isso vai gerar um único relatório do dia que vai "se completando" com o passar das horas.
a opção que resolve o nome das estações é Convert IP address to DNS name, ela está marcada?
-
Entao @marcelloc, eu entendo o funcionamento, a overwrite esta disabilitada para eu comparar os resultados nos testes
A opção Convert IP address to DNS name esta habilitada tambem.
O interessante e que parou de resolver do nada.
-
Meu sarg so atualiza os relatorios quando rodo o comando ...
sarg -nx no terminal, não esta atualizando com o schedule no cron.
Ja removi o pacote, ja reinstalei, removi todos os logs, exclui todos os diretorios do sarg e o mesmo problema continua.
Alguem tem ideia do que possa ser? -
Boa noite , realizei a instalação do e2g + sarg , e ocorre que não abre o relatório, segui os passos do topico e posto o conteudo do comando sarg-x via ssh
-
Roda o comando que esta agendado no cron e qual é a saída dele.
-
@marcelloc iniciei a validação do pacote UserAuth e agora ao rodar o Sarg está apresentando a mensagem
code login as: /root: sarg -n SARG: File "" not foundVacilei em algum ponto?
-
Salva as configurações do sarg novamente.
Estou veriifcando esse bug do pacote sarg. em algum momento o sarg.conf é gerado sem a informação do log. -
@marcelloc Hello,
I installed e2Guardian5 with your guide to my pfsense 2.4.4 and than i found video of you for sarg package but i could not run sarg ?
i got this error via console with sarg -x ;
SARG: Init
SARG: Loading configuration from /usr/local/etc/sarg/sarg.conf
SARG: Chaining IP resolving module "dns"
SARG: Loading exclude host file from: /usr/local/etc/sarg/exclude_hosts.conf
SARG: Loading exclude file from: /usr/local/etc/sarg/exclude_users.conf
SARG: Reading host alias file "/usr/local/etc/sarg/hostalias"
SARG: List of host names to alias:
SARG: Deleting temporary directory "/tmp/sarg"
SARG: Parameters:
SARG: Hostname or IP address (-a) =
SARG: Useragent log (-b) =
SARG: Exclude file (-c) = /usr/local/etc/sarg/exclude_hosts.conf
SARG: Date from-until (-d) =
SARG: Email address to send reports (-e) =
SARG: Config file (-f) = /usr/local/etc/sarg/sarg.conf
SARG: Date format (-g) = Europe (dd/mm/yyyy)
SARG: IP report (-i) = No
SARG: Keep temporary files (-k) = No
SARG: Input log (-l) = /var/log/e2guardian/access.log
SARG: Resolve IP Address (-n) = Yes
SARG: Output dir (-o) = /usr/local/sarg-reports/
SARG: Use Ip Address instead of userid (-p) = Yes
SARG: Accessed site (-s) =
SARG: Time (-t) =
SARG: User (-u) =
SARG: Temporary dir (-w) = /tmp/sarg
SARG: Debug messages (-x) = Yes
SARG: Process messages (-z) = No
SARG: Previous reports to keep (--lastlog) = 0
SARG:
SARG: SARG version: 2.3.11 Jan-14-2018
SARG: Reading access log file: /var/log/e2guardian/access.log
SARG: Loop detected in getword_multisep after 30 bytes.
SARG: Line="2.168.70.204 http"
SARG: Record="//init-p01st.push.apple.com/bag - GET 8043 0 - 1 200 - 192.168.70.204 Default - - - - -"
SARG: searching for 'x20'
SARG: Invalid date in file "/var/log/e2guardian/access.log"Could you share with me any idea ?
Thank you so much .
Also there is another problem how i can block file extensions for HTTPS protocol ? and there is one notification via pfsense E2guardian - is not a valid access denied url ... ? What is that meaning ? How can i solve ?
Thank you so much again .
-
@marcelloc So pra constar e ajudar na comunidade
Usando o Pfsense 2.5 deu o erro tambem.
Fiz conforme o amigo instruiu: deleteir o access.log e fiz o reload no e2guardian e o meu funcionou perfeitamente.
Obrigado por seus ensinamentos
