Sarg désinstallé, mais traces persistantes ds les logs => Problème LightSquid ?
-
Bonjour à tous, et merci de l'aide que vous apportez à la communauté PFSense.
Contexte : J'administre cette solution installée depuis quelques mois pour une petite entreprise (30 postes mais seuls 4 ou 5 avec du surf régulier)
Besoin : Ligthsquid fonctionne en temps réel(sqstat) , mais pas en différé (Lightsquid sur le port 7445)
Mais avant de creuser ce problème j'aimerais nettoyer des traces de Sarg dans mes log (Sarg à été automatiquement désinstallé pendant la migration vers la 2.3) , je ne suis pas sur que cela soit lié, mais se sera plus propre …Schéma :
Netgate SG-4860 (Appliance)
2.3-RELEASE (amd64)
built on Mon Apr 11 18:28:29 CDT 2016 (Mise à jour récente)
FreeBSD 10.3-RELEASEMon_PC 192.168.2.109/24 –- 192.168.2.251/24 ---(LAN) PFSENSE (WAN) --- 37.71.xx.xx (@IP Publique)
Mon_PC 192.168.2.109/24 --- 192.168.2.251/24 ---(LAN) PFSENSE (DMZ) --- 192.168.250.254/28 --- 192.168.250.241/28Règles Firewall :
LAN
IPv4 TCP/UDP LAN net * * 53 (DNS) * none DNS
IPv4 TCP LAN net * * 3128 * none HTTP/HTTPS
IPv4 TCP LAN net * * 80 (HTTP) * none Lan => 80
IPv4 TCP LAN net * * 443 (HTTPS) * none LAN => 443Packages ajoutés :
Squid (mode NON transparent)
LightSquid
Sarg désinstallé automatiquement à la suite de la MAJ.
OpenVpnClientExportQuestions : (Je ne suis pas sur que les 2 soient liées)
1 - Comment nettoyer les traces de sarg dans mes logs
2 - LightSquid est installé (installé le 01-06) SQstat est ok mais l'interface web ne fonctionne pas (https://192.168.2.251:7445/ => site inaccessible.) Et pourtant ça a fonctionné 1 ou 2 fois. La page web semble down.Dans mes log on voit les traces de Sarg (mais comment m'en débarrasser ???) et LightSquid qui semble tourner correctement :
Jun 3 09:00:00 php /usr/local/www/sarg.php: The command 'export LC_ALL=C && /usr/local/bin/sarg ' returned exit code '127', the output was '/usr/local/bin/sarg: not found'
Jun 3 09:00:00 php /usr/local/www/sarg.php: [sarg] Force refresh now with args, compress(on).
Jun 3 08:56:56 php-fpm 89318 /pkg_edit.php: [lightsquid] Updating cronjobs…
Jun 3 08:56:56 check_reload_status Syncing firewall
Jun 3 08:56:55 php-fpm 89318 /pkg_edit.php: [lightsquid] Removing old cronjobs…
Jun 3 08:56:55 php-fpm 89318 /pkg_edit.php: [lightsquid] Successfully created '/usr/local/etc/lightsquid/lightsquid.cfg' configuration file.
Jun 3 08:56:55 php-fpm 89318 /pkg_edit.php: [lightsquid] Loaded default '/usr/local/etc/lightsquid/lightsquid.cfg.sample' configuration file.
Jun 3 08:56:55 check_reload_status Syncing firewall
Jun 3 08:56:55 php-fpm 89318 /pkg_edit.php: [lightsquid] Parsing today's entries in access.log using '/usr/local/bin/perl /usr/local/www/lightsquid/lightparser.pl today'En mode console : pkg info :
[2.3-RELEASE][admin@pfSense.prodirect.com]/root: pkg info
arc-5.21p Create & extract files from DOS .ARC files
arj-3.10.22_4 Open source implementation of the ARJ archiver
ataidle-2.7.2 Utility to spin down ATA drives
beep-1.0_1 Beeps a certain duration and pitch out of the PC Speaker
bind-tools-9.10.3P4 Command line tools from BIND: delv, dig, host, nslookup…
bsnmp-regex-0.6_1 bsnmpd module allowing creation of counters from log files
bsnmp-ucd-0.4.1 bsnmpd module that implements parts of UCD-SNMP-MIB
bwi-firmware-kmod-3.130.20 Broadcom AirForce IEEE 802.11 Firmware Kernel Module
c-icap-0.3.5_2,2 ICAP server implementation
c-icap-modules-0.3.2_5 c-icap modules virus_scan and srv_url_check
ca_root_nss-3.22.2 Root certificate bundle from the Mozilla Project
check_reload_status-0.0.7 run various pfSense scripts on event.
choparp-20150613 Simple proxy arp daemon
clamav-0.99 Command line virus scanner written entirely in C
clog-1.0.1 Circular log support for FreeBSD syslogd
cpdup-1.17_2 Comprehensive filesystem mirroring and backup program
cpustats-0.1_1 cpustats
curl-7.47.0 Non-interactive tool to get files from FTP, GOPHER, HTTP(S) servers
cyrus-sasl-2.1.26_12 RFC 2222 SASL (Simple Authentication and Security Layer)
dhcp6-20080615_7 KAME DHCP6 client, server, and relay
dhcpleases-0.3_1 read dhpcd.lease file and add it to hosts file
dhcpleases6-0.1_2 read dhpcd6.leases file and trigger command on modification
dmidecode-3.0 Tool for dumping DMI (SMBIOS) contents in human-readable format
dnsmasq-devel-2.76.0test8 Lightweight DNS forwarder, DHCP, and TFTP server
dpinger-2.0 IP device monitoring tool
expat-2.1.0_3 XML 1.0 parser written in C
expiretable-0.6_1 Utility to remove entries from the pf(4) table based on their age
filterdns-1.0_9 filterdns
filterlog-0.1_1 filterlog
freetype2-2.6.3 Free and portable TrueType font rendering engine
gettext-runtime-0.19.6 GNU gettext runtime libraries and programs
glib-2.44.1_3 Some useful routines of C programming (current stable version)
gmp-5.1.3_2 Free library for arbitrary precision arithmetic
gogoc-1.2_1 GogoCLIENT, connect to Freenet6 tunnel
idnkit-1.0_5 Library to handle internationalized domain names
igmpproxy-0.1_3,1 Multicast forwarding IGMP proxy
indexinfo-0.2.4 Utility to regenerate the GNU info page index
ipmitool-1.8.15_1 CLI to manage IPMI systems
isc-dhcp43-client-4.3.3P1_1 The ISC Dynamic Host Configuration Protocol client
isc-dhcp43-relay-4.3.3P1_1 The ISC Dynamic Host Configuration Protocol relay
isc-dhcp43-server-4.3.3P1_1 ISC Dynamic Host Configuration Protocol server
jbigkit-2.1_1 Lossless compression for bi-level images such as scanned pages, faxes
jpeg-turbo-1.4.2 SIMD-accelerated JPEG codec which replaces libjpeg
json-c-0.12_2 JSON (JavaScript Object Notation) implementation in C
krb5-1.14 Authentication system developed at MIT, successor to Kerberos IV
ldns-1.6.17_5 Library for programs conforming to DNS RFCs and drafts
lha-1.14i_6 Archive files using LZSS and Huffman compression (.lzh files)
libdaemon-0.14_1 Lightweight C library that eases the writing of UNIX daemons
libedit-3.1.20150325_1 Command line editor library
libevent2-2.0.22_1 API for executing callback functions on events or timeouts
libffi-3.2.1 Foreign Function Interface
libgd-2.1.0_7,1 Graphics library for fast creation of images
libiconv-1.14_9 Character set conversion library
libidn-1.31 Internationalized Domain Names command line tool
libltdl-2.4.6 System independent dlopen wrapper
libmcrypt-2.5.8_3 Multi-cipher cryptographic library (used in PHP)
libpdel-0.5.3_6 Packet Design multi-purpose C library for embedded applications
libsodium-1.0.3 Library to build higher-level cryptographic tools
libssh2-1.6.0_1,2 Library implementing the SSH2 protocol
libxml2-2.9.3 XML parser library for GNOME
libzmq4-4.1.3 ZeroMQ core library (Version 4)
lightsquid-1.8_4 Light and fast web based squid proxy traffic analyser
lighttpd-1.4.39_1 Secure, fast, compliant, and flexible Web Server
links-2.9,1 Lynx-like text WWW browser
luajit-2.0.4 Just-In-Time Compiler for Lua
lzo2-2.09 Portable speedy, lossless data compression library
minicron-0.0.2 very small cron
miniupnpd-1.9.20160113,1 UPnP IGD implementation which uses pf/ipf
mpd4-4.4.1_1 Multi-link PPP daemon based on netgraph(4)
mpd5-5.8 Multi-link PPP daemon based on netgraph(4)
nettle-2.7.1 Low-level cryptographic library
nginx-1.8.1,2 Robust and small WWW server
ntp-4.2.8p6 The Network Time Protocol Distribution
oniguruma5-5.9.6_1 BSDL Regular Expressions library compatible with POSIX/GNU/Perl
openldap-client-2.4.44 Open source LDAP client implementation
openvpn-2.3.9 Secure IP/Ethernet tunnel daemon
openvpn-client-export-2.3.11 OpenVPN Client Export
p5-GD-2.56_2 Perl5 interface to Gd Graphics Library version2
p7zip-15.14 File archiver with high compression ratio
pcre-8.38_1 Perl Compatible Regular Expressions library
pecl-radius-1.2.7 Radius client library for PHP
pecl-rrd-1.1.3_2 PHP bindings to rrd tool system
pecl-ssh2-0.12 PECL extension to the libssh2 library
pecl-zmq-1.1.3 PHP bindings for ZeroMQ
perl5-5.20.3_8 Practical Extraction and Report Language
pfSense-2.3 Meta package to install pfSense required ports
pfSense-Status_Monitoring-1.0_1 pfSense Status Monitoring
pfSense-base-2.3 pfSense core files
pfSense-default-config-2.3 pfSense default config
pfSense-kernel-pfSense-2.3 pfSense kernel (pfSense)
pfSense-pkg-AutoConfigBackup-1.43_1 pfSense package AutoConfigBackup
pfSense-pkg-Lightsquid-3.0.4 pfSense package Lightsquid
pfSense-pkg-aws-wizard-0.5_1 PfSense package AWS VPC VPN Connection Wizard
pfSense-pkg-ipsec-profile-wizard-0.9_1 PfSense package IPsec Profile Generation for iOS devices
pfSense-pkg-openvpn-client-export-1.3.8 pfSense package openvpn-client-export
pfSense-pkg-squid-0.4.16_2 pfSense package squid
pfSense-rc-2.3 pfSense rc script
pfSense-repo-2.3 pfSense pkg repository configuration (stable)
pftop-0.7_6 Utility for real-time display of statistics for pf
php-suhosin-0.9.38 PHP extension that implements high-level protections
php-xdebug-2.2.5 Xdebug extension for PHP
php56-5.6.20 PHP Scripting Language
php56-bcmath-5.6.20 The bcmath shared extension for php
php56-bz2-5.6.20 The bz2 shared extension for php
php56-ctype-5.6.20 The ctype shared extension for php
php56-curl-5.6.20 The curl shared extension for php
php56-dom-5.6.20 The dom shared extension for php
php56-filter-5.6.20 The filter shared extension for php
php56-gettext-5.6.20 The gettext shared extension for php
php56-hash-5.6.20 The hash shared extension for php
php56-json-5.6.20 The json shared extension for php
php56-ldap-5.6.20 The ldap shared extension for php
php56-mbstring-5.6.20 The mbstring shared extension for php
php56-mcrypt-5.6.20 The mcrypt shared extension for php
php56-opcache-5.6.20 The opcache shared extension for php
php56-openssl-5.6.20 The openssl shared extension for php
php56-pcntl-5.6.20 The pcntl shared extension for php
php56-pdo-5.6.20 The pdo shared extension for php
php56-pdo_sqlite-5.6.20 The pdo_sqlite shared extension for php
php56-pfSense-module-0.12 Library for getting useful info
php56-posix-5.6.20 The posix shared extension for php
php56-readline-5.6.20 The readline shared extension for php
php56-session-5.6.20 The session shared extension for php
php56-shmop-5.6.20 The shmop shared extension for php
php56-simplexml-5.6.20 The simplexml shared extension for php
php56-sockets-5.6.20 The sockets shared extension for php
php56-sqlite3-5.6.20 The sqlite3 shared extension for php
php56-sysvmsg-5.6.20 The sysvmsg shared extension for php
php56-sysvsem-5.6.20 The sysvsem shared extension for php
php56-sysvshm-5.6.20 The sysvshm shared extension for php
php56-tokenizer-5.6.20 The tokenizer shared extension for php
php56-xml-5.6.20 The xml shared extension for php
php56-xmlreader-5.6.20 The xmlreader shared extension for php
php56-xmlwriter-5.6.20 The xmlwriter shared extension for php
php56-zlib-5.6.20 The zlib shared extension for php
pkg-1.7.2_2 Package manager
pkgconf-0.9.12_1 Utility to help to configure compiler and linker flags
png-1.6.21 Library for manipulating PNG images
python27-2.7.11_1 Interpreted object-oriented programming language
qstats-0.1_1 read dhpcd.lease file and add it to hosts file
radvd-1.9.1 Linux/BSD IPv6 router advertisement daemon
rate-0.9 Traffic analysis command-line utility
relayd-5.5.20140810_1 OpenBSD relay daemon
rrdtool-1.5.5_1 Round Robin Database Tools
scponly-4.8.20110526_2 Tiny shell that only permits scp and sftp
smartmontools-6.4_1 S.M.A.R.T. disk monitoring tools
sqlite3-3.9.2 SQL database engine in a C library
squid-3.5.16 HTTP Caching Proxy
squid_radius_auth-1.10 RADIUS authenticator for squid proxy 2.5 and later
squidclamav-6.13 Clamav c-icap service and redirector for Squid
ssh_tunnel_shell-0.1 SSH tunnel shell
sshlockout_pf-0.0.2 SSH lockout pf
strongswan-5.4.0 Open Source IKEv2 IPsec-based VPN solution
tiff-4.0.6_1 Tools and library routines for working with TIFF images
unbound-1.5.5 Validating, recursive, and caching DNS resolver
unzoo-4.4_2 ZOO archive extractor
voucher-0.1_2 Voucher support
vstr-1.0.15_1 General purpose string library for C
wol-0.7.1_2 Tool to wake up Wake-On-LAN compliant computers
wrapalixresetbutton-0.0.7 Utility to detect platform reset button state for use in scripting
xinetd-2.3.15_1 Replacement for inetd with better control and logging
zip-3.0_1 Create/update ZIP files compatible with PKZIP -
(Bonne présentation : bravo !)
Tout cela sont des packages : Sarg, LightSquid, Squid, …
Par principe, les packages NE FONT PAS partie de pfSense : il n'y a aucune garantie de bon fonctionnement, et de ... désinstallation correcte !
Certains, dont moi, déconseillent, en conséquence, d'utiliser des packages trop importants (comme Squid), surtout s'il y a possibilité, et intérêt, à faire autrement.Compte tenu de la taille, je peux comprendre que Squid + LightSquid soit installé sur pfSense, compte tenu de la taille (je répète 2 fois).
Pour avoir une solution propre, la seule méthode fiable est :
- sauvegarde (de toute config)
- installation de pfSense (à neuf)
- reconfig de base, ajout des packages utiles
- remontée de la sauvegarde
NB : Je ne vois pas l'intérêt de 'LightSquid en temps réel' : quel est le but ? (Est ce d'ailleurs bien légal ? La légalité est de conserver les logs, pas de les visualiser !)
NB : Attention, certaine règles semblent trop larges : LAN subnet -> pfsense pour 3128/tcp (Squid) : inutile d'aller vers 'any' !
-
Bonjour, et merci pour votre réponse.
En creusant les docs de FreeBsd j'ai pu trouver et éditer la Crontab pour commenter les lignes faisant références à Sarg : Ça n'est pas le plus propre mais cela devrai éviter les messages log parasites.
NB : Attention, certaine règles semblent trop larges : LAN subnet -> pfsense pour 3128/tcp (Squid) : inutile d'aller vers 'any' !
Merci, cela réponds indirectement à une question que je me posais sur le filtrage proxy vs le filtrage sans proxy => à travailler.