SARG + E2guardian



  • Prezados,

    Bom dia!

    Realizei a instalação e configuração do E2Guardians seguindo a apresentação do link https://www.youtube.com/watch?v=tao1tiXFefk e alguns dias depois a instalação do SARG https://www.youtube.com/watch?v=_ir0XHSBXGQ.
    Após configurado e estabelecido o schedule, mesmo forçando a geração do relatório, apresentou mensagem de erro

    code
    Error: Could not find report index file.
    Check and save Sarg settings and try to force Sarg schedule.
    

    Na console executei o comando sarg -x e apresenta o erro;

    code
    SARG: Init
    SARG: Loading configuration from /usr/local/etc/sarg/sarg.conf
    SARG: Loading exclude host file from: /usr/local/etc/sarg/exclude_hosts.conf
    SARG: Loading exclude file from: /usr/local/etc/sarg/exclude_users.conf
    SARG: Reading host alias file "/usr/local/etc/sarg/hostalias"
    SARG: List of host names to alias:
    SARG: Deleting temporary directory "/tmp/sarg"
    SARG: Parameters:
    SARG:           Hostname or IP address (-a) =
    SARG:                    Useragent log (-b) =
    SARG:                     Exclude file (-c) = /usr/local/etc/sarg/exclude_hosts.conf
    SARG:                  Date from-until (-d) =
    SARG:    Email address to send reports (-e) =
    SARG:                      Config file (-f) = /usr/local/etc/sarg/sarg.conf
    SARG:                      Date format (-g) = Europe (dd/mm/yyyy)
    SARG:                        IP report (-i) = No
    SARG:             Keep temporary files (-k) = No
    SARG:                        Input log (-l) = /var/log/e2guardian/access.log
    SARG:               Resolve IP Address (-n) = No
    SARG:                       Output dir (-o) = /usr/local/sarg-reports/
    SARG: Use Ip Address instead of userid (-p) = No
    SARG:                    Accessed site (-s) =
    SARG:                             Time (-t) =
    SARG:                             User (-u) =
    SARG:                    Temporary dir (-w) = /tmp/sarg
    SARG:                   Debug messages (-x) = Yes
    SARG:                 Process messages (-z) = No
    SARG:  Previous reports to keep (--lastlog) = 0
    SARG:
    SARG: SARG version: 2.3.10 Apr-12-2015
    SARG: Reading access log file: /var/log/e2guardian/access.log
    SARG: Loop detected in getword_atoll after 2 bytes.
    SARG: Line="92.168.1.21 https"
    SARG: Record="92.168.1.21 https"
    SARG: searching for 'x2f'
    SARG: Invalid date in file "/var/log/e2guardian/access.log"
    

    Alguém pode dar um help?



  • @ghislenidroid said in SARG + E2guardian:

    SARG: Invalid date in file "/var/log/e2guardian/access.log"

    Alguém pode dar um help?
    

    O sarg está reclamando do conteúdo do log.

    Depois de alterar o formato do log do e2guardian para o squid, apague o arquivo de log antigo e de um reload/restart no e2guardian.



  • @marcelloc apaguei o arquivo access.log e um novo foi criado.

    code
    1528227255.205     29 192.168.1.120 TCP_MISS/200 1035 GET http://cdn.content.prod.cms.msn.com/singletile/summary/alias/experiencebyname/today?market=pt-BR&source=appxmanifest&tenant=amp&vertical=news - DEFAULT_PARENT/ -
    1528227255.697    108 192.168.1.200 TCP_MISS/200 4327 GET http://tile-service.weather.microsoft.com/pt-BR/livetile/preinstall?region=BR&appid=C98EA5B0842DBB9405BBF071E1DA76512D21FE36&FORM=Threshold 192.168.1.200 DEFAULT_PARENT/ -
    1528227257.690    371 192.168.1.120 TCP_MISS/200 167 GET https://arc.msn.com/v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=310091&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=0&auid=46d3a9f34d55536aeb8af9be3bbfc738&poptin=1&localid=w:2DDB8585-639E-C027-6945-D4AE986684C4&ctry=BR&time=20180605T193803Z&lc=pt-BR&pl=pt-BR&idtp=mid&uid=049334ee-2039-4f64-8377-215d4b5b9319&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=ac309f3fa1034e079895b0009af50853&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.48&disphorzres=1920&dispsize=15.5&dispvertres=1080&fosver=16299&isu=0&lo=82397&metered=false&nettype=wifi&npid=sc-310091&oemName=Acer&oemid=Acer&ossku=Professional&prevosver=16299&rver=2&smBiosDm=Aspire%20ES1-572&tl=4&tsu=5885&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= - DEFAULT_PARENT/ -
    1528227257.704    383 192.168.1.120 TCP_MISS/200 167 GET https://arc.msn.com/v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=346481&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=0&auid=46d3a9f34d55536aeb8af9be3bbfc738&poptin=1&localid=w:2DDB8585-639E-C027-6945-D4AE986684C4&ctry=BR&time=20180605T193803Z&lc=pt-BR&pl=pt-BR&idtp=mid&uid=049334ee-2039-4f64-8377-215d4b5b9319&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=9cdab4cd4c3c4bf2ba6f2d24f5945699&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.48&disphorzres=1920&dispsize=15.5&dispvertres=1080&fosver=16299&isu=0&lo=82397&metered=false&nettype=wifi&npid=sc-346481&oemName=Acer&oemid=Acer&ossku=Professional&prevosver=16299&smBiosDm=Aspire%20ES1-572&tl=4&tsu=5885&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= - DEFAULT_PARENT/ -
    1528227257.707    362 192.168.1.120 TCP_MISS/200 167 GET https://arc.msn.com/v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=280811&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=0&auid=46d3a9f34d55536aeb8af9be3bbfc738&poptin=1&localid=w:2DDB8585-639E-C027-6945-D4AE986684C4&ctry=BR&time=20180605T193803Z&lc=pt-BR&pl=pt-BR&idtp=mid&uid=049334ee-2039-4f64-8377-215d4b5b9319&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=d441aa1a0cc54320bbfab405c78d576c&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.48&disphorzres=1920&dispsize=15.5&dispvertres=1080&fosver=16299&isu=0&lo=82397&metered=false&nettype=wifi&npid=sc-280811&oemName=Acer&oemid=Acer&ossku=Professional&prevosver=16299&sc-msa=7&smBiosDm=Aspire%20ES1-572&tl=4&tsu=5885&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= - DEFAULT_PARENT/ -
    1528227257.725    377 192.168.1.120 TCP_MISS/200 167 GET https://arc.msn.com/v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=280810&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=0&auid=46d3a9f34d55536aeb8af9be3bbfc738&poptin=1&localid=w:2DDB8585-639E-C027-6945-D4AE986684C4&ctry=BR&time=20180605T193803Z&lc=pt-BR&pl=pt-BR&idtp=mid&uid=049334ee-2039-4f64-8377-215d4b5b9319&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=429733d3853e47febb1543d9ba5f987b&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.48&disphorzres=1920&dispsize=15.5&dispvertres=1080&fosver=16299&isu=0&lo=82397&metered=false&nettype=wifi&npid=sc-280810&oemName=Acer&oemid=Acer&ossku=Professional&prevosver=16299&sc-msa=7&smBiosDm=Aspire%20ES1-572&tl=4&tsu=5885&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= - DEFAULT_PARENT/ -
    1528227263.474   1000 192.168.1.120 TCP_MISS/200 3168 POST https://roaming.officeapps.live.com/rs/RoamingSoapService.svc - DEFAULT_PARENT/ -
    1528227264.305    555 192.168.1.120 TCP_MISS/200 34 GET https://ocws.officeapps.live.com/ocs/docs/recent?rs=pt-BR&apps=Excel&show=100 - DEFAULT_PARENT/ -
    1528227270.836    774 192.168.1.48 TCP_MISS/204 0 GET https://nexusrules.officeapps.live.com/nexus/rules?Application=searchprotocolhost.exe&Version=7.0.17134.1&ClientId=%7b373289BA-844D-4A98-BF68-38A04AD08075%7d&OSEnvironment=10&MsoAppId=-2&AudienceName=Audience_Liblet_Not_Initialized&AudienceGroup=Other&AppVersion=7.0.17134.1& 192.168.1.48 DEFAULT_PARENT/ -
    1528227271.515    474 192.168.1.23 TCP_MISS/200 19 GET https://www.apoiocotacoes.com.br/app/ObterQtdeMensagensNaoLidasAjax.do 192.168.1.23 DEFAULT_PARENT/ -
    1528227272.189     29 192.168.1.178 TCP_MISS/200 1143 GET http://cdn.content.prod.cms.msn.com/singletile/summary/alias/experiencebyname/today?market=pt-BR&source=appxmanifest&tenant=amp&vertical=finance - DEFAULT_PARENT/ -
    1528227273.131    103 192.168.1.21 TCP_MISS/200 26 POST https://writer-br.smartlook.com/rec/write?rid=aCMzI_0oj-h&index=15&time=91590.5&group=30d&pid=5963f91a673eecd3058b4577&data=0&version=4.1.1_d4b5cff2adef9e33b6dc9324d7e733bd0439cd9a 192.168.1.21 DEFAULT_PARENT/ -
    1528227276.338    836 192.168.1.210 TCP_MISS/200 23 GET http://dynupdate.no-ip.com/nic/update?hostname=indalaboroffice.ddns.me 192.168.1.210 DEFAULT_PARENT/ -
    1528227280.446  25241 192.168.1.120 TCP_DENIED/403 0 - https://127.0.0.1 - DEFAULT_PARENT/ -
    1528227281.792  25062 192.168.1.120 TCP_DENIED/403 0 - https://127.0.0.1 - DEFAULT_PARENT/ -
    
    
    

    Reparei que as primeiras colunas antes eram ano/mes/dia

    code
    18.06.04 08:22:28	192.168.1.77	http://37.48.82.67/updates/uds/unmod-uds-1313g.xml.dif	200	-	Comercial	-
    18.06.04 08:22:24	192.168.1.77	http://37.48.82.67/updates/sw2/unmod-sw2-1313g.xml.dif	200	-	Comercial	-
    18.06.04 08:22:23	192.168.1.77	http://37.48.82.67/updates/si/unmod-si-1313g.xml.dif	200	-	Comercial	-
    18.06.04 08:22:22	192.168.1.77	http://37.48.82.67/updates/ossl/unmod-ossl-1313g.xml.dif	200	-	Comercial	-
    18.06.04 08:22:20	192.168.1.77	http://37.48.82.67/updates/qscan/unmod-qscan-1313g.xml.dif	200	-	Comercial	-
    18.06.04 08:22:18	192.168.1.77	http://37.48.82.67/updates/hips/unmod-hips-1313g.xml.dif	200	-	Comercial	-
    18.06.04 08:22:17	192.168.1.77	http://37.48.82.67/updates/apu/unmod-apu-1313g.xml.dif	200	-	Comercial	-
    18.06.04 08:22:16	192.168.1.77	http://37.48.82.67/updates/ark/unmod-ark-1313g.xml.dif	200	-	Comercial	-
    18.06.04 08:22:15	192.168.1.77	http://37.48.82.67/updates/vlns/unmod-vlns-1313g.xml.dif	200	-	Comercial	-
    18.06.04 08:22:14	192.168.1.77	http://37.48.82.67/updates/mpm/unmod-mpm-1313g.xml.dif	200	-	Comercial	-
    18.06.04 08:22:12	192.168.1.77	http://37.48.82.67/updates/dnt/unmod-dnt-1313g.xml.dif	200	-	Comercial	-
    18.06.04 08:22:10	192.168.1.77	http://37.48.82.67/updates/apd/unmod-apd-1313g.xml.dif	200	-	Comercial	-
    18.06.04 08:22:09	192.168.1.77	http://37.48.82.67/updates/kdb/i386/kdbext-i386-1313g.xml.klz	200	-	Comercial	-
    18.06.04 08:21:58	192.168.1.77	http://37.48.82.67/updates/kdb/i386/kdbc-i386-1313g.xml.dif	200	-	Comercial	-
    18.06.04 08:21:56	192.168.1.77	http://37.48.82.67/updates/kdb/i386/unmod-kdb-i386-1313g.xml.dif	200	-	Comercial
    

    Alguma configuração que devo alterar?



  • @marcelloc excluí o agendamento existente e inseri outro, mudando para 2h o tempo de atualiza. Feito isto, cliquei em force update e foi gerado o relatório!
    😆

    Valeu!



  • 0_1528469036707_SARG.jpg

    o meu esta com o mesmo erro, fiz o que o amigo fez e a dica do Marcelo tbm e não funcionou.



  • Só estou usando e2guardian, não adicionei grupos e nem usuários esta default.

    funciona assim ?



  • @edils0n-lima , funciona sim.

    A mensagem de erro está reclamando que o formato do log não é padrão squid.



  • 0_1528486295171_SARG3.jpg

    log file format : seria ali essa opção mesmo ?



  • Essa mesma.

    Depois de mudar o padrão e salvar, o log vai ficar com registro nos dois formatos. É disso que o sarg está reclamando. Via console, exclua o log antigo e digite e2guardian -Q



  • poderia me dizer qual o código digito no console para excluir?



  • rm -f /var/log/e2guardian/access.log



  • Bom dia pessoal, no meu caso o SARG não atualiza 2_1528715319917_sarg_erro3.JPG 1_1528715319916_sarg_erro2.JPG 0_1528715319915_sarg_erro1.JPG corretamente os LOGS, a cada 2 ou 3 dias ele para, somente quando eu excluo o agendamento e crio outro ele volta a funcionar, agora pela manhã acabei de remover o agendamento e criei outro e ele sincronizou, alguém tem idéia do que possa ser, ao que me parece é o CRON, mas já removi e instalei novamente esse pacote, mas o problema continua.



  • A única coisa que imagino que possa atrapalhar o arquivo de configuração do sarg é o reboot. Portanto, veja se a frequência que os relatórios param não é a cada reboot.



  • Bom dia .. o meu funcionou obrigado Marcelo.. Agora e continuar os testes.👍



  • Acabei de verificar, eu criei um agendamento a cada 30m, isso era as 8:00, em seguida ele ja atualizou e parou novamente. O servidor não foi reiniciado nesse meio tempo, é batata, é criar outro agendamento e volta a atualizar os logs, mas depois para novamente.

    [2.4.2-RELEASE][admin@fw-server.tecin]/root: sarg -x
    SARG: Init
    SARG: Loading configuration from /usr/local/etc/sarg/sarg.conf
    SARG: Loading exclude host file from: /usr/local/etc/sarg/exclude_hosts.conf
    SARG: Loading exclude file from: /usr/local/etc/sarg/exclude_users.conf
    SARG: Reading host alias file "/usr/local/etc/sarg/hostalias"
    SARG: List of host names to alias:
    SARG: Deleting temporary directory "/tmp/sarg"
    SARG: Parameters:
    SARG: Hostname or IP address (-a) =
    SARG: Useragent log (-b) =
    SARG: Exclude file (-c) = /usr/local/etc/sarg/exclude_hosts.conf
    SARG: Date from-until (-d) =
    SARG: Email address to send reports (-e) =
    SARG: Config file (-f) = /usr/local/etc/sarg/sarg.conf
    SARG: Date format (-g) = USA (mm/dd/yyyy)
    SARG: IP report (-i) = No
    SARG: Keep temporary files (-k) = No
    SARG: Input log (-l) =
    SARG: Resolve IP Address (-n) = No
    SARG: Output dir (-o) = /usr/local/sarg-reports/
    SARG: Use Ip Address instead of userid (-p) = No
    SARG: Accessed site (-s) =
    SARG: Time (-t) =
    SARG: User (-u) =
    SARG: Temporary dir (-w) = /tmp/sarg
    SARG: Debug messages (-x) = Yes
    SARG: Process messages (-z) = No
    SARG: Previous reports to keep (--lastlog) = 0
    SARG:
    SARG: SARG version: 2.3.10



  • @jdsonc observei o mesmo aqui no meu ambiente.

    Vamos aguardar e ver se o @marcelloc já identificou esta anomalia ou se é alguma particularidade.



  • @jdsonc said in SARG + E2guardian:

    Acabei de verificar, eu criei um agendamento a cada 30m, isso era as 8:00, em seguida ele ja atualizou e parou novamente. O servidor não foi reiniciado nesse meio tempo, é batata, é criar outro agendamento e volta a atualizar os logs, mas depois para novamente.

    Antes de reaplicar o agendamento, consegue copiar o sarg.conf e comparar após salvar novamente as configurações?



  • @marcelloc

    Olha o meu sarg.conf antes de apagar o agendamento.

    code
    # sarg.conf
    #
    # TAG:  access_log file
    #       Where is the access.log
    #       sarg -l file
    #
    access_log 
    
    # TAG: graphs yes|no
    #	Use graphics where possible.
    #           graph_days_bytes_bar_color blue|green|yellow|orange|brown|red
    #
    graphs yes
    #graph_days_bytes_bar_color orange
    
    # TAG:  graph_font
    #       The full path to the TTF font file to use to create the graphs. It is required
    #       if graphs is set to yes.
    #
    #graph_font /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf
    
    # TAG:	title
    # 	Specify the title for html page.
    #
    #title "Squid User Access Reports"
    title "E2guardian User Access Reports"
    # TAG:	font_face
    # 	Specify the font for html page.
    #
    #font_face Tahoma,Verdana,Arial
    
    # TAG:	header_color
    # 	Specify the header color
    #
    #header_color darkblue
    
    # TAG:	header_bgcolor
    # 	Specify the header bgcolor
    #
    #header_bgcolor blanchedalmond
    
    # TAG:	font_size
    # 	Specify the text font size
    #
    #font_size 9px
    
    # TAG:	header_font_size
    # 	Specify the header font size
    #
    #header_font_size 9px
    
    # TAG:	title_font_size
    # 	Specify the title font size
    #
    #title_font_size 11px
    
    # TAG:	background_color
    # TAG:	background_color
    #	Html page background color
    #
    # background_color white
    
    # TAG:	text_color
    #	Html page text color
    #
    #text_color #000000
    
    # TAG:	text_bgcolor
    #	Html page text background color
    #
    #text_bgcolor lavender
    
    # TAG:	title_color
    #	Html page title color
    #
    #title_color green
    
    # TAG:	logo_image
    #	Html page logo.
    #
    #logo_image none
    
    # TAG:	logo_text
    #	Html page logo text.
    #
    #logo_text ""
    
    # TAG:	logo_text_color
    #	Html page logo texti color.
    #
    #logo_text_color #000000
    
    # TAG:	logo_image_size
    #	Html page logo image size.
    #       width height
    #
    #image_size 80 45
    
    # TAG:	background_image
    #	Html page background image
    #
    #background_image none
    
    # TAG:  password
    #       User password file used by Squid authentication scheme
    #       If used, generate reports just for those users.
    #
    #password none
    
    # TAG:  temporary_dir
    #       Temporary directory name for work files
    #       sarg -w dir
    #
    #temporary_dir /tmp
    
    # TAG:  output_dir
    #       The reports will be saved in that directory
    #       sarg -o dir
    #
    output_dir /usr/local/sarg-reports
    
    # TAG:  anonymous_output_files yes/no
    #       Use anonymous file and directory names in the report. If it is set to
    #       no (the default), the user ID/IP/name is slightly mangled to create a
    #       suitable file name to store the report of the user but the user's
    #       identity can easily be guessed from the mangled name. If this option is
    #       set, any file or directory belonging to the user is replaced by a short
    #       number.  The purpose is to hide the identity of the user when looking
    #       at the report file names but it may serve to shorten the path too.
    #
    anonymous_output_files no
    
    # TAG:  output_email
    #       Email address to send the reports. If you use this tag, no html reports will be generated.
    #       sarg -e email
    #
    #output_email none
    
    # TAG:  resolve_ip yes/no
    #       Convert IP address to DNS name
    #       sarg -n
    resolve_ip no
    
    # TAG:  user_ip yes/no
    #       Use IP address instead of userid in reports.
    #       sarg -p
    user_ip no
    
    # TAG:  topuser_sort_field field normal/reverse
    #       Sort field for the Topuser Report.
    #       Allowed fields: USER CONNECT BYTES TIME
    #
    topuser_sort_field BYTES normal
    
    # TAG:  user_sort_field field normal/reverse
    #       Sort field for the User Report.
    #       Allowed fields: SITE CONNECT BYTES TIME
    #
    user_sort_field BYTES normal
    
    # TAG:  exclude_users file
    #       users within the file will be excluded from reports.
    #       You can use indexonly to have only index.html file.
    #
    exclude_users /usr/local/etc/sarg/exclude_users.conf
    
    # TAG:  exclude_hosts file
    #       Hosts, domains or subnets will be excluded from reports.
    #
    #       Eg.: 192.168.10.10 - exclude this IP address only
    #            192.168.10.0/24 - exclude entire subnet
    #            host1.example.com - exclude this hostname only
    #            *.example.com - exclude entire domain
    #
    exclude_hosts /usr/local/etc/sarg/exclude_hosts.conf
    
    # TAG:  useragent_log file
    #       useragent.log file path to generate useragent report.
    #
    #useragent_log none
    
    # TAG:  date_format
    #       Date format in reports: e (European=dd/mm/yy), u (American=mm/dd/yy), w (Weekly=yy.ww)
    #
    #date_format u
    date_format u
    
    # TAG:  per_user_limit file MB
    #       Saves userid on file if download exceed n MB.
    #       This option allows you to disable user access if user exceeds a download limit.
    #
    #per_user_limit none
    
    # TAG: lastlog n
    #      How many reports files will be kept in reports directory.
    #      The oldest report file will be automatically removed.
    #      0 - no limit.
    #
    #lastlog 0
    lastlog 0
    
    # TAG: remove_temp_files yes
    #      Remove temporary files from root report directory.
    #
    remove_temp_files yes
    
    # TAG: index yes|no|only
    #      Generate the main index.html.
    #      only - generate only the main index.html
    #
    index yes
    
    # TAG: index_tree date|file
    #      How to generate the index.
    #
    index_tree file
    
    # TAG: index_fields
    #      The columns to show in the index of the reports
    #      Columns are: dirsize
    #
    #index_fields dirsize
    
    # TAG: overwrite_report yes|no
    #      yes - if report date already exist it will be overwrited.
    #       no - if report date already exist it will be renamed to filename.n, filename.n+1
    #
    overwrite_report yes
    
    # TAG: records_without_userid ignore|ip|everybody
    #      What can I do with records without user id (no authentication) in access.log file ?
    #
    #      ignore - This record will be ignored.
    #          ip - Use IP address instead. (default)
    #   everybody - Use "everybody" instead.
    #
    #records_without_userid ip
    
    # TAG: use_comma no|yes
    #      Use comma instead of dot in reports.
    #      Eg.: use_comma yes => 23,450,110
    #           use_comma no  => 23.450.110
    #
    use_comma yes
    
    # TAG: mail_utility
    #      Mail command to use to send reports via SMTP. Sarg calls it like this:
    #         mail_utility -s "SARG report, date" "output_email" <"mail_content"
    #
    #      Therefore, it is possible to add more arguments to the command by specifying them
    #      here.
    #
    #      If you need too, you can use a shell script to process the content of /dev/stdin
    #      (/dev/stdin is the mail_content passed by Sarg to the script) and call whatever
    #      command you like. It is not limited to mailing the report via SMTP.
    #
    #      Don't forget to quote the command if necessary (i.e. if the path contains
    #      characters that must be quoted).
    #
    #mail_utility mailx
    
    # TAG: topsites_num n
    #      How many sites in topsites report.
    #
    #topsites_num 100
    
    # TAG: topsites_sort_order CONNECT|BYTES|TIME A|D
    #      Sort for topsites report, where A=Ascending, D=Descending
    #
    #topsites_sort_order CONNECT D
    
    # TAG: index_sort_order A/D
    #      Sort for index.html, where A=Ascending, D=Descending
    #
    #index_sort_order D
    
    # TAG: exclude_codes file
    #      Ignore records with these Squid return codes. Eg.: NONE/400
    #      Write one code per line. Lines starting with a # are ignored.
    #      Only codes matching exactly one of the line is rejected. The
    #      comparison is not case sensitive.
    #
    exclude_codes /usr/local/etc/sarg/exclude_codes
    
    # TAG: replace_index string
    #      Replace "index.html" in the main index file with this string
    #      If null, "index.html" is used
    #
    #replace_index <?php echo str_replace(".", "_", ); echo ".html"; ?>
    
    # TAG: max_elapsed milliseconds
    #      If elapsed time recorded in log is greater than max_elapsed, use 0 for elapsed time.
    #      Use 0 for no checking
    #
    #max_elapsed 28800000
    # 8 Hours
    max_elapsed 0
    
    # TAG: report_type type
    #      What kind of reports to generate.
    #      topusers            - users, sites, times, bytes, connects, links to accessed sites, etc.
    #      topsites		   - site, connect and bytes report
    #      sites_users	   - users and sites report
    #      users_sites	   - accessed sites by the user report
    #      date_time	   - bytes used per day and hour report
    #      denied		   - denied sites with full URL report
    #      auth_failures       - autentication failures report
    #      site_user_time_date - sites, dates, times and bytes report
    #      downloads           - downloads per user report
    #
    #      Eg.: report_type topsites denied
    #
    #report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
    report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
    
    # TAG: usertab filename
    #      You can change the "userid" or the "IP address" to be a real user name on the reports.
    #      If resolve_ip is active, the IP address is resolved before being looked up in this
    #      file. That is, if you want to map the ip address, be sure to set resolve_ip to no or
    #      the resolved name will be looked up in the file instead of the IP address. Note that
    #      it can be used to resolve any IP address known to the DNS and then map the unresolved
    #      IP addresses to a name found in the usertab file.
    #      Table syntax:
    # 		userid name   or   ip address name
    #      Eg:
    #		SirIsaac Isaac Newton
    #		vinci Leonardo da Vinci
    #		192.168.10.1 Karol Wojtyla
    #
    #      Each line must be terminated with '\ n'
    #      If usertab is set to value "ldap" (case ignored), user names
    #      will be taken from LDAP server. Use this method to obtain usernames
    #      LDAP / Active Directory.
    #
    #usertab none
    usertab none
    
    # TAG: LDAPHost hostname
    #	FQDN or IP address of host with LDAP service or AD DC
    #	default is '127.0.0.1'
    #LDAPHost 127.0.0.1
    
    
    # TAG: LDAPPort port
    #       LDAP service port number
    #	default is '389'
    #LDAPPort 389
    
    
    # TAG: LDAPBindDN CN=username,OU=group,DC=mydomain,DC=com
    #	DN of the LDAP user who is authorized to the search the LDAP database
    #	default is empty line
    #LDAPBindDN cn=proxy,dc=mydomain,dc=local
    
    
    # TAG: LDAPBindPW secret
    #	Password for LDAPBindDN specified above.
    #	default is empty line
    #LDAPBindPW secret
    
    
    # TAG: LDAPBaseSearch OU=users,DC=mydomain,DC=com
    #	LDAP search base DN. The search base is the place in the hierarchical LDAP structure
    #       where the search for user accounts starts.
    #	default is empty line
    #LDAPBaseSearch ou=users,dc=mydomain,dc=local
    
    
    # TAG: LDAPFilterSearch (uid=%s)
    #	Use this to filter the user login entries to be returned for a search operation in LDAP.
    #	First founded record will be used
    #	%s - will be changed to userlogins from access.log file
    #       Search filter string can have up to 5 '%s' tags.
    #	default value is '(uid=%s)'
    #LDAPFilterSearch (uid=%s)
    
    
    # TAG: LDAPTargetAttr attributename
    #	Name of the attribute containing the login name of the user.
    #	default value is 'cn'
    #LDAPTargetAttr cn
    
    
    # TAG: long_url yes|no
    #      If yes, the full url is showed in report.
    #      If no, only the site will be showed
    #
    #      YES option generate very big sort files and reports.
    #
    long_url no
    
    # TAG: date_time_by bytes|elap
    #      Date/Time reports show the downloaded volume or the elapsed time or both.
    #
    #date_time_by bytes
    date_time_by bytes
    
    # TAG: charset name
    #      ISO 8859 is a full series of 10 standardized multilingual single-byte coded (8bit)
    #      graphic character sets for writing in alphabetic languages
    #      You can use the following charsets:
    #		Latin1 		- West European
    #		Latin2 		- Central and East European
    #		Latin3 		- Southeast European
    #		Latin4 		- Scandinavian/Baltic
    #		Cyrillic
    #		Arabic
    #		Greek
    #		Hebrew
    #		Latin5 		- Turkish
    #		Latin6          - Lappish/Nordic/Eskimo
    #		Windows-1251
    #		Japan
    #		Koi8-r
    #		UTF-8
    #
    #charset Latin1
    charset Windows-1251
    
    # TAG: user_invalid_char "&/"
    #      Records that contain invalid characters in userid will be ignored by Sarg.
    #
    #user_invalid_char "&/"
    
    # TAG: privacy yes|no
    #      privacy_string "***.***.***.***"
    #      privacy_string_color blue
    #      In some countries the sysadm cannot see the visited sites by a restrictive law.
    #      Using privacy 'yes', the visited url will be changes by privacy_string and the link
    #      will be removed from reports.
    #
    privacy no
    #privacy_string "***.***.***.***"
    #privacy_string_color blue
    
    # TAG: include_users "user1:user2:...:usern"
    #      Reports will be generated only for listed users.
    #
    #include_users none
    
    
    # TAG: exclude_string "string1:string2:...:stringn"
    #      Records from access.log file that contain one of listed strings will be ignored.
    #
    #exclude_string none
    exclude_string "e2gerror.php:[inet"
    # TAG: show_successful_message yes|no
    #      Shows "Successful report generated on dir" at end of process.
    #
    #show_successful_message yes
    
    # TAG: show_read_statistics yes|no
    #      Shows some reading statistics.
    #
    #show_read_statistics yes
    
    # TAG: topuser_fields
    #      Which fields must be in Topuser report.
    #
    #topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
    
    # TAG: user_report_fields
    #      Which fields must be in User report.
    #
    #user_report_fields CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
    
    # TAG: bytes_in_sites_users_report yes|no
    #      Bytes field must be in Site & Users Report ?
    #
    #bytes_in_sites_users_report no
    bytes_in_sites_users_report no
    
    # TAG: topuser_num n
    #      How many users in topsites report. 0 = no limit
    #
    #topuser_num 0
    topuser_num 0
    
    # TAG: datafile file
    #      Save the report results in a file to populate some database
    #
    #datafile none
    
    # TAG: datafile_delimiter "	"
    #      ascii character to use as a field separator in datafile
    #
    #datafile_delimiter ""
    
    # TAG: datafile_fields all
    #      Which data fields must be in datafile
    #      user;date;time;url;connect;bytes;in_cache;out_cache;elapsed
    #
    #datafile_fields user;date;time;url;connect;bytes;in_cache;out_cache;elapsed
    
    
    # TAG: datafile_url ip|name
    #      Saves the URL as IP or name in datafile
    #
    #datafile_url ip
    
    # TAG: weekdays
    #      The weekdays to take into account ( Sunday->0, Saturday->6 )
    # Example:
    #weekdays 1-3,5
    # Default:
    #weekdays 0-6
    
    # TAG: hours
    #      The hours to take into account
    # Example:
    #hours 7-12,14,16,18-20
    # Default:
    #hours 0-23
    
    # TAG: dansguardian_conf file
    #      DansGuardian.conf file path
    #      Generate reports from DansGuardian logs.
    #      Use 'none' to disable it.
    #      dansguardian_conf /usr/dansguardian/dansguardian.conf
    #
    dansguardian_conf 
    
    # TAG: dansguardian_filter_out_date on|off
    #      This option replaces dansguardian_ignore_date (its name was not appropriate with respect to its action).
    #      Note the change of parameter value compared to the old option.
    #      'off' use the record even if its date is outside of the range found in the input log file.
    #      'on'  use the record only if its date is in the range found in the input log file.
    #
    dansguardian_filter_out_date on
    
    # TAG: squidguard_conf file
    #      path to squidGuard.conf file
    #      Generate reports from SquidGuard logs.
    #      Use 'none' to disable.
    #      You can use sarg -L filename to use an alternate squidGuard log.
    #      squidguard_conf /usr/local/squidGuard/squidGuard.conf
    #
    squidguard_conf none
    
    # TAG: redirector_log file
    #      The location of the web proxy redirector log, such as one created by squidGuard or Rejik. The option
    #      may be repeated up to 64 times to read multiple files.
    #      If this option is specified, it takes precedence over squidguard_conf.
    #      The command line option -L override this option.
    #
    #redirector_log /usr/local/squidGuard/var/logs/urls.log
    
    # TAG: redirector_filter_out_date on|off
    #      This option replaces squidguard_ignore_date and redirector_ignore_date (their names were not
    #      appropriate with respect to their actions).
    #      Note the change of parameter value compared to the old options.
    #      'off' use the record even if its date is outside of the range found in the input log file.
    #      'on'  use the record only if its date is in the range found in the input log file.
    #
    #redirector_filter_out_date on
    
    # TAG: redirector_log_format
    #      Format string for web proxy redirector logs.
    #      This option was named squidguard_log_format before Sarg 2.3.
    #      REJIK       #year#-#mon#-#day# #hour# #list#:#tmp# #ip# #user# #tmp#/#tmp#/#url#/#end#
    #      SQUIDGUARD  #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#
    #redirector_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#
    
    # TAG: show_sarg_info yes|no
    #      shows Sarg information and site path on each report bottom
    #
    show_sarg_info no
    
    # TAG: show_sarg_logo yes|no
    #      shows Sarg logo
    #
    show_sarg_logo no
    
    # TAG: parsed_output_log directory
    #      Saves the processed log in a Sarg format after parsing the squid log file.
    #      This is a way to dump all of the data structures out, after parsing from
    #      the logs (presumably this data will be much smaller than the log files themselves),
    #      and pull them back in for later processing and merging with data from previous logs.
    #
    #parsed_output_log none
    
    # TAG: parsed_output_log_compress /bin/gzip|/usr/bin/bzip2|nocompress
    #      Command to run to compress sarg parsed output log. It may contain
    #      options (such as -f to overwrite existing target file). The name of
    #      the file to compresse is provided at the end of this
    #      command line. Don't forget to quote things appropriately.
    #
    #parsed_output_log_compress /bin/gzip
    
    # TAG: displayed_values bytes|abbreviation
    #      how the values will be displayed in reports.
    #      eg. bytes  	-  209.526
    #          abbreviation -  210K
    #
    #displayed_values bytes
    displayed_values bytes
    
    # Report limits
    # TAG: authfail_report_limit n
    # TAG: denied_report_limit n
    # TAG: siteusers_report_limit n
    # TAG: squidguard_report_limit n
    # TAG: user_report_limit n
    # TAG: dansguardian_report_limit n
    # TAG: download_report_limit n
    #      report limits (lines).
    #      '0' no limit
    #
    #authfail_report_limit 10
    authfail_report_limit 0
    #denied_report_limit 10
    denied_report_limit 0
    #siteusers_report_limit 0
    #squidguard_report_limit 10
    #dansguardian_report_limit 10
    #user_report_limit 10
    #user_report_limit 50
    siteusers_report_limit 0
    user_report_limit 0
    dansguardian_report_limit 0
    
    
    # TAG: www_document_root dir
    #     Where is your Web DocumentRoot
    #     Sarg will create sarg-php directory with some PHP modules:
    #     - sarg-squidguard-block.php - add urls from user reports to squidGuard DB
    #
    #www_document_root /var/www/html
    www_document_root /usr/local/www
    
    # TAG: block_it module_url
    #     This tag allows you to pass urls from user reports to a cgi or php module,
    #     to be blocked by some Squid acl.
    #
    #     Eg.: block_it /sarg-php/sarg-block-it.php
    #     sarg-block-it is a php that will append a url to a flat file.
    #     You must change /var/www/html/sarg-php/sarg-block-it to point to your file
    #     in  variable, and chown to the httpd owner.
    #
    #     Sarg will pass http://module_url?url=url
    #
    #block_it none
    
    # TAG: external_css_file path
    #     Provide the path to an external CSS file to link into the HTML reports instead of
    #     the inline CSS written by sarg when this option is not set.
    #
    #     In versions prior to 2.3, this used to be an absolute file name to
    #     a file to include verbatim in each HTML page but, as it takes a lot of
    #     space, version 2.3 switched to a link to an external CSS file.
    #     Therefore, this option must contain the HTTP server path on which a client
    #     browser may find the CSS file.
    #
    #     Sarg use theses style classes:
    #	.logo		logo class
    #	.info		sarg information class, align=center
    #	.title_c	title class, align=center
    #	.header_c	header class, align:center
    #	.header_l	header class, align:left
    #	.header_r	header class, align:right
    #	.text		text class, align:right
    #	.data		table text class, align:right
    #	.data2		table text class, align:left
    #	.data3		table text class, align:center
    #	.link  		link class
    #
    #     Sarg can be instructed to output the internal CSS it inline
    #     into the reports with this command:
    #
    #        sarg --css
    #
    #     You can redirect the output to a file of your choice and edit
    #     it to your liking.
    #
    #external_css_file none
    # TAG: user_authentication yes|no
    #     Allow user authentication in User Reports using .htaccess
    #     Parameters:
    #	AuthUserTemplateFile - The template to use to create the
    #     .htaccess file. In the template, %u is replaced by the
    #     user's ID for which the report is generated. The path of the
    #     template is relative to the directory containing sarg
    #     configuration file.
    #
    # user_authentication no
    # AuthUserTemplateFile sarg_htaccess
    
    # TAG: download_suffix "suffix,suffix,...,suffix"
    #    file suffix to be considered as "download" in Download report.
    #    Use 'none' to disable.
    #
    #download_suffix "zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,mp3,avi,mpg,mpeg"
    
    # TAG: ulimit n
    #    The maximum number of open file descriptors to avoid "Too many open files" error message.
    #    You need to run Sarg as root to use ulimit tag.
    #    If you run Sarg with a low privilege user, set to 'none' to disable ulimit
    #
    #ulimit 20000
    
    # TAG: ntlm_user_format username|domainname+username
    #      NTLM users format.
    #
    #ntlm_user_format domainname+username
    ntlm_user_format user
    
    # TAG: realtime_refresh_time num sec
    #      How many seconds between auto refresh of the realtime report.
    #      0 = disable
    #
    realtime_refresh_time 0
    
    # TAG: realtime_access_log_lines num
    #      How many last lines to get from access.log file
    #
    # realtime_access_log_lines 1000
    
    # TAG: realtime_types: GET,PUT,CONNECT,ICP_QUERY,POST
    #      Which records must be in realtime report.
    #
    realtime_types GET,PUT,CONNECT
    
    # TAG: realtime_unauthenticated_records: ignore|show
    #      What to do with unauthenticated records in realtime report.
    #
    # 
    realtime_unauthenticated_records show
    
    # TAG: byte_cost value no_cost_limit
    #      Cost per byte.
    #      Eg. byte_cost 0.01 100000000
    #           per byte cost      = 0.01
    #           bytes with no cost = 100 Mb
    #      0 = disable
    #
    # byte_cost 0.01 50000000
    
    # TAG: squid24 on|off
    #      Compatilibity with squid version <= 2.4 when using emulate_http_log on
    #
    # squid24 off
    
    # TAG: sorttable path
    #      The path to a javascript script to dynamically sort the tables.
    #      The path is the link a browser must follow to find the script. For instance,
    #      it may be http://www.myproxy.org/sorttable.js or just /sorttable.js if the script
    #      is at the root of your web site.
    #
    #      If the path starts with "../" then it is assumed to be a relative
    #      path and Sarg adds as many "../" as necessary to locate the js script from
    #      the output directory. Therefore, ../../sorttable.js links to the javascript
    #      one level above output_dir.
    #
    #      If this entry is set, each sortable table will have the "sortable" class set.
    #      You may have a look at http://www.kryogenix.org/code/browser/sorttable/
    #      for the implementation on which Sarg is based.
    #
    sorttable /sarg_sorttable.js
    
    # TAG: hostalias
    #      The name of a text file containing the host names (one per line) and the
    #      optional alias to use in the report instead of that host name.
    #      Host names may contain up to one wildcard denoted by a *. The wildcard
    #      must not be at the end of the host name.
    #      The host name may be followed by an optional alias; if no alias is provided,
    #      the host name, including the wildcard, replaces any matching host name found
    #      in the log.
    #      Host names replaced by identical aliases are grouped together in the
    #      reports.
    #      IP addresses are supported and accept the CIDR notation both for IPv4 and
    #      IPv6 addresses.
    #
    #      Example:
    #      *.gstatic.com
    #      mt*.google.com
    #      *.myphone.microsoft.com
    #      *.myphone.microsoft.com:443 *.myphone.microsoft.com:secure
    #      *.freeav.net antivirus:freeav
    #      *.mail.live.com
    #      65.52.00.00/14 *.mail.live.com
    hostalias /usr/local/etc/sarg/hostalias
    


  • consegue comparar com o gerado depois?



  • Depois do agendamento....
    Amanha dando erro eu posto......

    # sarg.conf
    #
    # TAG:  access_log file
    #       Where is the access.log
    #       sarg -l file
    #
    access_log /var/log/e2guardian/access.log
    
    # TAG: graphs yes|no
    #       Use graphics where possible.
    #           graph_days_bytes_bar_color blue|green|yellow|orange|brown|red
    #
    graphs yes
    #graph_days_bytes_bar_color orange
    
    # TAG:  graph_font
    #       The full path to the TTF font file to use to create the graphs. It is required
    #       if graphs is set to yes.
    #
    #graph_font /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf
    
    # TAG:  title
    #       Specify the title for html page.
    #
    #title "Squid User Access Reports"
    title "E2guardian User Access Reports"
    # TAG:  font_face
    #       Specify the font for html page.
    #
    #font_face Tahoma,Verdana,Arial
    
    # TAG:  header_color
    #       Specify the header color
    #
    #header_color darkblue
    
    # TAG:  header_bgcolor
    #       Specify the header bgcolor
    #
    #header_bgcolor blanchedalmond
    
    # TAG:  font_size
    #       Specify the text font size
    #
    #font_size 9px
    
    # TAG:  header_font_size
    #       Specify the header font size
    #
    #header_font_size 9px
    
    # TAG:  title_font_size
    #       Specify the title font size
    #
    #title_font_size 11px
    
    # TAG:  background_color
    # TAG:  background_color
    #       Html page background color
    #
    # background_color white
    
    # TAG:  text_color
    #       Html page text color
    #
    #text_color #000000
    
    # TAG:  text_bgcolor
    #       Html page text background color
    #
    #text_bgcolor lavender
    
    # TAG:  title_color
    #       Html page title color
    #
    #title_color green
    
    # TAG:  logo_image
    #       Html page logo.
    #
    #logo_image none
    
    # TAG:  logo_text
    #       Html page logo text.
    #
    #logo_text ""
    
    # TAG:  logo_text_color
    #       Html page logo texti color.
    #
    #logo_text_color #000000
    
    # TAG:  logo_image_size
    #       Html page logo image size.
    #       width height
    #
    #image_size 80 45
    
    # TAG:  background_image
    #       Html page background image
    #
    #background_image none
    
    # TAG:  password
    #       User password file used by Squid authentication scheme
    #       If used, generate reports just for those users.
    #
    #password none
    
    # TAG:  temporary_dir
    #       Temporary directory name for work files
    #       sarg -w dir
    #
    #temporary_dir /tmp
    
    # TAG:  output_dir
    #       The reports will be saved in that directory
    #       sarg -o dir
    #
    output_dir /usr/local/sarg-reports
    
    # TAG:  anonymous_output_files yes/no
    #       Use anonymous file and directory names in the report. If it is set to
    #       no (the default), the user ID/IP/name is slightly mangled to create a
    #       suitable file name to store the report of the user but the user's
    #       identity can easily be guessed from the mangled name. If this option is
    #       set, any file or directory belonging to the user is replaced by a short
    #       number.  The purpose is to hide the identity of the user when looking
    #       at the report file names but it may serve to shorten the path too.
    #
    anonymous_output_files no
    
    # TAG:  output_email
    #       Email address to send the reports. If you use this tag, no html reports will be generated.
    #       sarg -e email
    #
    #output_email none
    
    # TAG:  resolve_ip yes/no
    #       Convert IP address to DNS name
    #       sarg -n
    resolve_ip no
    
    # TAG:  user_ip yes/no
    #       Use IP address instead of userid in reports.
    #       sarg -p
    user_ip no
    
    # TAG:  topuser_sort_field field normal/reverse
    #       Sort field for the Topuser Report.
    #       Allowed fields: USER CONNECT BYTES TIME
    #
    topuser_sort_field BYTES normal
    
    # TAG:  user_sort_field field normal/reverse
    #       Sort field for the User Report.
    #       Allowed fields: SITE CONNECT BYTES TIME
    #
    user_sort_field BYTES normal
    
    # TAG:  exclude_users file
    #       users within the file will be excluded from reports.
    #       You can use indexonly to have only index.html file.
    #
    exclude_users /usr/local/etc/sarg/exclude_users.conf
    
    # TAG:  exclude_hosts file
    #       Hosts, domains or subnets will be excluded from reports.
    #
    #       Eg.: 192.168.10.10 - exclude this IP address only
    #            192.168.10.0/24 - exclude entire subnet
    #            host1.example.com - exclude this hostname only
    #            *.example.com - exclude entire domain
    #
    exclude_hosts /usr/local/etc/sarg/exclude_hosts.conf
    
    # TAG:  useragent_log file
    #       useragent.log file path to generate useragent report.
    #
    #useragent_log none
    
    # TAG:  date_format
    #       Date format in reports: e (European=dd/mm/yy), u (American=mm/dd/yy), w (Weekly=yy.ww)
    #
    #date_format u
    date_format u
    
    # TAG:  per_user_limit file MB
    #       Saves userid on file if download exceed n MB.
    #       This option allows you to disable user access if user exceeds a download limit.
    #
    #per_user_limit none
    
    # TAG: lastlog n
    #      How many reports files will be kept in reports directory.
    #      The oldest report file will be automatically removed.
    #      0 - no limit.
    #
    #lastlog 0
    lastlog 0
    
    # TAG: remove_temp_files yes
    #      Remove temporary files from root report directory.
    #
    remove_temp_files yes
    
    # TAG: index yes|no|only
    #      Generate the main index.html.
    #      only - generate only the main index.html
    #
    index yes
    
    # TAG: index_tree date|file
    #      How to generate the index.
    #
    index_tree file
    
    # TAG: index_fields
    #      The columns to show in the index of the reports
    #      Columns are: dirsize
    #
    #index_fields dirsize
    
    # TAG: overwrite_report yes|no
    #      yes - if report date already exist it will be overwrited.
    #       no - if report date already exist it will be renamed to filename.n, filename.n+1
    #
    overwrite_report yes
    
    # TAG: records_without_userid ignore|ip|everybody
    #      What can I do with records without user id (no authentication) in access.log file ?
    #
    #      ignore - This record will be ignored.
    #          ip - Use IP address instead. (default)
    #   everybody - Use "everybody" instead.
    #
    #records_without_userid ip
    
    # TAG: use_comma no|yes
    #      Use comma instead of dot in reports.
    #      Eg.: use_comma yes => 23,450,110
    #           use_comma no  => 23.450.110
    #
    use_comma yes
    
    # TAG: mail_utility
    #      Mail command to use to send reports via SMTP. Sarg calls it like this:
    #         mail_utility -s "SARG report, date" "output_email" <"mail_content"
    #
    #      Therefore, it is possible to add more arguments to the command by specifying them
    #      here.
    #
    #      If you need too, you can use a shell script to process the content of /dev/stdin
    #      (/dev/stdin is the mail_content passed by Sarg to the script) and call whatever
    #      command you like. It is not limited to mailing the report via SMTP.
    #
    #      Don't forget to quote the command if necessary (i.e. if the path contains
    #      characters that must be quoted).
    #
    #mail_utility mailx
    
    # TAG: topsites_num n
    #      How many sites in topsites report.
    #
    #topsites_num 100
    
    # TAG: topsites_sort_order CONNECT|BYTES|TIME A|D
    #      Sort for topsites report, where A=Ascending, D=Descending
    #
    #topsites_sort_order CONNECT D
    
    # TAG: index_sort_order A/D
    #      Sort for index.html, where A=Ascending, D=Descending
    #
    #index_sort_order D
    
    # TAG: exclude_codes file
    #      Ignore records with these Squid return codes. Eg.: NONE/400
    #      Write one code per line. Lines starting with a # are ignored.
    #      Only codes matching exactly one of the line is rejected. The
    #      comparison is not case sensitive.
    #
    exclude_codes /usr/local/etc/sarg/exclude_codes
    
    # TAG: replace_index string
    #      Replace "index.html" in the main index file with this string
    #      If null, "index.html" is used
    #
    #replace_index <?php echo str_replace(".", "_", ); echo ".html"; ?>
    
    # TAG: max_elapsed milliseconds
    #      If elapsed time recorded in log is greater than max_elapsed, use 0 for elapsed time.
    #      Use 0 for no checking
    #
    #max_elapsed 28800000
    # 8 Hours
    max_elapsed 0
    
    # TAG: report_type type
    #      What kind of reports to generate.
    #      topusers            - users, sites, times, bytes, connects, links to accessed sites, etc.
    #      topsites            - site, connect and bytes report
    #      sites_users         - users and sites report
    #      users_sites         - accessed sites by the user report
    #      date_time           - bytes used per day and hour report
    #      denied              - denied sites with full URL report
    #      auth_failures       - autentication failures report
    #      site_user_time_date - sites, dates, times and bytes report
    #      downloads           - downloads per user report
    #
    #      Eg.: report_type topsites denied
    #
    #report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
    report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
    
    # TAG: usertab filename
    #      You can change the "userid" or the "IP address" to be a real user name on the reports.
    #      If resolve_ip is active, the IP address is resolved before being looked up in this
    #      file. That is, if you want to map the ip address, be sure to set resolve_ip to no or
    #      the resolved name will be looked up in the file instead of the IP address. Note that
    #      it can be used to resolve any IP address known to the DNS and then map the unresolved
    #      IP addresses to a name found in the usertab file.
    #      Table syntax:
    #               userid name   or   ip address name
    #      Eg:
    #               SirIsaac Isaac Newton
    #               vinci Leonardo da Vinci
    #               192.168.10.1 Karol Wojtyla
    #
    #      Each line must be terminated with '\ n'
    #      If usertab is set to value "ldap" (case ignored), user names
    #      will be taken from LDAP server. Use this method to obtain usernames
    #      LDAP / Active Directory.
    #
    #usertab none
    usertab none
    
    # TAG: LDAPHost hostname
    #       FQDN or IP address of host with LDAP service or AD DC
    #       default is '127.0.0.1'
    #LDAPHost 127.0.0.1
    
    
    # TAG: LDAPPort port
    #       LDAP service port number
    #       default is '389'
    #LDAPPort 389
    
    
    # TAG: LDAPBindDN CN=username,OU=group,DC=mydomain,DC=com
    #       DN of the LDAP user who is authorized to the search the LDAP database
    #       default is empty line
    #LDAPBindDN cn=proxy,dc=mydomain,dc=local
    
    
    # TAG: LDAPBindPW secret
    #       Password for LDAPBindDN specified above.
    #       default is empty line
    #LDAPBindPW secret
    
    
    # TAG: LDAPBaseSearch OU=users,DC=mydomain,DC=com
    #       LDAP search base DN. The search base is the place in the hierarchical LDAP structure
    #       where the search for user accounts starts.
    #       default is empty line
    #LDAPBaseSearch ou=users,dc=mydomain,dc=local
    
    
    # TAG: LDAPFilterSearch (uid=%s)
    #       Use this to filter the user login entries to be returned for a search operation in LDAP.
    #       First founded record will be used
    #       %s - will be changed to userlogins from access.log file
    #       Search filter string can have up to 5 '%s' tags.
    #       default value is '(uid=%s)'
    #LDAPFilterSearch (uid=%s)
    
    
    # TAG: LDAPTargetAttr attributename
    #       Name of the attribute containing the login name of the user.
    #       default value is 'cn'
    #LDAPTargetAttr cn
    
    
    # TAG: long_url yes|no
    #      If yes, the full url is showed in report.
    #      If no, only the site will be showed
    #
    #      YES option generate very big sort files and reports.
    #
    long_url no
    
    # TAG: date_time_by bytes|elap
    #      Date/Time reports show the downloaded volume or the elapsed time or both.
    #
    #date_time_by bytes
    date_time_by bytes
    
    # TAG: charset name
    #      ISO 8859 is a full series of 10 standardized multilingual single-byte coded (8bit)
    #      graphic character sets for writing in alphabetic languages
    #      You can use the following charsets:
    #               Latin1          - West European
    #               Latin2          - Central and East European
    #               Latin3          - Southeast European
    #               Latin4          - Scandinavian/Baltic
    #               Cyrillic
    #               Arabic
    #               Greek
    #               Hebrew
    #               Latin5          - Turkish
    #               Latin6          - Lappish/Nordic/Eskimo
    #               Windows-1251
    #               Japan
    #               Koi8-r
    #               UTF-8
    #
    #charset Latin1
    charset UTF-8
    
    # TAG: user_invalid_char "&/"
    #      Records that contain invalid characters in userid will be ignored by Sarg.
    #
    #user_invalid_char "&/"
    
    # TAG: privacy yes|no
    #      privacy_string "***.***.***.***"
    #      privacy_string_color blue
    #      In some countries the sysadm cannot see the visited sites by a restrictive law.
    #      Using privacy 'yes', the visited url will be changes by privacy_string and the link
    #      will be removed from reports.
    #
    privacy no
    #privacy_string "***.***.***.***"
    #privacy_string_color blue
    
    # TAG: include_users "user1:user2:...:usern"
    #      Reports will be generated only for listed users.
    #
    #include_users none
    
    
    # TAG: exclude_string "string1:string2:...:stringn"
    #      Records from access.log file that contain one of listed strings will be ignored.
    #
    #exclude_string none
    exclude_string "e2gerror.php:[inet"
    # TAG: show_successful_message yes|no
    #      Shows "Successful report generated on dir" at end of process.
    #
    #show_successful_message yes
    
    # TAG: show_read_statistics yes|no
    #      Shows some reading statistics.
    #
    #show_read_statistics yes
    
    # TAG: topuser_fields
    #      Which fields must be in Topuser report.
    #
    #topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
    
    # TAG: user_report_fields
    #      Which fields must be in User report.
    #
    #user_report_fields CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
    
    # TAG: bytes_in_sites_users_report yes|no
    #      Bytes field must be in Site & Users Report ?
    #
    #bytes_in_sites_users_report no
    bytes_in_sites_users_report no
    
    # TAG: topuser_num n
    #      How many users in topsites report. 0 = no limit
    #
    #topuser_num 0
    topuser_num 0
    
    # TAG: datafile file
    #      Save the report results in a file to populate some database
    #
    #datafile none
    
    # TAG: datafile_delimiter "     "
    #      ascii character to use as a field separator in datafile
    #
    #datafile_delimiter ""
    
    # TAG: datafile_fields all
    #      Which data fields must be in datafile
    #      user;date;time;url;connect;bytes;in_cache;out_cache;elapsed
    #
    #datafile_fields user;date;time;url;connect;bytes;in_cache;out_cache;elapsed
    
    
    # TAG: datafile_url ip|name
    #      Saves the URL as IP or name in datafile
    #
    #datafile_url ip
    
    # TAG: weekdays
    #      The weekdays to take into account ( Sunday->0, Saturday->6 )
    # Example:
    #weekdays 1-3,5
    # Default:
    #weekdays 0-6
    
    # TAG: hours
    #      The hours to take into account
    # Example:
    #hours 7-12,14,16,18-20
    # Default:
    #hours 0-23
    
    # TAG: dansguardian_conf file
    #      DansGuardian.conf file path
    #      Generate reports from DansGuardian logs.
    #      Use 'none' to disable it.
    #      dansguardian_conf /usr/dansguardian/dansguardian.conf
    #
    dansguardian_conf /usr/local/etc/e2guardian/e2guardian.conf
    
    # TAG: dansguardian_filter_out_date on|off
    #      This option replaces dansguardian_ignore_date (its name was not appropriate with respect to its action).
    #      Note the change of parameter value compared to the old option.
    #      'off' use the record even if its date is outside of the range found in the input log file.
    #      'on'  use the record only if its date is in the range found in the input log file.
    #
    dansguardian_filter_out_date on
    
    # TAG: squidguard_conf file
    #      path to squidGuard.conf file
    #      Generate reports from SquidGuard logs.
    #      Use 'none' to disable.
    #      You can use sarg -L filename to use an alternate squidGuard log.
    #      squidguard_conf /usr/local/squidGuard/squidGuard.conf
    #
    squidguard_conf none
    
    # TAG: redirector_log file
    #      The location of the web proxy redirector log, such as one created by squidGuard or Rejik. The option
    #      may be repeated up to 64 times to read multiple files.
    #      If this option is specified, it takes precedence over squidguard_conf.
    #      The command line option -L override this option.
    #
    #redirector_log /usr/local/squidGuard/var/logs/urls.log
    
    # TAG: redirector_filter_out_date on|off
    #      This option replaces squidguard_ignore_date and redirector_ignore_date (their names were not
    #      appropriate with respect to their actions).
    #      Note the change of parameter value compared to the old options.
    #      'off' use the record even if its date is outside of the range found in the input log file.
    #      'on'  use the record only if its date is in the range found in the input log file.
    #
    #redirector_filter_out_date on
    
    # TAG: redirector_log_format
    #      Format string for web proxy redirector logs.
    #      This option was named squidguard_log_format before Sarg 2.3.
    #      REJIK       #year#-#mon#-#day# #hour# #list#:#tmp# #ip# #user# #tmp#/#tmp#/#url#/#end#
    #      SQUIDGUARD  #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#
    #redirector_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#
    
    # TAG: show_sarg_info yes|no
    #      shows Sarg information and site path on each report bottom
    #
    show_sarg_info no
    
    # TAG: show_sarg_logo yes|no
    #      shows Sarg logo
    #
    show_sarg_logo no
    
    # TAG: parsed_output_log directory
    #      Saves the processed log in a Sarg format after parsing the squid log file.
    #      This is a way to dump all of the data structures out, after parsing from
    #      the logs (presumably this data will be much smaller than the log files themselves),
    #      and pull them back in for later processing and merging with data from previous logs.
    #
    #parsed_output_log none
    
    # TAG: parsed_output_log_compress /bin/gzip|/usr/bin/bzip2|nocompress
    #      Command to run to compress sarg parsed output log. It may contain
    #      options (such as -f to overwrite existing target file). The name of
    #      the file to compresse is provided at the end of this
    #      command line. Don't forget to quote things appropriately.
    #
    #parsed_output_log_compress /bin/gzip
    
    # TAG: displayed_values bytes|abbreviation
    #      how the values will be displayed in reports.
    #      eg. bytes        -  209.526
    #          abbreviation -  210K
    #
    #displayed_values bytes
    displayed_values bytes
    
    # Report limits
    # TAG: authfail_report_limit n
    # TAG: denied_report_limit n
    # TAG: siteusers_report_limit n
    # TAG: squidguard_report_limit n
    # TAG: user_report_limit n
    # TAG: dansguardian_report_limit n
    # TAG: download_report_limit n
    #      report limits (lines).
    #      '0' no limit
    #
    #authfail_report_limit 10
    authfail_report_limit 0
    #denied_report_limit 10
    denied_report_limit 0
    #siteusers_report_limit 0
    #squidguard_report_limit 10
    #dansguardian_report_limit 10
    #user_report_limit 10
    #user_report_limit 50
    siteusers_report_limit 0
    user_report_limit 0
    dansguardian_report_limit 0
    
    
    # TAG: www_document_root dir
    #     Where is your Web DocumentRoot
    #     Sarg will create sarg-php directory with some PHP modules:
    #     - sarg-squidguard-block.php - add urls from user reports to squidGuard DB
    #
    #www_document_root /var/www/html
    www_document_root /usr/local/www
    
    # TAG: block_it module_url
    #     This tag allows you to pass urls from user reports to a cgi or php module,
    #     to be blocked by some Squid acl.
    #
    #     Eg.: block_it /sarg-php/sarg-block-it.php
    #     sarg-block-it is a php that will append a url to a flat file.
    #     You must change /var/www/html/sarg-php/sarg-block-it to point to your file
    #     in  variable, and chown to the httpd owner.
    #
    #     Sarg will pass http://module_url?url=url
    #
    #block_it none
    
    # TAG: external_css_file path
    #     Provide the path to an external CSS file to link into the HTML reports instead of
    #     the inline CSS written by sarg when this option is not set.
    #
    #     In versions prior to 2.3, this used to be an absolute file name to
    #     a file to include verbatim in each HTML page but, as it takes a lot of
    #     space, version 2.3 switched to a link to an external CSS file.
    #     Therefore, this option must contain the HTTP server path on which a client
    #     browser may find the CSS file.
    #
    #     Sarg use theses style classes:
    #       .logo           logo class
    #       .info           sarg information class, align=center
    #       .title_c        title class, align=center
    #       .header_c       header class, align:center
    #       .header_l       header class, align:left
    #       .header_r       header class, align:right
    #       .text           text class, align:right
    #       .data           table text class, align:right
    #       .data2          table text class, align:left
    #       .data3          table text class, align:center
    #       .link           link class
    #
    #     Sarg can be instructed to output the internal CSS it inline
    #     into the reports with this command:
    #
    #        sarg --css
    #
    #     You can redirect the output to a file of your choice and edit
    #     it to your liking.
    #
    #external_css_file none
    # TAG: user_authentication yes|no
    #     Allow user authentication in User Reports using .htaccess
    #     Parameters:
    #       AuthUserTemplateFile - The template to use to create the
    #     .htaccess file. In the template, %u is replaced by the
    #     user's ID for which the report is generated. The path of the
    #     template is relative to the directory containing sarg
    #     configuration file.
    #
    # user_authentication no
    # AuthUserTemplateFile sarg_htaccess
    
    # TAG: download_suffix "suffix,suffix,...,suffix"
    #    file suffix to be considered as "download" in Download report.
    #    Use 'none' to disable.
    #
    #download_suffix "zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,mp3,avi,mpg,mpeg"
    
    # TAG: ulimit n
    #    The maximum number of open file descriptors to avoid "Too many open files" error message.
    #    You need to run Sarg as root to use ulimit tag.
    #    If you run Sarg with a low privilege user, set to 'none' to disable ulimit
    #
    #ulimit 20000
    
    # TAG: ntlm_user_format username|domainname+username
    #      NTLM users format.
    #
    #ntlm_user_format domainname+username
    ntlm_user_format domainname+username
    
    # TAG: realtime_refresh_time num sec
    #      How many seconds between auto refresh of the realtime report.
    #      0 = disable
    #
    realtime_refresh_time 0
    
    # TAG: realtime_access_log_lines num
    #      How many last lines to get from access.log file
    #
    # realtime_access_log_lines 1000
    
    # TAG: realtime_types: GET,PUT,CONNECT,ICP_QUERY,POST
    #      Which records must be in realtime report.
    #
    realtime_types GET,PUT,CONNECT
    
    # TAG: realtime_unauthenticated_records: ignore|show
    #      What to do with unauthenticated records in realtime report.
    #
    #
    realtime_unauthenticated_records show
    
    # TAG: byte_cost value no_cost_limit
    #      Cost per byte.
    #      Eg. byte_cost 0.01 100000000
    #           per byte cost      = 0.01
    #           bytes with no cost = 100 Mb
    #      0 = disable
    #
    # byte_cost 0.01 50000000
    
    # TAG: squid24 on|off
    #      Compatilibity with squid version <= 2.4 when using emulate_http_log on
    #
    # squid24 off
    
    # TAG: sorttable path
    #      The path to a javascript script to dynamically sort the tables.
    #      The path is the link a browser must follow to find the script. For instance,
    #      it may be http://www.myproxy.org/sorttable.js or just /sorttable.js if the script
    #      is at the root of your web site.
    #
    #      If the path starts with "../" then it is assumed to be a relative
    #      path and Sarg adds as many "../" as necessary to locate the js script from
    #      the output directory. Therefore, ../../sorttable.js links to the javascript
    #      one level above output_dir.
    #
    #      If this entry is set, each sortable table will have the "sortable" class set.
    #      You may have a look at http://www.kryogenix.org/code/browser/sorttable/
    #      for the implementation on which Sarg is based.
    #
    sorttable /sarg_sorttable.js
    
    # TAG: hostalias
    #      The name of a text file containing the host names (one per line) and the
    #      optional alias to use in the report instead of that host name.
    #      Host names may contain up to one wildcard denoted by a *. The wildcard
    #      must not be at the end of the host name.
    #      The host name may be followed by an optional alias; if no alias is provided,
    #      the host name, including the wildcard, replaces any matching host name found
    #      in the log.
    #      Host names replaced by identical aliases are grouped together in the
    #      reports.
    #      IP addresses are supported and accept the CIDR notation both for IPv4 and
    #      IPv6 addresses.
    #
    #      Example:
    #      *.gstatic.com
    #      mt*.google.com
    #      *.myphone.microsoft.com
    #      *.myphone.microsoft.com:443 *.myphone.microsoft.com:secure
    #      *.freeav.net antivirus:freeav
    #      *.mail.live.com
    #      65.52.00.00/14 *.mail.live.com
    


  • @marcelloc
    Apaguei o agendamento, informei os mesmos parametros.

    Comparando os arquivos a principio não identifiquei diferenças.
    Local do arquivo: /usr/local/etc/sarg/sarg.conf



  • Segue o arquivo antes de aplicar o agendamento.

    # sarg.conf
    #
    # TAG:  access_log file
    #       Where is the access.log
    #       sarg -l file
    #
    access_log
    
    # TAG: graphs yes|no
    #       Use graphics where possible.
    #           graph_days_bytes_bar_color blue|green|yellow|orange|brown|red
    #
    graphs yes
    #graph_days_bytes_bar_color orange
    
    # TAG:  graph_font
    #       The full path to the TTF font file to use to create the graphs. It is required
    #       if graphs is set to yes.
    #
    #graph_font /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf
    
    # TAG:  title
    #       Specify the title for html page.
    #
    #title "Squid User Access Reports"
    title "E2guardian User Access Reports"
    # TAG:  font_face
    #       Specify the font for html page.
    #
    #font_face Tahoma,Verdana,Arial
    
    # TAG:  header_color
    #       Specify the header color
    #
    #header_color darkblue
    
    # TAG:  header_bgcolor
    #       Specify the header bgcolor
    #
    #header_bgcolor blanchedalmond
    
    # TAG:  font_size
    #       Specify the text font size
    #
    #font_size 9px
    
    # TAG:  header_font_size
    #       Specify the header font size
    #
    #header_font_size 9px
    
    # TAG:  title_font_size
    #       Specify the title font size
    #
    #title_font_size 11px
    
    # TAG:  background_color
    # TAG:  background_color
    #       Html page background color
    #
    # background_color white
    
    # TAG:  text_color
    #       Html page text color
    #
    #text_color #000000
    
    # TAG:  text_bgcolor
    #       Html page text background color
    #
    #text_bgcolor lavender
    
    # TAG:  title_color
    #       Html page title color
    #
    #title_color green
    
    # TAG:  logo_image
    #       Html page logo.
    #
    #logo_image none
    
    # TAG:  logo_text
    #       Html page logo text.
    #
    #logo_text ""
    
    # TAG:  logo_text_color
    #       Html page logo texti color.
    #
    #logo_text_color #000000
    
    # TAG:  logo_image_size
    #       Html page logo image size.
    #       width height
    #
    #image_size 80 45
    
    # TAG:  background_image
    #       Html page background image
    #
    #background_image none
    
    # TAG:  password
    #       User password file used by Squid authentication scheme
    #       If used, generate reports just for those users.
    #
    #password none
    
    # TAG:  temporary_dir
    #       Temporary directory name for work files
    #       sarg -w dir
    #
    #temporary_dir /tmp
    
    # TAG:  output_dir
    #       The reports will be saved in that directory
    #       sarg -o dir
    #
    output_dir /usr/local/sarg-reports
    
    # TAG:  anonymous_output_files yes/no
    #       Use anonymous file and directory names in the report. If it is set to
    #       no (the default), the user ID/IP/name is slightly mangled to create a
    #       suitable file name to store the report of the user but the user's
    #       identity can easily be guessed from the mangled name. If this option is
    #       set, any file or directory belonging to the user is replaced by a short
    #       number.  The purpose is to hide the identity of the user when looking
    #       at the report file names but it may serve to shorten the path too.
    #
    anonymous_output_files no
    
    # TAG:  output_email
    #       Email address to send the reports. If you use this tag, no html reports will be generated.
    #       sarg -e email
    #
    #output_email none
    
    # TAG:  resolve_ip yes/no
    #       Convert IP address to DNS name
    #       sarg -n
    resolve_ip no
    
    # TAG:  user_ip yes/no
    #       Use IP address instead of userid in reports.
    #       sarg -p
    user_ip no
    
    # TAG:  topuser_sort_field field normal/reverse
    #       Sort field for the Topuser Report.
    #       Allowed fields: USER CONNECT BYTES TIME
    #
    topuser_sort_field BYTES normal
    
    # TAG:  user_sort_field field normal/reverse
    #       Sort field for the User Report.
    #       Allowed fields: SITE CONNECT BYTES TIME
    #
    user_sort_field BYTES normal
    
    # TAG:  exclude_users file
    #       users within the file will be excluded from reports.
    #       You can use indexonly to have only index.html file.
    #
    exclude_users /usr/local/etc/sarg/exclude_users.conf
    
    # TAG:  exclude_hosts file
    #       Hosts, domains or subnets will be excluded from reports.
    #
    #       Eg.: 192.168.10.10 - exclude this IP address only
    #            192.168.10.0/24 - exclude entire subnet
    #            host1.example.com - exclude this hostname only
    #            *.example.com - exclude entire domain
    #
    exclude_hosts /usr/local/etc/sarg/exclude_hosts.conf
    
    # TAG:  useragent_log file
    #       useragent.log file path to generate useragent report.
    #
    #useragent_log none
    
    # TAG:  date_format
    #       Date format in reports: e (European=dd/mm/yy), u (American=mm/dd/yy), w (Weekly=yy.ww)
    #
    #date_format u
    date_format u
    
    # TAG:  per_user_limit file MB
    #       Saves userid on file if download exceed n MB.
    #       This option allows you to disable user access if user exceeds a download limit.
    #
    #per_user_limit none
    
    # TAG: lastlog n
    #      How many reports files will be kept in reports directory.
    #      The oldest report file will be automatically removed.
    #      0 - no limit.
    #
    #lastlog 0
    lastlog 0
    
    # TAG: remove_temp_files yes
    #      Remove temporary files from root report directory.
    #
    remove_temp_files yes
    
    # TAG: index yes|no|only
    #      Generate the main index.html.
    #      only - generate only the main index.html
    #
    index yes
    
    # TAG: index_tree date|file
    #      How to generate the index.
    #
    index_tree file
    
    # TAG: index_fields
    #      The columns to show in the index of the reports
    #      Columns are: dirsize
    #
    #index_fields dirsize
    
    # TAG: overwrite_report yes|no
    #      yes - if report date already exist it will be overwrited.
    #       no - if report date already exist it will be renamed to filename.n, filename.n+1
    #
    overwrite_report yes
    
    # TAG: records_without_userid ignore|ip|everybody
    #      What can I do with records without user id (no authentication) in access.log file ?
    #
    #      ignore - This record will be ignored.
    #          ip - Use IP address instead. (default)
    #   everybody - Use "everybody" instead.
    #
    #records_without_userid ip
    
    # TAG: use_comma no|yes
    #      Use comma instead of dot in reports.
    #      Eg.: use_comma yes => 23,450,110
    #           use_comma no  => 23.450.110
    #
    use_comma yes
    
    # TAG: mail_utility
    #      Mail command to use to send reports via SMTP. Sarg calls it like this:
    #         mail_utility -s "SARG report, date" "output_email" <"mail_content"
    #
    #      Therefore, it is possible to add more arguments to the command by specifying them
    #      here.
    #
    #      If you need too, you can use a shell script to process the content of /dev/stdin
    #      (/dev/stdin is the mail_content passed by Sarg to the script) and call whatever
    #      command you like. It is not limited to mailing the report via SMTP.
    #
    #      Don't forget to quote the command if necessary (i.e. if the path contains
    #      characters that must be quoted).
    #
    #mail_utility mailx
    
    # TAG: topsites_num n
    #      How many sites in topsites report.
    #
    #topsites_num 100
    
    # TAG: topsites_sort_order CONNECT|BYTES|TIME A|D
    #      Sort for topsites report, where A=Ascending, D=Descending
    #
    #topsites_sort_order CONNECT D
    
    # TAG: index_sort_order A/D
    #      Sort for index.html, where A=Ascending, D=Descending
    #
    #index_sort_order D
    
    # TAG: exclude_codes file
    #      Ignore records with these Squid return codes. Eg.: NONE/400
    #      Write one code per line. Lines starting with a # are ignored.
    #      Only codes matching exactly one of the line is rejected. The
    #      comparison is not case sensitive.
    #
    exclude_codes /usr/local/etc/sarg/exclude_codes
    
    # TAG: replace_index string
    #      Replace "index.html" in the main index file with this string
    #      If null, "index.html" is used
    #
    #replace_index <?php echo str_replace(".", "_", ); echo ".html"; ?>
    
    # TAG: max_elapsed milliseconds
    #      If elapsed time recorded in log is greater than max_elapsed, use 0 for elapsed time.
    #      Use 0 for no checking
    #
    #max_elapsed 28800000
    # 8 Hours
    max_elapsed 0
    
    # TAG: report_type type
    #      What kind of reports to generate.
    #      topusers            - users, sites, times, bytes, connects, links to accessed sites, etc.
    #      topsites            - site, connect and bytes report
    #      sites_users         - users and sites report
    #      users_sites         - accessed sites by the user report
    #      date_time           - bytes used per day and hour report
    #      denied              - denied sites with full URL report
    #      auth_failures       - autentication failures report
    #      site_user_time_date - sites, dates, times and bytes report
    #      downloads           - downloads per user report
    #
    #      Eg.: report_type topsites denied
    #
    #report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
    report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
    
    # TAG: usertab filename
    #      You can change the "userid" or the "IP address" to be a real user name on the reports.
    #      If resolve_ip is active, the IP address is resolved before being looked up in this
    #      file. That is, if you want to map the ip address, be sure to set resolve_ip to no or
    #      the resolved name will be looked up in the file instead of the IP address. Note that
    #      it can be used to resolve any IP address known to the DNS and then map the unresolved
    #      IP addresses to a name found in the usertab file.
    #      Table syntax:
    #               userid name   or   ip address name
    #      Eg:
    #               SirIsaac Isaac Newton
    #               vinci Leonardo da Vinci
    #               192.168.10.1 Karol Wojtyla
    #
    #      Each line must be terminated with '\ n'
    #      If usertab is set to value "ldap" (case ignored), user names
    #      will be taken from LDAP server. Use this method to obtain usernames
    #      LDAP / Active Directory.
    #
    #usertab none
    usertab none
    
    # TAG: LDAPHost hostname
    #       FQDN or IP address of host with LDAP service or AD DC
    #       default is '127.0.0.1'
    #LDAPHost 127.0.0.1
    
    
    # TAG: LDAPPort port
    #       LDAP service port number
    #       default is '389'
    #LDAPPort 389
    
    
    # TAG: LDAPBindDN CN=username,OU=group,DC=mydomain,DC=com
    #       DN of the LDAP user who is authorized to the search the LDAP database
    #       default is empty line
    #LDAPBindDN cn=proxy,dc=mydomain,dc=local
    
    
    # TAG: LDAPBindPW secret
    #       Password for LDAPBindDN specified above.
    #       default is empty line
    #LDAPBindPW secret
    
    
    # TAG: LDAPBaseSearch OU=users,DC=mydomain,DC=com
    #       LDAP search base DN. The search base is the place in the hierarchical LDAP structure
    #       where the search for user accounts starts.
    #       default is empty line
    #LDAPBaseSearch ou=users,dc=mydomain,dc=local
    
    
    # TAG: LDAPFilterSearch (uid=%s)
    #       Use this to filter the user login entries to be returned for a search operation in LDAP.
    #       First founded record will be used
    #       %s - will be changed to userlogins from access.log file
    #       Search filter string can have up to 5 '%s' tags.
    #       default value is '(uid=%s)'
    #LDAPFilterSearch (uid=%s)
    
    
    # TAG: LDAPTargetAttr attributename
    #       Name of the attribute containing the login name of the user.
    #       default value is 'cn'
    #LDAPTargetAttr cn
    
    
    # TAG: long_url yes|no
    #      If yes, the full url is showed in report.
    #      If no, only the site will be showed
    #
    #      YES option generate very big sort files and reports.
    #
    long_url no
    
    # TAG: date_time_by bytes|elap
    #      Date/Time reports show the downloaded volume or the elapsed time or both.
    #
    #date_time_by bytes
    date_time_by bytes
    
    # TAG: charset name
    #      ISO 8859 is a full series of 10 standardized multilingual single-byte coded (8bit)
    #      graphic character sets for writing in alphabetic languages
    #      You can use the following charsets:
    #               Latin1          - West European
    #               Latin2          - Central and East European
    #               Latin3          - Southeast European
    #               Latin4          - Scandinavian/Baltic
    #               Cyrillic
    #               Arabic
    #               Greek
    #               Hebrew
    #               Latin5          - Turkish
    #               Latin6          - Lappish/Nordic/Eskimo
    #               Windows-1251
    #               Japan
    #               Koi8-r
    #               UTF-8
    #
    #charset Latin1
    charset UTF-8
    
    # TAG: user_invalid_char "&/"
    #      Records that contain invalid characters in userid will be ignored by Sarg.
    #
    #user_invalid_char "&/"
    
    # TAG: privacy yes|no
    #      privacy_string "***.***.***.***"
    #      privacy_string_color blue
    #      In some countries the sysadm cannot see the visited sites by a restrictive law.
    #      Using privacy 'yes', the visited url will be changes by privacy_string and the link
    #      will be removed from reports.
    #
    privacy no
    #privacy_string "***.***.***.***"
    #privacy_string_color blue
    
    # TAG: include_users "user1:user2:...:usern"
    #      Reports will be generated only for listed users.
    #
    #include_users none
    
    
    # TAG: exclude_string "string1:string2:...:stringn"
    #      Records from access.log file that contain one of listed strings will be ignored.
    #
    #exclude_string none
    exclude_string "e2gerror.php:[inet"
    # TAG: show_successful_message yes|no
    #      Shows "Successful report generated on dir" at end of process.
    #
    #show_successful_message yes
    
    # TAG: show_read_statistics yes|no
    #      Shows some reading statistics.
    #
    #show_read_statistics yes
    
    # TAG: topuser_fields
    #      Which fields must be in Topuser report.
    #
    #topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
    
    # TAG: user_report_fields
    #      Which fields must be in User report.
    #
    #user_report_fields CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
    
    # TAG: bytes_in_sites_users_report yes|no
    #      Bytes field must be in Site & Users Report ?
    #
    #bytes_in_sites_users_report no
    bytes_in_sites_users_report no
    
    # TAG: topuser_num n
    #      How many users in topsites report. 0 = no limit
    #
    #topuser_num 0
    topuser_num 0
    
    # TAG: datafile file
    #      Save the report results in a file to populate some database
    #
    #datafile none
    
    # TAG: datafile_delimiter "     "
    #      ascii character to use as a field separator in datafile
    #
    #datafile_delimiter ""
    
    # TAG: datafile_fields all
    #      Which data fields must be in datafile
    #      user;date;time;url;connect;bytes;in_cache;out_cache;elapsed
    #
    #datafile_fields user;date;time;url;connect;bytes;in_cache;out_cache;elapsed
    
    
    # TAG: datafile_url ip|name
    #      Saves the URL as IP or name in datafile
    #
    #datafile_url ip
    
    # TAG: weekdays
    #      The weekdays to take into account ( Sunday->0, Saturday->6 )
    # Example:
    #weekdays 1-3,5
    # Default:
    #weekdays 0-6
    
    # TAG: hours
    #      The hours to take into account
    # Example:
    #hours 7-12,14,16,18-20
    # Default:
    #hours 0-23
    
    # TAG: dansguardian_conf file
    #      DansGuardian.conf file path
    #      Generate reports from DansGuardian logs.
    #      Use 'none' to disable it.
    #      dansguardian_conf /usr/dansguardian/dansguardian.conf
    #
    dansguardian_conf
    
    # TAG: dansguardian_filter_out_date on|off
    #      This option replaces dansguardian_ignore_date (its name was not appropriate with respect to its action).
    #      Note the change of parameter value compared to the old option.
    #      'off' use the record even if its date is outside of the range found in the input log file.
    #      'on'  use the record only if its date is in the range found in the input log file.
    #
    dansguardian_filter_out_date on
    
    # TAG: squidguard_conf file
    #      path to squidGuard.conf file
    #      Generate reports from SquidGuard logs.
    #      Use 'none' to disable.
    #      You can use sarg -L filename to use an alternate squidGuard log.
    #      squidguard_conf /usr/local/squidGuard/squidGuard.conf
    #
    squidguard_conf none
    
    # TAG: redirector_log file
    #      The location of the web proxy redirector log, such as one created by squidGuard or Rejik. The option
    #      may be repeated up to 64 times to read multiple files.
    #      If this option is specified, it takes precedence over squidguard_conf.
    #      The command line option -L override this option.
    #
    #redirector_log /usr/local/squidGuard/var/logs/urls.log
    
    # TAG: redirector_filter_out_date on|off
    #      This option replaces squidguard_ignore_date and redirector_ignore_date (their names were not
    #      appropriate with respect to their actions).
    #      Note the change of parameter value compared to the old options.
    #      'off' use the record even if its date is outside of the range found in the input log file.
    #      'on'  use the record only if its date is in the range found in the input log file.
    #
    #redirector_filter_out_date on
    
    # TAG: redirector_log_format
    #      Format string for web proxy redirector logs.
    #      This option was named squidguard_log_format before Sarg 2.3.
    #      REJIK       #year#-#mon#-#day# #hour# #list#:#tmp# #ip# #user# #tmp#/#tmp#/#url#/#end#
    #      SQUIDGUARD  #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#
    #redirector_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#
    
    # TAG: show_sarg_info yes|no
    #      shows Sarg information and site path on each report bottom
    #
    show_sarg_info no
    
    # TAG: show_sarg_logo yes|no
    #      shows Sarg logo
    #
    show_sarg_logo no
    
    # TAG: parsed_output_log directory
    #      Saves the processed log in a Sarg format after parsing the squid log file.
    #      This is a way to dump all of the data structures out, after parsing from
    #      the logs (presumably this data will be much smaller than the log files themselves),
    #      and pull them back in for later processing and merging with data from previous logs.
    #
    #parsed_output_log none
    
    # TAG: parsed_output_log_compress /bin/gzip|/usr/bin/bzip2|nocompress
    #      Command to run to compress sarg parsed output log. It may contain
    #      options (such as -f to overwrite existing target file). The name of
    #      the file to compresse is provided at the end of this
    #      command line. Don't forget to quote things appropriately.
    #
    #parsed_output_log_compress /bin/gzip
    
    # TAG: displayed_values bytes|abbreviation
    #      how the values will be displayed in reports.
    #      eg. bytes        -  209.526
    #          abbreviation -  210K
    #
    #displayed_values bytes
    displayed_values bytes
    
    # Report limits
    # TAG: authfail_report_limit n
    # TAG: denied_report_limit n
    # TAG: siteusers_report_limit n
    # TAG: squidguard_report_limit n
    # TAG: user_report_limit n
    # TAG: dansguardian_report_limit n
    # TAG: download_report_limit n
    #      report limits (lines).
    #      '0' no limit
    #
    #authfail_report_limit 10
    authfail_report_limit 0
    #denied_report_limit 10
    denied_report_limit 0
    #siteusers_report_limit 0
    #squidguard_report_limit 10
    #dansguardian_report_limit 10
    #user_report_limit 10
    #user_report_limit 50
    siteusers_report_limit 0
    user_report_limit 0
    dansguardian_report_limit 0
    
    
    # TAG: www_document_root dir
    #     Where is your Web DocumentRoot
    #     Sarg will create sarg-php directory with some PHP modules:
    #     - sarg-squidguard-block.php - add urls from user reports to squidGuard DB
    #
    #www_document_root /var/www/html
    www_document_root /usr/local/www
    
    # TAG: block_it module_url
    #     This tag allows you to pass urls from user reports to a cgi or php module,
    #     to be blocked by some Squid acl.
    #
    #     Eg.: block_it /sarg-php/sarg-block-it.php
    #     sarg-block-it is a php that will append a url to a flat file.
    #     You must change /var/www/html/sarg-php/sarg-block-it to point to your file
    #     in  variable, and chown to the httpd owner.
    #
    #     Sarg will pass http://module_url?url=url
    #
    #block_it none
    
    # TAG: external_css_file path
    #     Provide the path to an external CSS file to link into the HTML reports instead of
    #     the inline CSS written by sarg when this option is not set.
    #
    #     In versions prior to 2.3, this used to be an absolute file name to
    #     a file to include verbatim in each HTML page but, as it takes a lot of
    #     space, version 2.3 switched to a link to an external CSS file.
    #     Therefore, this option must contain the HTTP server path on which a client
    #     browser may find the CSS file.
    #
    #     Sarg use theses style classes:
    #       .logo           logo class
    #       .info           sarg information class, align=center
    #       .title_c        title class, align=center
    #       .header_c       header class, align:center
    #       .header_l       header class, align:left
    #       .header_r       header class, align:right
    #       .text           text class, align:right
    #       .data           table text class, align:right
    #       .data2          table text class, align:left
    #       .data3          table text class, align:center
    #       .link           link class
    #
    #     Sarg can be instructed to output the internal CSS it inline
    #     into the reports with this command:
    #
    #        sarg --css
    #
    #     You can redirect the output to a file of your choice and edit
    #     it to your liking.
    #
    #external_css_file none
    # TAG: user_authentication yes|no
    #     Allow user authentication in User Reports using .htaccess
    #     Parameters:
    #       AuthUserTemplateFile - The template to use to create the
    #     .htaccess file. In the template, %u is replaced by the
    #     user's ID for which the report is generated. The path of the
    #     template is relative to the directory containing sarg
    #     configuration file.
    #
    # user_authentication no
    # AuthUserTemplateFile sarg_htaccess
    
    # TAG: download_suffix "suffix,suffix,...,suffix"
    #    file suffix to be considered as "download" in Download report.
    #    Use 'none' to disable.
    #
    #download_suffix "zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,mp3,avi,mpg,mpeg"
    
    # TAG: ulimit n
    #    The maximum number of open file descriptors to avoid "Too many open files" error message.
    #    You need to run Sarg as root to use ulimit tag.
    #    If you run Sarg with a low privilege user, set to 'none' to disable ulimit
    #
    #ulimit 20000
    
    # TAG: ntlm_user_format username|domainname+username
    #      NTLM users format.
    #
    #ntlm_user_format domainname+username
    ntlm_user_format domainname+username
    
    # TAG: realtime_refresh_time num sec
    #      How many seconds between auto refresh of the realtime report.
    #      0 = disable
    #
    realtime_refresh_time 0
    
    # TAG: realtime_access_log_lines num
    #      How many last lines to get from access.log file
    #
    # realtime_access_log_lines 1000
    
    # TAG: realtime_types: GET,PUT,CONNECT,ICP_QUERY,POST
    #      Which records must be in realtime report.
    #
    realtime_types GET,PUT,CONNECT
    
    # TAG: realtime_unauthenticated_records: ignore|show
    #      What to do with unauthenticated records in realtime report.
    #
    #
    realtime_unauthenticated_records show
    
    # TAG: byte_cost value no_cost_limit
    #      Cost per byte.
    #      Eg. byte_cost 0.01 100000000
    #           per byte cost      = 0.01
    #           bytes with no cost = 100 Mb
    #      0 = disable
    #
    # byte_cost 0.01 50000000
    
    # TAG: squid24 on|off
    #      Compatilibity with squid version <= 2.4 when using emulate_http_log on
    #
    # squid24 off
    
    # TAG: sorttable path
    #      The path to a javascript script to dynamically sort the tables.
    #      The path is the link a browser must follow to find the script. For instance,
    #      it may be http://www.myproxy.org/sorttable.js or just /sorttable.js if the script
    #      is at the root of your web site.
    #
    #      If the path starts with "../" then it is assumed to be a relative
    #      path and Sarg adds as many "../" as necessary to locate the js script from
    #      the output directory. Therefore, ../../sorttable.js links to the javascript
    #      one level above output_dir.
    #
    #      If this entry is set, each sortable table will have the "sortable" class set.
    #      You may have a look at http://www.kryogenix.org/code/browser/sorttable/
    #      for the implementation on which Sarg is based.
    #
    sorttable /sarg_sorttable.js
    
    # TAG: hostalias
    #      The name of a text file containing the host names (one per line) and the
    #      optional alias to use in the report instead of that host name.
    #      Host names may contain up to one wildcard denoted by a *. The wildcard
    #      must not be at the end of the host name.
    #      The host name may be followed by an optional alias; if no alias is provided,
    #      the host name, including the wildcard, replaces any matching host name found
    #      in the log.
    #      Host names replaced by identical aliases are grouped together in the
    #      reports.
    #      IP addresses are supported and accept the CIDR notation both for IPv4 and
    #      IPv6 addresses.
    #
    #      Example:
    #      *.gstatic.com
    #      mt*.google.com
    #      *.myphone.microsoft.com
    #      *.myphone.microsoft.com:443 *.myphone.microsoft.com:secure
    #      *.freeav.net antivirus:freeav
    #      *.mail.live.com
    #      65.52.00.00/14 *.mail.live.com
    


  • @marcelloc executei o comando na shell e obtive o retorno

    code
    root: sarg -d `date -v-1w +%d/%m/%Y`-`date -v-1d +%d/%m/%Y`
    SARG: Loop detected in getword after 256 bytes.
    SARG: Line="1528476366.447    162 192.168.oa er TCP_MISS/204 0 GET"
    SARG: Record="https://g.bing.com/uac/request?size=300x600;noperf=1;adclntid=1002;alias=SKYBRPT9;kvmsft_ext_inv_cd=br;kvmsft_muid=34c7d87a37d36b3b228dd3b733d36807;kvmsft_optout=1;kvmsft_sdkversion=8.9;kvpg=%2Fstatic.skypeassets%2Fadserver%2Fadloader-v2.html;kvugc=0;kvrefd=apps.skype.com;kvmn=SKYBRPT9;kvgrp=476601497;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=-180;grp=476601497 - DEFAULT_PARENT/ -"
    SARG: searching for 'x20'
    SARG: Invalid user ID in file "/var/log/e2guardian/access.log"
    
    
    

    Pelo que pude ver, parece que é alguma ACL que mexi e não está sendo carregada corretamente pro relatório.

    Edit:

    Editei o access.log e retirei a linha que estava apresentando erro, observei então que trouxe

    
    https://advergine.com/stat?&h=www.maxmilhas.com.br&t=0.9895906489163713
    https://ch1-client-s.gateway.messenger.live.com
    licitacoes/favorites.json
    web/public/boletins/1172455570/followups/1417001659.json
    [in.168.1.120 -- Esse eu corrigi na unha 
    

    Depois rodei novamente o comando para gerar os relatórios da última semana.
    Consegui criar o relatório, vou criar agora o agendamento para ser diário e atualizado a cada 30 minutos.

    A dúvida agora, é saber como e porque carregou os dados/sites que citei acima.



  • Acompanhei o processo de atualização do SARG a cada 30 min e aparentemente está td ok.



  • Meu Sarg esta lendo os logs normalmente por enquanto, mas no SYSTEM LOGS do Pfsense ainda está gerando o erro a seguir.

    nginx: 2018/06/14 13:47:05 [error] 46335#100130: *2872 open() "/usr/local/www/sarg_sorttable.js" failed (2: No such file or directory), client: 192.168.0.69, server: , request: "GET /sarg_sorttable.js HTTP/1.1", host: "192.168.0.1", referrer: "http://192.168.0.1/sarg_frame.php?prevent=446666891557765600?"

    Q estranho....



  • Meu sarg esta funcionando perfeitamente, o unico porem e q ele parou de resolver os IP nos relatorio,

    Mesmo no terminal quando roda sarg -n ele gera o relatorio com ips somente, alguem tem ideia de como resolver?

    Obrigado



  • Mudou alguma opção de configuração?



  • @marcelloc não, eu so habilitei o pfblocker



  • quando pingo uma estação tipo estacao1.dominio no shell do pfsense ele resolve certo.



  • @clebermedina , Roda o sarg na console, ve se ele acusa algum erro ou dificuldade.



  • @marcelloc nenhuma pelo visto

    sarg -xn
    SARG: Init
    SARG: Loading configuration from /usr/local/etc/sarg/sarg.conf
    SARG: Chaining IP resolving module "dns"
    SARG: Chaining IP resolving module "dns"
    SARG: Loading exclude host file from: /usr/local/etc/sarg/exclude_hosts.conf
    SARG: Loading exclude file from: /usr/local/etc/sarg/exclude_users.conf
    SARG: Reading host alias file "/usr/local/etc/sarg/hostalias"
    SARG: List of host names to alias:
    SARG: Parameters:
    SARG:           Hostname or IP address (-a) =
    SARG:                    Useragent log (-b) =
    SARG:                     Exclude file (-c) = /usr/local/etc/sarg/exclude_hosts.conf
    SARG:                  Date from-until (-d) =
    SARG:    Email address to send reports (-e) =
    SARG:                      Config file (-f) = /usr/local/etc/sarg/sarg.conf
    SARG:                      Date format (-g) = Europe (dd/mm/yyyy)
    SARG:                        IP report (-i) = No
    SARG:             Keep temporary files (-k) = No
    SARG:                        Input log (-l) = /var/log/e2guardian/access.log
    SARG:               Resolve IP Address (-n) = Yes
    SARG:                       Output dir (-o) = /usr/local/sarg-reports/
    SARG: Use Ip Address instead of userid (-p) = No
    SARG:                    Accessed site (-s) =
    SARG:                             Time (-t) =
    SARG:                             User (-u) =
    SARG:                    Temporary dir (-w) = /tmp/sarg
    SARG:                   Debug messages (-x) = Yes
    SARG:                 Process messages (-z) = No
    SARG:  Previous reports to keep (--lastlog) = 0
    SARG:
    SARG: SARG version: 2.3.10 Apr-12-2015
    SARG: Reading access log file: /var/log/e2guardian/access.log
    SARG: Records in file: 27997, reading: 100.00%
    SARG:    Records read: 27997, written: 27997, excluded: 0
    SARG: Squid log format
    SARG: Period: 14 Jun 2018
    SARG: File "/usr/local/sarg-reports/14Jun2018-14Jun2018" already exists, moved to "/usr/local/                                                                                                                                               sarg-reports/14Jun2018-14Jun2018.2"
    SARG: Sorting log /tmp/sarg/192_168_10_137.user_unsort
    SARG: Making file /tmp/sarg/192_168_10_137
    SARG: Sorting log /tmp/sarg/192_168_10_109.user_unsort
    SARG: Making file /tmp/sarg/192_168_10_109
    SARG: Sorting log /tmp/sarg/192_168_10_121.user_unsort
    SARG: Making file /tmp/sarg/192_168_10_121
    SARG: Sorting log /tmp/sarg/192_168_10_115.user_unsort
    SARG: Making file /tmp/sarg/192_168_10_115
    SARG: Sorting log /tmp/sarg/192_168_10_106.user_unsort
    SARG: Making file /tmp/sarg/192_168_10_106
    SARG: Sorting log /tmp/sarg/192_168_10_118.user_unsort
    SARG: Making file /tmp/sarg/192_168_10_118
    SARG: Sorting log /tmp/sarg/192_168_10_138.user_unsort
    SARG: Making file /tmp/sarg/192_168_10_138
    SARG: Sorting log /tmp/sarg/192_168_10_108.user_unsort
    SARG: Making file /tmp/sarg/192_168_10_108
    SARG: Sorting log /tmp/sarg/192_168_10_125.user_unsort
    SARG: Making file /tmp/sarg/192_168_10_125
    SARG: Sorting log /tmp/sarg/192_168_10_112.user_unsort
    SARG: Making file /tmp/sarg/192_168_10_112
    SARG: Sorting log /tmp/sarg/192_168_10_116.user_unsort
    SARG: Making file /tmp/sarg/192_168_10_116
    SARG: Sorting log /tmp/sarg/192_168_10_128.user_unsort
    SARG: Making file /tmp/sarg/192_168_10_128
    SARG: Sorting log /tmp/sarg/192_168_10_117.user_unsort
    SARG: Making file /tmp/sarg/192_168_10_117
    SARG: Sorting log /tmp/sarg/192_168_10_134.user_unsort
    SARG: Making file /tmp/sarg/192_168_10_134
    SARG: Sorting log /tmp/sarg/192_168_10_147.user_unsort
    SARG: Making file /tmp/sarg/192_168_10_147
    SARG: Sorting log /tmp/sarg/192_168_10_110.user_unsort
    SARG: Making file /tmp/sarg/192_168_10_110
    SARG: Sorting log /tmp/sarg/192_168_10_126.user_unsort
    SARG: Making file /tmp/sarg/192_168_10_126
    SARG: Sorting log /tmp/sarg/192_168_10_141.user_unsort
    SARG: Making file /tmp/sarg/192_168_10_141
    SARG: Sorting log /tmp/sarg/192_168_10_107.user_unsort
    SARG: Making file /tmp/sarg/192_168_10_107
    SARG: Sorting log /tmp/sarg/192_168_10_113.user_unsort
    SARG: Making file /tmp/sarg/192_168_10_113
    SARG: Using the dansguardian log file "/var/log/e2guardian/access.log" found in your configura                                                                                                                                               tion file "/usr/local/etc/e2guardian/e2guardian.conf"
    SARG: Reading DansGuardian log file "/var/log/e2guardian/access.log"
    SARG: Sorting file "/tmp/sarg/dansguardian.int_log"
    SARG: Sorting file "/tmp/sarg/192_168_10_137.utmp"
    SARG: Making report 192.168.10.137
    SARG: Sorting file "/tmp/sarg/192_168_10_109.utmp"
    SARG: Making report 192.168.10.109
    SARG: Sorting file "/tmp/sarg/192_168_10_121.utmp"
    SARG: Making report 192.168.10.121
    SARG: Sorting file "/tmp/sarg/192_168_10_115.utmp"
    SARG: Making report 192.168.10.115
    SARG: Sorting file "/tmp/sarg/192_168_10_106.utmp"
    SARG: Making report 192.168.10.106
    SARG: Sorting file "/tmp/sarg/192_168_10_118.utmp"
    SARG: Making report 192.168.10.118
    SARG: Sorting file "/tmp/sarg/192_168_10_138.utmp"
    SARG: Making report 192.168.10.138
    SARG: Sorting file "/tmp/sarg/192_168_10_108.utmp"
    SARG: Making report 192.168.10.108
    SARG: Sorting file "/tmp/sarg/192_168_10_125.utmp"
    SARG: Making report 192.168.10.125
    SARG: Sorting file "/tmp/sarg/192_168_10_112.utmp"
    SARG: Making report 192.168.10.112
    SARG: Sorting file "/tmp/sarg/192_168_10_116.utmp"
    SARG: Making report 192.168.10.116
    SARG: Sorting file "/tmp/sarg/192_168_10_128.utmp"
    SARG: Making report 192.168.10.128
    SARG: Sorting file "/tmp/sarg/192_168_10_117.utmp"
    SARG: Making report 192.168.10.117
    SARG: Sorting file "/tmp/sarg/192_168_10_134.utmp"
    SARG: Making report 192.168.10.134
    SARG: Sorting file "/tmp/sarg/192_168_10_147.utmp"
    SARG: Making report 192.168.10.147
    SARG: Sorting file "/tmp/sarg/192_168_10_110.utmp"
    SARG: Making report 192.168.10.110
    SARG: Sorting file "/tmp/sarg/192_168_10_126.utmp"
    SARG: Making report 192.168.10.126
    SARG: Sorting file "/tmp/sarg/192_168_10_141.utmp"
    SARG: Making report 192.168.10.141
    SARG: Sorting file "/tmp/sarg/192_168_10_107.utmp"
    SARG: Making report 192.168.10.107
    SARG: Sorting file "/tmp/sarg/192_168_10_113.utmp"
    SARG: Making report 192.168.10.113
    SARG: Making index.html
    SARG: Successful report generated on /usr/local/sarg-reports/14Jun2018-14Jun2018
    SARG: Purging temporary file sarg-general
    SARG: End
    


  • Se está gerando mais de uma vez por dia, marca a opção overwrite report. Isso vai gerar um único relatório do dia que vai "se completando" com o passar das horas.

    a opção que resolve o nome das estações é Convert IP address to DNS name, ela está marcada?



  • Entao @marcelloc, eu entendo o funcionamento, a overwrite esta disabilitada para eu comparar os resultados nos testes

    A opção Convert IP address to DNS name esta habilitada tambem.

    O interessante e que parou de resolver do nada.



  • Meu sarg so atualiza os relatorios quando rodo o comando ...
    sarg -nx no terminal, não esta atualizando com o schedule no cron.
    Ja removi o pacote, ja reinstalei, removi todos os logs, exclui todos os diretorios do sarg e o mesmo problema continua.
    Alguem tem ideia do que possa ser?



  • Boa noite , realizei a instalação do e2g + sarg , e ocorre que não abre o relatório, segui os passos do topico e posto o conteudo do comando sarg-x via ssh
    0_1529152869184_erro_logs.jpg



  • Roda o comando que esta agendado no cron e qual é a saída dele.



  • @marcelloc iniciei a validação do pacote UserAuth e agora ao rodar o Sarg está apresentando a mensagem

    code
    login as: /root: sarg -n
    SARG: File "" not found
    

    Vacilei em algum ponto?



  • Salva as configurações do sarg novamente.
    Estou veriifcando esse bug do pacote sarg. em algum momento o sarg.conf é gerado sem a informação do log.



  • @marcelloc Hello,

    I installed e2Guardian5 with your guide to my pfsense 2.4.4 and than i found video of you for sarg package but i could not run sarg ?

    i got this error via console with sarg -x ;

    SARG: Init
    SARG: Loading configuration from /usr/local/etc/sarg/sarg.conf
    SARG: Chaining IP resolving module "dns"
    SARG: Loading exclude host file from: /usr/local/etc/sarg/exclude_hosts.conf
    SARG: Loading exclude file from: /usr/local/etc/sarg/exclude_users.conf
    SARG: Reading host alias file "/usr/local/etc/sarg/hostalias"
    SARG: List of host names to alias:
    SARG: Deleting temporary directory "/tmp/sarg"
    SARG: Parameters:
    SARG: Hostname or IP address (-a) =
    SARG: Useragent log (-b) =
    SARG: Exclude file (-c) = /usr/local/etc/sarg/exclude_hosts.conf
    SARG: Date from-until (-d) =
    SARG: Email address to send reports (-e) =
    SARG: Config file (-f) = /usr/local/etc/sarg/sarg.conf
    SARG: Date format (-g) = Europe (dd/mm/yyyy)
    SARG: IP report (-i) = No
    SARG: Keep temporary files (-k) = No
    SARG: Input log (-l) = /var/log/e2guardian/access.log
    SARG: Resolve IP Address (-n) = Yes
    SARG: Output dir (-o) = /usr/local/sarg-reports/
    SARG: Use Ip Address instead of userid (-p) = Yes
    SARG: Accessed site (-s) =
    SARG: Time (-t) =
    SARG: User (-u) =
    SARG: Temporary dir (-w) = /tmp/sarg
    SARG: Debug messages (-x) = Yes
    SARG: Process messages (-z) = No
    SARG: Previous reports to keep (--lastlog) = 0
    SARG:
    SARG: SARG version: 2.3.11 Jan-14-2018
    SARG: Reading access log file: /var/log/e2guardian/access.log
    SARG: Loop detected in getword_multisep after 30 bytes.
    SARG: Line="2.168.70.204 http"
    SARG: Record="//init-p01st.push.apple.com/bag - GET 8043 0 - 1 200 - 192.168.70.204 Default - - - - -"
    SARG: searching for 'x20'
    SARG: Invalid date in file "/var/log/e2guardian/access.log"

    Could you share with me any idea ?

    Thank you so much .

    Also there is another problem how i can block file extensions for HTTPS protocol ? and there is one notification via pfsense E2guardian - is not a valid access denied url ... ? What is that meaning ? How can i solve ?

    Thank you so much again .