SARG + E2guardian
-
Meu sarg esta funcionando perfeitamente, o unico porem e q ele parou de resolver os IP nos relatorio,
Mesmo no terminal quando roda sarg -n ele gera o relatorio com ips somente, alguem tem ideia de como resolver?
Obrigado
-
Mudou alguma opção de configuração?
Treinamentos de Elite: http://sys-squad.com
-
@marcelloc não, eu so habilitei o pfblocker
-
quando pingo uma estação tipo estacao1.dominio no shell do pfsense ele resolve certo.
-
@clebermedina , Roda o sarg na console, ve se ele acusa algum erro ou dificuldade.
Treinamentos de Elite: http://sys-squad.com
-
@marcelloc nenhuma pelo visto
sarg -xn SARG: Init SARG: Loading configuration from /usr/local/etc/sarg/sarg.conf SARG: Chaining IP resolving module "dns" SARG: Chaining IP resolving module "dns" SARG: Loading exclude host file from: /usr/local/etc/sarg/exclude_hosts.conf SARG: Loading exclude file from: /usr/local/etc/sarg/exclude_users.conf SARG: Reading host alias file "/usr/local/etc/sarg/hostalias" SARG: List of host names to alias: SARG: Parameters: SARG: Hostname or IP address (-a) = SARG: Useragent log (-b) = SARG: Exclude file (-c) = /usr/local/etc/sarg/exclude_hosts.conf SARG: Date from-until (-d) = SARG: Email address to send reports (-e) = SARG: Config file (-f) = /usr/local/etc/sarg/sarg.conf SARG: Date format (-g) = Europe (dd/mm/yyyy) SARG: IP report (-i) = No SARG: Keep temporary files (-k) = No SARG: Input log (-l) = /var/log/e2guardian/access.log SARG: Resolve IP Address (-n) = Yes SARG: Output dir (-o) = /usr/local/sarg-reports/ SARG: Use Ip Address instead of userid (-p) = No SARG: Accessed site (-s) = SARG: Time (-t) = SARG: User (-u) = SARG: Temporary dir (-w) = /tmp/sarg SARG: Debug messages (-x) = Yes SARG: Process messages (-z) = No SARG: Previous reports to keep (--lastlog) = 0 SARG: SARG: SARG version: 2.3.10 Apr-12-2015 SARG: Reading access log file: /var/log/e2guardian/access.log SARG: Records in file: 27997, reading: 100.00% SARG: Records read: 27997, written: 27997, excluded: 0 SARG: Squid log format SARG: Period: 14 Jun 2018 SARG: File "/usr/local/sarg-reports/14Jun2018-14Jun2018" already exists, moved to "/usr/local/ sarg-reports/14Jun2018-14Jun2018.2" SARG: Sorting log /tmp/sarg/192_168_10_137.user_unsort SARG: Making file /tmp/sarg/192_168_10_137 SARG: Sorting log /tmp/sarg/192_168_10_109.user_unsort SARG: Making file /tmp/sarg/192_168_10_109 SARG: Sorting log /tmp/sarg/192_168_10_121.user_unsort SARG: Making file /tmp/sarg/192_168_10_121 SARG: Sorting log /tmp/sarg/192_168_10_115.user_unsort SARG: Making file /tmp/sarg/192_168_10_115 SARG: Sorting log /tmp/sarg/192_168_10_106.user_unsort SARG: Making file /tmp/sarg/192_168_10_106 SARG: Sorting log /tmp/sarg/192_168_10_118.user_unsort SARG: Making file /tmp/sarg/192_168_10_118 SARG: Sorting log /tmp/sarg/192_168_10_138.user_unsort SARG: Making file /tmp/sarg/192_168_10_138 SARG: Sorting log /tmp/sarg/192_168_10_108.user_unsort SARG: Making file /tmp/sarg/192_168_10_108 SARG: Sorting log /tmp/sarg/192_168_10_125.user_unsort SARG: Making file /tmp/sarg/192_168_10_125 SARG: Sorting log /tmp/sarg/192_168_10_112.user_unsort SARG: Making file /tmp/sarg/192_168_10_112 SARG: Sorting log /tmp/sarg/192_168_10_116.user_unsort SARG: Making file /tmp/sarg/192_168_10_116 SARG: Sorting log /tmp/sarg/192_168_10_128.user_unsort SARG: Making file /tmp/sarg/192_168_10_128 SARG: Sorting log /tmp/sarg/192_168_10_117.user_unsort SARG: Making file /tmp/sarg/192_168_10_117 SARG: Sorting log /tmp/sarg/192_168_10_134.user_unsort SARG: Making file /tmp/sarg/192_168_10_134 SARG: Sorting log /tmp/sarg/192_168_10_147.user_unsort SARG: Making file /tmp/sarg/192_168_10_147 SARG: Sorting log /tmp/sarg/192_168_10_110.user_unsort SARG: Making file /tmp/sarg/192_168_10_110 SARG: Sorting log /tmp/sarg/192_168_10_126.user_unsort SARG: Making file /tmp/sarg/192_168_10_126 SARG: Sorting log /tmp/sarg/192_168_10_141.user_unsort SARG: Making file /tmp/sarg/192_168_10_141 SARG: Sorting log /tmp/sarg/192_168_10_107.user_unsort SARG: Making file /tmp/sarg/192_168_10_107 SARG: Sorting log /tmp/sarg/192_168_10_113.user_unsort SARG: Making file /tmp/sarg/192_168_10_113 SARG: Using the dansguardian log file "/var/log/e2guardian/access.log" found in your configura tion file "/usr/local/etc/e2guardian/e2guardian.conf" SARG: Reading DansGuardian log file "/var/log/e2guardian/access.log" SARG: Sorting file "/tmp/sarg/dansguardian.int_log" SARG: Sorting file "/tmp/sarg/192_168_10_137.utmp" SARG: Making report 192.168.10.137 SARG: Sorting file "/tmp/sarg/192_168_10_109.utmp" SARG: Making report 192.168.10.109 SARG: Sorting file "/tmp/sarg/192_168_10_121.utmp" SARG: Making report 192.168.10.121 SARG: Sorting file "/tmp/sarg/192_168_10_115.utmp" SARG: Making report 192.168.10.115 SARG: Sorting file "/tmp/sarg/192_168_10_106.utmp" SARG: Making report 192.168.10.106 SARG: Sorting file "/tmp/sarg/192_168_10_118.utmp" SARG: Making report 192.168.10.118 SARG: Sorting file "/tmp/sarg/192_168_10_138.utmp" SARG: Making report 192.168.10.138 SARG: Sorting file "/tmp/sarg/192_168_10_108.utmp" SARG: Making report 192.168.10.108 SARG: Sorting file "/tmp/sarg/192_168_10_125.utmp" SARG: Making report 192.168.10.125 SARG: Sorting file "/tmp/sarg/192_168_10_112.utmp" SARG: Making report 192.168.10.112 SARG: Sorting file "/tmp/sarg/192_168_10_116.utmp" SARG: Making report 192.168.10.116 SARG: Sorting file "/tmp/sarg/192_168_10_128.utmp" SARG: Making report 192.168.10.128 SARG: Sorting file "/tmp/sarg/192_168_10_117.utmp" SARG: Making report 192.168.10.117 SARG: Sorting file "/tmp/sarg/192_168_10_134.utmp" SARG: Making report 192.168.10.134 SARG: Sorting file "/tmp/sarg/192_168_10_147.utmp" SARG: Making report 192.168.10.147 SARG: Sorting file "/tmp/sarg/192_168_10_110.utmp" SARG: Making report 192.168.10.110 SARG: Sorting file "/tmp/sarg/192_168_10_126.utmp" SARG: Making report 192.168.10.126 SARG: Sorting file "/tmp/sarg/192_168_10_141.utmp" SARG: Making report 192.168.10.141 SARG: Sorting file "/tmp/sarg/192_168_10_107.utmp" SARG: Making report 192.168.10.107 SARG: Sorting file "/tmp/sarg/192_168_10_113.utmp" SARG: Making report 192.168.10.113 SARG: Making index.html SARG: Successful report generated on /usr/local/sarg-reports/14Jun2018-14Jun2018 SARG: Purging temporary file sarg-general SARG: End -
Se está gerando mais de uma vez por dia, marca a opção overwrite report. Isso vai gerar um único relatório do dia que vai "se completando" com o passar das horas.
a opção que resolve o nome das estações é Convert IP address to DNS name, ela está marcada?
-
Entao @marcelloc, eu entendo o funcionamento, a overwrite esta disabilitada para eu comparar os resultados nos testes
A opção Convert IP address to DNS name esta habilitada tambem.
O interessante e que parou de resolver do nada.
-
Meu sarg so atualiza os relatorios quando rodo o comando ...
sarg -nx no terminal, não esta atualizando com o schedule no cron.
Ja removi o pacote, ja reinstalei, removi todos os logs, exclui todos os diretorios do sarg e o mesmo problema continua.
Alguem tem ideia do que possa ser? -
Boa noite , realizei a instalação do e2g + sarg , e ocorre que não abre o relatório, segui os passos do topico e posto o conteudo do comando sarg-x via ssh
-
Roda o comando que esta agendado no cron e qual é a saída dele.
-
@marcelloc iniciei a validação do pacote UserAuth e agora ao rodar o Sarg está apresentando a mensagem
code login as: /root: sarg -n SARG: File "" not foundVacilei em algum ponto?
-
Salva as configurações do sarg novamente.
Estou veriifcando esse bug do pacote sarg. em algum momento o sarg.conf é gerado sem a informação do log. -
@marcelloc Hello,
I installed e2Guardian5 with your guide to my pfsense 2.4.4 and than i found video of you for sarg package but i could not run sarg ?
i got this error via console with sarg -x ;
SARG: Init
SARG: Loading configuration from /usr/local/etc/sarg/sarg.conf
SARG: Chaining IP resolving module "dns"
SARG: Loading exclude host file from: /usr/local/etc/sarg/exclude_hosts.conf
SARG: Loading exclude file from: /usr/local/etc/sarg/exclude_users.conf
SARG: Reading host alias file "/usr/local/etc/sarg/hostalias"
SARG: List of host names to alias:
SARG: Deleting temporary directory "/tmp/sarg"
SARG: Parameters:
SARG: Hostname or IP address (-a) =
SARG: Useragent log (-b) =
SARG: Exclude file (-c) = /usr/local/etc/sarg/exclude_hosts.conf
SARG: Date from-until (-d) =
SARG: Email address to send reports (-e) =
SARG: Config file (-f) = /usr/local/etc/sarg/sarg.conf
SARG: Date format (-g) = Europe (dd/mm/yyyy)
SARG: IP report (-i) = No
SARG: Keep temporary files (-k) = No
SARG: Input log (-l) = /var/log/e2guardian/access.log
SARG: Resolve IP Address (-n) = Yes
SARG: Output dir (-o) = /usr/local/sarg-reports/
SARG: Use Ip Address instead of userid (-p) = Yes
SARG: Accessed site (-s) =
SARG: Time (-t) =
SARG: User (-u) =
SARG: Temporary dir (-w) = /tmp/sarg
SARG: Debug messages (-x) = Yes
SARG: Process messages (-z) = No
SARG: Previous reports to keep (--lastlog) = 0
SARG:
SARG: SARG version: 2.3.11 Jan-14-2018
SARG: Reading access log file: /var/log/e2guardian/access.log
SARG: Loop detected in getword_multisep after 30 bytes.
SARG: Line="2.168.70.204 http"
SARG: Record="//init-p01st.push.apple.com/bag - GET 8043 0 - 1 200 - 192.168.70.204 Default - - - - -"
SARG: searching for 'x20'
SARG: Invalid date in file "/var/log/e2guardian/access.log"Could you share with me any idea ?
Thank you so much .
Also there is another problem how i can block file extensions for HTTPS protocol ? and there is one notification via pfsense E2guardian - is not a valid access denied url ... ? What is that meaning ? How can i solve ?
Thank you so much again .
-
@marcelloc So pra constar e ajudar na comunidade
Usando o Pfsense 2.5 deu o erro tambem.
Fiz conforme o amigo instruiu: deleteir o access.log e fiz o reload no e2guardian e o meu funcionou perfeitamente.
Obrigado por seus ensinamentos
