Sarg package for pfsense
-
Hello all, SARG with authenticate local user from the Squid is working now. At "realtime report and View report tab" show a local user name that I used to login via web browser. This is my step:
1. I have installed Squid-reverse and config a basic option that I need to use and I also create Local user and enable authentication to "local"
2. I installed SARGv.0.4.1. At Sarg setting > General > Report Option. I do not select "Use Ip Address instead userid in reports (no)". if I select this option it does not show any local user name. After that I created
schedule to make a report and I select option > action after sarg "Rotate log and Restart proxy daemon" and then "Force Update now". See screenshot
3. At web browser (Firefox) go to Tools > Options > Advanced > at Network tab > Connecting Settings, I configured proxy IP address like this example: 172.31.21.1 and use port 3128.
4. The next step I will try to test SARG with Squid-reverse and Dansguardian.Thank a lot
-
Hello everyone, Can I use SARG and Dansguardian to make some report without Squid-reverse ? because Dansguardian have already included Squid v.2.7.9 .
-
You can if you configure squid by hand instead of using squid gui.
The package filer could help you on editing file and restarting service.
-
You can if you configure squid by hand instead of using squid gui.
The package filer could help you on editing file and restarting service.
Thank u, I have tested Dandsguardian right now but it is a little confuse some option. I read a lot at Dansguardian blog on pfsense. I have tried some basic step that some guy has posted in here: http://forum.pfsense.org/index.php/topic,47856.0.html but another option on Dansguardian, it make me too complicated. anyway I will try and test it first and I will ask some help later if I can not solve the problem. (I think many people here need some Dansguardian tutorial basic to understand.)
-
This dansguardian wiki maybe usefull to understand how it works
http://contentfilter.futuragts.com/wiki/doku.php?id=Main%20Index&DokuWiki=924cce1d7ede32b3512092f5f759126e
-
Hello Marcelloc, I just tested Dansguardian to block facebook (http and https). it is working and very usefull package. I really like all this packages "SARG, Squid-reverse and Dansguardian" very much. and Thank u again for your hard work.
-
Hello, Just want to know, how far email option system log report work with SARG ?
Thank u
-
Hello, Just want to know, how far email option system log report work with SARG ?
I'm looking at rrd mail report package to see how it work but I have no idea on when I'll have time to implement it.
-
After install SARG I got some error : Sarg config error: dansguardian log file () does not exists. In this case I have already configured Squid3 and also Dansguardian.
At Dansquardian > Report and log tab I selected log File Format to Squid log File Format
At SARG Settings > General tab > proxy server I selected to dansguardian. reboot or not reboot system at this point I always got warning Sarg config error: dansguardian log file () does not exists If I change proxy server to Squid the warning error is disappear.This is my system log file:
Apr 16 01:19:37 php: : Reloading Dansguardian
Apr 16 01:19:37 php: : Reloading Dansguardian
Apr 16 01:19:38 php: : Reloading Dansguardian
Apr 16 01:19:38 php: : Reloading Dansguardian
Apr 16 01:19:38 php: : Reloading Dansguardian
Apr 16 01:19:40 php: : [squid] xmlrpc sync is starting.
Apr 16 01:19:41 php: : Starting Squid
Apr 16 01:19:41 squid[19250]: Squid Parent: child process 19565 started
Apr 16 01:19:41 check_reload_status: Reloading filter
Apr 16 01:19:41 php: : [squid] xmlrpc sync is starting.
Apr 16 01:19:42 php: : Reloading Squid for configuration sync
Apr 16 01:19:42 check_reload_status: Reloading filter
Apr 16 01:19:42 php: : [squid] xmlrpc sync is starting.
Apr 16 01:19:42 php: : Reloading Squid for configuration sync
Apr 16 01:19:42 php: : [squid] xmlrpc sync is starting.
Apr 16 01:19:43 php: : Reloading Squid for configuration sync
Apr 16 01:19:43 php: : [squid] xmlrpc sync is starting.
Apr 16 01:19:43 php: : Reloading Squid for configuration sync
Apr 16 01:19:43 php: : [squid] xmlrpc sync is starting.
Apr 16 01:19:44 php: : Reloading Squid for configuration sync
Apr 16 01:19:44 php: : Not calling package sync code for dependency squidcache of squid3 because some include files are missing.
Apr 16 01:19:44 php: : Not calling package sync code for dependency squidnac of squid3 because some include files are missing.
Apr 16 01:19:44 php: : Not calling package sync code for dependency squidtraffic of squid3 because some include files are missing.
Apr 16 01:19:44 php: : Not calling package sync code for dependency squidupstream of squid3 because some include files are missing.
Apr 16 01:19:44 php: : Not calling package sync code for dependency squidreverse of squid3 because some include files are missing.
Apr 16 01:19:44 php: : Not calling package sync code for dependency squidauth of squid3 because some include files are missing.
Apr 16 01:19:44 php: : Not calling package sync code for dependency squidusers of squid3 because some include files are missing.
Apr 16 01:19:46 php: : Sarg config error: dansguardian log file () does not exists
Apr 16 01:19:46 php: : New alert found: Sarg config error: dansguardian log file () does not exists
Apr 16 01:19:46 check_reload_status: Syncing firewall
Apr 16 01:19:46 php: : [sarg] sarg_xmlrpc_sync.php is starting.
Apr 16 01:19:46 php: : Sarg config error: dansguardian log file () does not exists
Apr 16 01:19:46 php: : New alert found: Sarg config error: dansguardian log file () does not exists
Apr 16 01:19:46 check_reload_status: Syncing firewall
Apr 16 01:19:46 php: : [sarg] sarg_xmlrpc_sync.php is starting.
Apr 16 01:19:46 php: : Sarg config error: dansguardian log file () does not exists
Apr 16 01:19:46 php: : New alert found: Sarg config error: dansguardian log file () does not exists
Apr 16 01:19:47 php: : [sarg] sarg_xmlrpc_sync.php is starting.
Apr 16 01:19:47 php: : Sarg config error: dansguardian log file () does not exists
Apr 16 01:19:47 php: : New alert found: Sarg config error: dansguardian log file () does not exists
Apr 16 01:19:47 php: : [sarg] sarg_xmlrpc_sync.php is starting.
Apr 16 01:19:50 php: : IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.
Apr 16 01:19:50 login: login on ttyv0 as root
Apr 16 01:19:50 sshlockout[58708]: sshlockout/webConfigurator v3.0 starting up
Apr 16 01:19:54 Squid_Alarm[11282]: Squid has exited. Reconfiguring filter.
Apr 16 01:19:54 Squid_Alarm[11604]: Attempting restart…
Apr 16 01:19:57 Squid_Alarm[13545]: Reconfiguring filter…
Apr 16 01:19:57 check_reload_status: Reloading filter
Apr 16 01:20:16 apinger: Error while feeding rrdtool: Broken pipe
Apr 16 01:21:16 apinger: /usr/local/bin/rrdtool respawning too fast, waiting 300s. -
Can you check if /var/log/dansguardian folder exists?
-
Can you check if /var/log/dansguardian folder exists?
Hello Marcelloc, I already check dansguardian. It is still exists. see some screenshot
-
Can you check if /var/log/dansguardian folder exists?
Hello Marcelloc, I already check dansguardian. It is still exists. see some screenshot
Ok anyway I will try again.
-
-
Ok anyway I will try again.
Run sarg cmd on console and check if it returns errors.
I just clean install pfsense again. Installed dansguardian and squid3. I checked at system log file I saw many error there.
Apr 17 20:02:46 php: /pkg_mgr_install.php: The command '/usr/local/etc/rc.d/dansguardian stop' returned exit code '126', the output was '/usr/local/etc/rc.d/dansguardian: Permission denied'
Apr 17 20:02:46 php: : New alert found:
Apr 17 20:02:46 check_reload_status: Reloading filter
Apr 17 20:07:39 check_reload_status: Syncing firewall
Apr 17 20:07:39 php: /pkg_mgr_install.php: Beginning package installation for squid3.
Apr 17 20:07:40 check_reload_status: Syncing firewall
Apr 17 20:08:46 check_reload_status: Syncing firewall
Apr 17 20:08:46 php: /pkg_mgr_install.php: Creating squid cache subdirs in /var/squid/cacheApr 17 20:08:46
php: /pkg_mgr_install.php: The command '/usr/local/sbin/squid -k shutdown' returned exit code '1', the output was '2012/04/17 20:08:46| WARNING: (B) '::/0' is a subnetwork of (A) '::/0' 2012/04/17 20:08:46| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable 2012/04/17 20:08:46| WARNING: You should probably remove '::/0' from the ACL named 'all' 2012/04/17 20:08:46| ERROR: Directive 'upgrade_http0.9' is obsolete. 2012/04/17 20:08:46| cache_cf.cc(381) parseOneConfigFile: squid.conf:2931 unrecognized: 'broken_vary_encoding''Apr 17 20:08:51
php: /pkg_mgr_install.php: The command '/usr/local/sbin/squid -k kill' returned exit code '1', the output was '2012/04/17 20:08:51| WARNING: (B) '::/0' is a subnetwork of (A) '::/0' 2012/04/17 20:08:51| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable 2012/04/17 20:08:51| WARNING: You should probably remove '::/0' from the ACL named 'all' 2012/04/17 20:08:51| ERROR: Directive 'upgrade_http0.9' is obsolete. 2012/04/17 20:08:51| cache_cf.cc(381) parseOneConfigFile: squid.conf:2931 unrecognized: 'broken_vary_encoding''Apr 17 20:08:51
php: /pkg_mgr_install.php: The command '/usr/local/sbin/squid -z' returned exit code '1', the output was '2012/04/17 20:08:51| WARNING: (B) '::/0' is a subnetwork of (A) '::/0' 2012/04/17 20:08:51| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable 2012/04/17 20:08:51| WARNING: You should probably remove '::/0' from the ACL named 'all' 2012/04/17 20:08:51| ERROR: Directive 'upgrade_http0.9' is obsolete. 2012/04/17 20:08:51| cache_cf.cc(381) parseOneConfigFile: squid.conf:2931 unrecognized: 'broken_vary_encoding''After I tried to reboot pfsense and squid has some files missing again.
Apr 17 20:33:28 php: : Not calling package sync code for dependency squidcache of squid3 because some include files are missing.
Apr 17 20:33:28 php: : Not calling package sync code for dependency squidnac of squid3 because some include files are missing.
Apr 17 20:33:28 php: : Not calling package sync code for dependency squidtraffic of squid3 because some include files are missing.
Apr 17 20:33:28 php: : Not calling package sync code for dependency squidupstream of squid3 because some include files are missing.
Apr 17 20:33:28 php: : Not calling package sync code for dependency squidreverse of squid3 because some include files are missing.
Apr 17 20:33:28 php: : Not calling package sync code for dependency squidauth of squid3 because some include files are missing.
Apr 17 20:33:28 php: : Not calling package sync code for dependency squidusers of squid3 because some include files are missing.I did not install SARG yet because I want to find out some bugs between Dandsguardian and Squid.
I will running SARG cmd on console after I have installed SARG.
-
config squid options, save
config dansguardian savecheck if errors persists.
-
another error found
Apr 17 21:13:53 php: : XML error: XML_ERR_NAME_REQUIRED at line 1 in /usr/local/pkg/dansguardian_users_footer.xml
Apr 17 21:13:53 php: : XML error: Invalid document end at line 99 in /usr/local/pkg/dansguardian_users_header.xml
Apr 17 21:13:53 php: : XML error: Invalid document end at line 100 in /usr/local/pkg/dansguardian_ips_header.xmlBoth of squid and dansguardian used proxy interface: LAN (no loopback interface selected)
If I use squid as "Transparent proxy" I got this error as below but if I don't use squid as "Transparent proxy" I don't get this error (as you said before try to use squid without "Transparent proxy").
Of course, I have installed NAT rules to redirect from squid port 3128 to DG port 8080.
Apr 17 21:52:39 php: : SQUID is installed but not started. Not installing "nat" rules.
Apr 17 21:52:39 php: : SQUID is installed but not started. Not installing "pfearly" rules.
Apr 17 21:52:39 php: : SQUID is installed but not started. Not installing "filter" rules.So it mean that using squid in transparent mode still have some bugs and problem.
config squid options, save
config dansguardian, saveNo error found in the system log.
-
Another problem:
"Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 62998077 bytes) in /usr/local/www/sarg_frame.php on line 52"
When tryed to load Sites and users.
-
Another problem:
"Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 62998077 bytes) in /usr/local/www/sarg_frame.php on line 52"
When tryed to load Sites and users.
It's a pfsense php memory limitation, you can work around this by accessing HTML reports directly http://pfsense_IP/sarg-reports/
-
Hmmm,
Maybe memory_limit change can solve this.Something like ini_set("memory_limit","256M");
Right Marcello!? :P
-
Hmmm,
Maybe memory_limit change can solve this.Something like ini_set("memory_limit","256M");
Right Marcello!? :P
The memory check prevents ini settings above it's limit(128 for 32 and 256 for 64 bits)
The page is asking 62998077bytes above current limit. This value can be changed on amd64 code but not on i386.
-
The memory check prevents ini settings above it's limit(128 for 32 and 256 for 64 bits)
The page is asking 62998077bytes. This value is higher then 512 hard limit for PHP on pfsense.
Opsss…. ignore my post :P
Thanks by info!
-
Another problem:
"Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 62998077 bytes) in /usr/local/www/sarg_frame.php on line 52"
When tryed to load Sites and users.
It's a pfsense php memory limitation, you can work around this by accessing HTML reports directly http://pfsense_IP/sarg-reports/
thanks
-
Hi Marcelloc
Could you sort all reports for Bytes Reverse??? -
Hi Marcelloc
Could you sort all reports for Bytes Reverse???You can sort sarg by clicking on column header.
-
I mean… by default! without any click!
Hi Marcelloc
Could you sort all reports for Bytes Reverse???You can sort sarg by clicking on column header.
-
Did you tried to select bytes on user option and sort fields in reverse options on general tab?
-
Did you tried to select bytes on user option and sort fields in reverse options on general tab?
Yes… I did it for the first try.
Can I edit the file sarg.conf on the console???now i've got this error on Redirector report page:
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 49259754 bytes) in /usr/local/www/sarg_frame.php on line 52
I'm on AMD64
-
On amd64 it can be set to 256. I'll include it on next release.
For now, use http://pfsense.IP/sarg-reports
-
@marcelloc
First, thanks for this wonderfull Package!I have installed Squid and Sarg and both work fine. I make daily reports with the scheduler.
The Syntax for daily reports is "-ddate +%d/%m/%Y
-date +%d/%m/%Y
", but now
i need weekly, monthly and annual reports. What's the right Syntax to make this?Thanks, Hemingway
-
Did you tried to select bytes on user option and sort fields in reverse options on general tab?
Hi,
I also have a problem with sorting Top users & Users report.
I tried mentioned option but it doesn't work.
I need to manually change config file with options:TAG: topuser_sort_field field normal/reverse
# Sort field for the Topuser Report.
# Allowed fields: USER CONNECT BYTES TIMEtopuser_sort_field BYTES REVERSE
TAG: user_sort_field field normal/reverse
# Sort field for the User Report.
# Allowed fields: SITE CONNECT BYTES TIMEuser_sort_field BYTES REVERSE
But when I change the configuration in GUI then everything is reverted to NORMAL.
Could you please extend the "User Sort Field" with "BYTES(reverse)"?Best regards
IGIdeus -
I've just pushed a fix to Sort Fields in Reverse order check.
Reinstall the package in 15 minutes.
-
I'm trying to read the full name of the user via LDAP to show in Sarg reports, but I can not make it work.
In Sarg->User I use the same configuration, functional, used for Squid and pfSense, with a specific user, verified with Diagnostic-> Authentication.
Just about this, I found an oddity …
In the 'LDAP search filter' I put the string '(sAMAccountName =% s)' but in /usr/local/etc/sarg/sarg.conf, is not registered ::), but every other change, yes.
So, the next page load I was expecting a blank or default value, whereas it appeared the correct string ???
Where is it recorded? And, above all, irrespective of the position, this is used in the LDAP query?The LDAP directory is Active Directory on Windows 2003 and in the Event Viewer I have not seen any attempt to access by Sarg. Perhaps because of what I just said?
The software I use are all the latest (I think):
- PfSense 2.0.1-RELEASE (i386) built on Wed Dec 12 18:24:17 EST 2011
- Squid 2.7.9 pkg v.4.3.1
- SquidGuard 1.4_2 pkg v.1.9.1
- Sarg 2.3.2 pkg v.0.4.1
Any suggestions?
Thanks for the nice job, Marcelloc! -
lucapsg,
I've just pushed a fix to LDAP filter Search check.
Reinstall the package in 15 minutes.
Thanks for your feedback
-
Wow, a rocket!
Update installed, now the value entered in the 'LDAP search filter' is properly registered in sarg.conf. (I'm curious, where it was saved before?)
After saving each tab and pressing 'Force update now' in the report still does not appear the full name of the user.
From the Windows logs, there's no news, no attempt to access.
I look forward to doing more tests. -
try to tcpdump connections from pfsense to active directory.
maybe you have a ldap server fqdn configured that pfsense can't resolve.
-
As I said, I'm using the same configuration used in System-> User Manager-> Servers and tests made by Diagnostic-> Authentication confirm it is working.
However, to remove any doubt, in the 'LDAP Hostname' I'm using the IP.
Now I check with tcpdump … stay tuned... -
Hello Marcelloc,
I just a little bit confuse between SARG ldap setting (User tab) and Squid authentication with LDAP. If I understand collect when I used Squid authentication with LDAP, I don't need to use SARG ldap settings right.
Could you explain what is difference between SARG ldap setting and Squid authentication with LDAP, please?Thank u
-
During the update of the report and also in the tab 'Realtime', tcpdump has not caught anything on port 389.
To verify that the settings used in 'tcpdump' is correct I tried to capture traffic made with Diagnostic-> Authentication and actually a bit of broth was captured.
pfSense is 192.168.152.1 while Windows 2003 is 192.168.152.200, both in a VMware test environment:17:08:16.107802 IP 192.168.152.1.61250 > 192.168.152.200.389: tcp 0
17:08:16.109616 IP 192.168.152.200.389 > 192.168.152.1.61250: tcp 0
17:08:16.109692 IP 192.168.152.1.61250 > 192.168.152.200.389: tcp 0
17:08:16.109964 IP 192.168.152.1.61250 > 192.168.152.200.389: tcp 62
17:08:16.112227 IP 192.168.152.200.389 > 192.168.152.1.61250: tcp 22
ecc…@Donny: In Squid LDAP is used to "authenticate", while in Sarg to replace the username with the full name of the user in reports.
-
During the update of the report and also in the tab 'Realtime', tcpdump has not caught anything on port 389.
To verify that the settings used in 'tcpdump' is correct I tried to capture traffic made with Diagnostic-> Authentication and actually a bit of broth was captured.
pfSense is 192.168.152.1 while Windows 2003 is 192.168.152.200, both in a VMware test environment:17:08:16.107802 IP 192.168.152.1.61250 > 192.168.152.200.389: tcp 0
17:08:16.109616 IP 192.168.152.200.389 > 192.168.152.1.61250: tcp 0
17:08:16.109692 IP 192.168.152.1.61250 > 192.168.152.200.389: tcp 0
17:08:16.109964 IP 192.168.152.1.61250 > 192.168.152.200.389: tcp 62
17:08:16.112227 IP 192.168.152.200.389 > 192.168.152.1.61250: tcp 22
ecc…@Donny: In Squid LDAP is used to "authenticate", while in Sarg to replace the username with the full name of the user in reports.
Hello lucapsg,
It mean, I have to use both if I need full user name of the user in sarg reports. Is it correct?
Thank u
-
HI all. I have same problem with ldap. With system>user manager some traffic shows up in tcpdump and correctly connects. Nothing with users in sarg reports.
Edit: last package update was just now.