Sarg package for pfsense
-
Hmmm,
Maybe memory_limit change can solve this.Something like ini_set("memory_limit","256M");
Right Marcello!? :P
The memory check prevents ini settings above it's limit(128 for 32 and 256 for 64 bits)
The page is asking 62998077bytes above current limit. This value can be changed on amd64 code but not on i386.
-
The memory check prevents ini settings above it's limit(128 for 32 and 256 for 64 bits)
The page is asking 62998077bytes. This value is higher then 512 hard limit for PHP on pfsense.
Opsss…. ignore my post :P
Thanks by info!
-
Another problem:
"Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 62998077 bytes) in /usr/local/www/sarg_frame.php on line 52"
When tryed to load Sites and users.
It's a pfsense php memory limitation, you can work around this by accessing HTML reports directly http://pfsense_IP/sarg-reports/
thanks
-
Hi Marcelloc
Could you sort all reports for Bytes Reverse??? -
Hi Marcelloc
Could you sort all reports for Bytes Reverse???You can sort sarg by clicking on column header.
-
I mean… by default! without any click!
Hi Marcelloc
Could you sort all reports for Bytes Reverse???You can sort sarg by clicking on column header.
-
Did you tried to select bytes on user option and sort fields in reverse options on general tab?
-
Did you tried to select bytes on user option and sort fields in reverse options on general tab?
Yes… I did it for the first try.
Can I edit the file sarg.conf on the console???now i've got this error on Redirector report page:
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 49259754 bytes) in /usr/local/www/sarg_frame.php on line 52
I'm on AMD64
-
On amd64 it can be set to 256. I'll include it on next release.
For now, use http://pfsense.IP/sarg-reports
-
@marcelloc
First, thanks for this wonderfull Package!I have installed Squid and Sarg and both work fine. I make daily reports with the scheduler.
The Syntax for daily reports is "-ddate +%d/%m/%Y
-date +%d/%m/%Y
", but now
i need weekly, monthly and annual reports. What's the right Syntax to make this?Thanks, Hemingway
-
Did you tried to select bytes on user option and sort fields in reverse options on general tab?
Hi,
I also have a problem with sorting Top users & Users report.
I tried mentioned option but it doesn't work.
I need to manually change config file with options:TAG: topuser_sort_field field normal/reverse
# Sort field for the Topuser Report.
# Allowed fields: USER CONNECT BYTES TIMEtopuser_sort_field BYTES REVERSE
TAG: user_sort_field field normal/reverse
# Sort field for the User Report.
# Allowed fields: SITE CONNECT BYTES TIMEuser_sort_field BYTES REVERSE
But when I change the configuration in GUI then everything is reverted to NORMAL.
Could you please extend the "User Sort Field" with "BYTES(reverse)"?Best regards
IGIdeus -
I've just pushed a fix to Sort Fields in Reverse order check.
Reinstall the package in 15 minutes.
-
I'm trying to read the full name of the user via LDAP to show in Sarg reports, but I can not make it work.
In Sarg->User I use the same configuration, functional, used for Squid and pfSense, with a specific user, verified with Diagnostic-> Authentication.
Just about this, I found an oddity …
In the 'LDAP search filter' I put the string '(sAMAccountName =% s)' but in /usr/local/etc/sarg/sarg.conf, is not registered ::), but every other change, yes.
So, the next page load I was expecting a blank or default value, whereas it appeared the correct string ???
Where is it recorded? And, above all, irrespective of the position, this is used in the LDAP query?The LDAP directory is Active Directory on Windows 2003 and in the Event Viewer I have not seen any attempt to access by Sarg. Perhaps because of what I just said?
The software I use are all the latest (I think):
- PfSense 2.0.1-RELEASE (i386) built on Wed Dec 12 18:24:17 EST 2011
- Squid 2.7.9 pkg v.4.3.1
- SquidGuard 1.4_2 pkg v.1.9.1
- Sarg 2.3.2 pkg v.0.4.1
Any suggestions?
Thanks for the nice job, Marcelloc! -
lucapsg,
I've just pushed a fix to LDAP filter Search check.
Reinstall the package in 15 minutes.
Thanks for your feedback
-
Wow, a rocket!
Update installed, now the value entered in the 'LDAP search filter' is properly registered in sarg.conf. (I'm curious, where it was saved before?)
After saving each tab and pressing 'Force update now' in the report still does not appear the full name of the user.
From the Windows logs, there's no news, no attempt to access.
I look forward to doing more tests. -
try to tcpdump connections from pfsense to active directory.
maybe you have a ldap server fqdn configured that pfsense can't resolve.
-
As I said, I'm using the same configuration used in System-> User Manager-> Servers and tests made by Diagnostic-> Authentication confirm it is working.
However, to remove any doubt, in the 'LDAP Hostname' I'm using the IP.
Now I check with tcpdump … stay tuned... -
Hello Marcelloc,
I just a little bit confuse between SARG ldap setting (User tab) and Squid authentication with LDAP. If I understand collect when I used Squid authentication with LDAP, I don't need to use SARG ldap settings right.
Could you explain what is difference between SARG ldap setting and Squid authentication with LDAP, please?Thank u
-
During the update of the report and also in the tab 'Realtime', tcpdump has not caught anything on port 389.
To verify that the settings used in 'tcpdump' is correct I tried to capture traffic made with Diagnostic-> Authentication and actually a bit of broth was captured.
pfSense is 192.168.152.1 while Windows 2003 is 192.168.152.200, both in a VMware test environment:17:08:16.107802 IP 192.168.152.1.61250 > 192.168.152.200.389: tcp 0
17:08:16.109616 IP 192.168.152.200.389 > 192.168.152.1.61250: tcp 0
17:08:16.109692 IP 192.168.152.1.61250 > 192.168.152.200.389: tcp 0
17:08:16.109964 IP 192.168.152.1.61250 > 192.168.152.200.389: tcp 62
17:08:16.112227 IP 192.168.152.200.389 > 192.168.152.1.61250: tcp 22
ecc…@Donny: In Squid LDAP is used to "authenticate", while in Sarg to replace the username with the full name of the user in reports.
-
During the update of the report and also in the tab 'Realtime', tcpdump has not caught anything on port 389.
To verify that the settings used in 'tcpdump' is correct I tried to capture traffic made with Diagnostic-> Authentication and actually a bit of broth was captured.
pfSense is 192.168.152.1 while Windows 2003 is 192.168.152.200, both in a VMware test environment:17:08:16.107802 IP 192.168.152.1.61250 > 192.168.152.200.389: tcp 0
17:08:16.109616 IP 192.168.152.200.389 > 192.168.152.1.61250: tcp 0
17:08:16.109692 IP 192.168.152.1.61250 > 192.168.152.200.389: tcp 0
17:08:16.109964 IP 192.168.152.1.61250 > 192.168.152.200.389: tcp 62
17:08:16.112227 IP 192.168.152.200.389 > 192.168.152.1.61250: tcp 22
ecc…@Donny: In Squid LDAP is used to "authenticate", while in Sarg to replace the username with the full name of the user in reports.
Hello lucapsg,
It mean, I have to use both if I need full user name of the user in sarg reports. Is it correct?
Thank u
-
HI all. I have same problem with ldap. With system>user manager some traffic shows up in tcpdump and correctly connects. Nothing with users in sarg reports.
Edit: last package update was just now.
-
@Donny, well, if you have an LDAP directory and you want to authenticate users (Squid) And you also want to display the full name of the user in report (Sarg), then YES.
Or at least we're working on so that this is possible ;)Sarg can do also (and already does) replacement using its own internal function. See field 'Users Association' in Status->Sarg Reports->Users, but in my judgment is only recommended for a small number of users and/or if Squid authenticates users with their own list.
@ Marcelloc, any news?
-
Marcelloc, any news?
try to run sarg on console/ssh to see if it returns ldap erros or something.
-
I tried this …
[2.0.1-RELEASE][admin@pfsense.virtualdomain.lan]/root(9): sarg SARG: Records in file: 1093, reading: 100.00% SARG: Successful report generated on /usr/local/www/sarg-reports/24Apr2012-24Apr2012 SARG: (removetmp) Cannot open file /usr/local/www/sarg-reports/24Apr2012-24Apr2012/sarg-general
…but...
[2.0.1-RELEASE][admin@pfsense.virtualdomain.lan]/root(10): ls -l /usr/local/www/sarg-reports/24Apr2012-24Apr2012 ls: /usr/local/www/sarg-reports/24Apr2012-24Apr2012: No such file or directory
… is it useful?
-
I've just pushed a fix to Sort Fields in Reverse order check.
Reinstall the package in 15 minutes.
Thanks for the user_sort_field BYTES REVERSE!!!
This is Exactly what I was expected! -
@Donny, well, if you have an LDAP directory and you want to authenticate users (Squid) And you also want to display the full name of the user in report (Sarg), then YES.
Or at least we're working on so that this is possible ;)Sarg can do also (and already does) replacement using its own internal function. See field 'Users Association' in Status->Sarg Reports->Users, but in my judgment is only recommended for a small number of users and/or if Squid authenticates users with their own list.
@ Marcelloc, any news?
Thank a lot,
OK, Do I need to create authentication servers for LDAP at option System-> User Manager >Servers, when I use both of Squid authenticate and SARG Ldap setting. Is it possible if you can show me how you configuration SARG Ldap setting option? Did you success to get full user name in sarg report?. for me I only got user name login in sarg report. It is not full name.
-
For user authentication with Squid/LDAP see this post:
http://forum.pfsense.org/index.php/topic, 47409.0.htmlAs for replacing the username with the corresponding user's full name with Sarg/LDAP instructions are given in this tread, but there is still something that does not work, at least in my case :-\
-
For user authentication with Squid/LDAP see this post:
http://forum.pfsense.org/index.php/topic, 47409.0.htmlAs for replacing the username with the corresponding user's full name with Sarg/LDAP instructions are given in this tread, but there is still something that does not work, at least in my case :-\
The links that you give it to me, I already done and tested before but I only get user login name. you can check the links below.
http://forum.pfsense.org/index.php/topic,48347.msg257526.html#msg257526Thank u
-
Hello Marcelloc,
At Sarg "Users" tab, I try to config Ldap to get it work for full user name. At sarg ldap setting, I have configured the same CN, OU and DC as I have done with squid Ldap authenticate. so, I try many time to get full user name but it is not work. anyway try again tomorrow.
Thank u
-
I've just pushed a fix to Sort Fields in Reverse order check.
Reinstall the package in 15 minutes.
Thanks for the user_sort_field BYTES REVERSE!!!
This is Exactly what I was expected!Hi,
I can also confirm. But first I had to uncheck and check option again to work.
Best regards
IGIdeus -
Have any news over SARG reports with full usernames instead of user name logins?
Thank u
-
Have any news over SARG reports with full usernames instead of user name logins?
No time to test yet.
Did you tried to run sarg on console with ldap info? did it returned any error?
-
Have any news over SARG reports with full usernames instead of user name logins?
No time to test yet.
Did you tried to run sarg on console with ldap info? did it returned any error?
Ok, I will try
Sarg detail from console. I could not find any returned error.
[2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(1): sarg SARG: Records in file: 2140, reading: 100.00% SARG: Successful report generated on /usr/local/www/sarg-reports/25Apr2012-25Apr 2012 [2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(2): sarg -z SARG: TAG: access_log /var/squid/logs/access.log SARG: TAG: graphs yes SARG: TAG: output_dir /usr/local/www/sarg-reports SARG: TAG: anonymous_output_files no SARG: TAG: resolve_ip no SARG: TAG: user_ip no SARG: TAG: topuser_sort_field BYTES NORMAL SARG: TAG: user_sort_field BYTES NORMAL SARG: TAG: exclude_users /usr/local/etc/sarg/exclude_users.conf SARG: TAG: exclude_hosts /usr/local/etc/sarg/exclude_hosts.conf SARG: TAG: date_format e SARG: TAG: lastlog 0 SARG: TAG: remove_temp_files yes SARG: TAG: index yes SARG: TAG: index_tree file SARG: TAG: overwrite_report yes SARG: TAG: use_comma yes SARG: TAG: exclude_codes /usr/local/etc/sarg/exclude_codes SARG: TAG: max_elapsed 0 SARG: TAG: report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads SARG: TAG: usertab none SARG: TAG: LDAPHost 172.31.21.10 SARG: TAG: LDAPBindDN cn=Administrator,cn=Users,dc=nxxxter,dc=dsns SARG: TAG: LDAPBindPW MyLdapPassWord SARG: TAG: LDAPBaseSearch dc=nxxxter,dc=dsns SARG: TAG: LDAPFilterSearch sAMAccountName=%s SARG: TAG: long_url no SARG: TAG: date_time_by bytes SARG: TAG: charset UTF-8 SARG: TAG: privacy no SARG: TAG: bytes_in_sites_users_report no SARG: TAG: topuser_num 0 SARG: TAG: dansguardian_conf SARG: TAG: show_sarg_info no SARG: TAG: show_sarg_logo no SARG: TAG: displayed_values bytes SARG: TAG: authfail_report_limit 0 SARG: TAG: denied_report_limit 0 SARG: TAG: siteusers_report_limit 0 SARG: TAG: user_report_limit 0 SARG: TAG: www_document_root /usr/local/www SARG: TAG: ntlm_user_format domainname+username SARG: TAG: realtime_refresh_time 0 SARG: TAG: realtime_types GET,PUT,CONNECT SARG: TAG: realtime_unauthenticated_records show SARG: TAG: sorttable /sarg_sorttable.js SARG: TAG: hostalias /usr/local/etc/sarg/hostalias SARG: Records in file: 2140, reading: 100.00% SARG: (info) date=25/04/2012 SARG: (info) period=25 Apr 2012 SARG: (info) outdirname=/usr/local/www/sarg-reports/25Apr2012-25Apr2012 SARG: (info) Dansguardian report not produced because no dansguardian configuration file was provided SARG: (info) No redirector logs provided to produce that kind of report SARG: (info) Downloaded files report not generated as it is empty SARG: (info) Denied report not produced because it is empty SARG: (info) Redirector report not generated because it is empty SARG: Successful report generated on /usr/local/www/sarg-reports/25Apr2012-25Apr2012 [2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(3):
[2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(9): sarg -x SARG: Init SARG: Loading configuration from /usr/local/etc/sarg/sarg.conf SARG: Loading exclude host file from: /usr/local/etc/sarg/exclude_hosts.conf SARG: Loading exclude file from: /usr/local/etc/sarg/exclude_users.conf SARG: Reading host alias file "/usr/local/etc/sarg/hostalias" SARG: List of host names to alias: SARG: Parameters: SARG: Hostname or IP address (-a) = SARG: Useragent log (-b) = SARG: Exclude file (-c) = /usr/local/etc/sarg/exclude_hosts.conf SARG: Date from-until (-d) = SARG: Email address to send reports (-e) = SARG: Config file (-f) = /usr/local/etc/sarg/sarg.conf SARG: Date format (-g) = Europe (dd/mm/yyyy) SARG: IP report (-i) = No SARG: Input log (-l) = /var/squid/logs/access.log SARG: Resolve IP Address (-n) = No SARG: Output dir (-o) = /usr/local/www/sarg-reports/ SARG: Use Ip Address instead of userid (-p) = No SARG: Accessed site (-s) = SARG: Time (-t) = SARG: User (-u) = SARG: Temporary dir (-w) = /tmp/sarg SARG: Debug messages (-x) = Yes SARG: Process messages (-z) = No SARG: Previous reports to keep (--lastlog) = 0 SARG: SARG: sarg version: 2.3.2 Nov-23-2011 SARG: Reading access log file: /var/squid/logs/access.log SARG: Records in file: 61, reading: 100.00% SARG: Records read: 61, written: 61, excluded: 0 SARG: Squid log format SARG: Period: 26 Apr 2012 SARG: pre-sorting files SARG: Making file: /tmp/sarg/noppy SARG: Sorting file: /tmp/sarg/noppy.utmp SARG: Making report: noppy SARG: Making index.html SARG: Successful report generated on /usr/local/www/sarg-reports/26Apr2012-26Apr2012 SARG: Purging temporary file sarg-general SARG: End
-
I saw no ldap info on sarg output.
I'll check sarg compile options.
att,
Marcello Coutinho -
I've compiled latest sarg code,checked build output and found ldap info there
checking ldap.h usability... yes checking ldap.h presence... yes checking for ldap.h... yes checking for ldap_init in -lldap... yes
Can you try this new build on your system/lab?
amd64
http://e-sac.siteseguro.ws/packages/amd64/8/All/sarg-2.3.2_4.tbzi386
http://e-sac.siteseguro.ws/packages/8/All/sarg-2.3.2_4.tbzOn console/ssh:
To list current sarg freebsd package use: pkg_info | grep -i sarg
To delete sarg freebsd package use: pkg_delete sarg_version_you_found
To install latest freebsd sarg package use: pkg_add -r http://above_url_with_correct_platformAlso check if you have openldap-sasl-client freebsd package installed too.
-
I've compiled latest sarg code,checked build output and found ldap info there
checking ldap.h usability... yes checking ldap.h presence... yes checking for ldap.h... yes checking for ldap_init in -lldap... yes
Can you try this new build on your system/lab?
amd64
http://e-sac.siteseguro.ws/packages/amd64/8/All/sarg-2.3.2_4.tbzi386
http://e-sac.siteseguro.ws/packages/8/All/sarg-2.3.2_4.tbzOn console/ssh:
To list current sarg freebsd package use: pkg_info | grep -i sarg
To delete sarg freebsd package use: pkg_delete sarg_version_you_found
To install latest freebsd sarg package use: pkg_add -r http://above_url_with_correct_platformAlso check if you have openldap-sasl-client freebsd package installed too.
Hello Marcelloc, I already done it a little bit and I will test both of i386 and AMD 64 with my lab system and I inform you within today. Just wake up. Thank u very much, Donny
-
Hello Marcelloc
I have installed new build. Here is info.
[2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(9): pkg_info bsdinstaller-2.0.2011.1212 BSD Installer mega-package cyrus-sasl-2.1.25_1 RFC 2222 SASL (Simple Authentication and Security Layer) db41-4.1.25_4 The Berkeley DB package, revision 4.1 freetype2-2.4.7 A free and portable TrueType font rendering engine gd-2.0.35_7,1 A graphics library for fast creation of images gettext-0.18.1.1 GNU gettext package grub-0.97_4 GRand Unified Bootloader jpeg-8_3 IJG's jpeg compression utilities libiconv-1.13.1_1 A character set conversion library openldap-sasl-client-2.4.26 Open source LDAP client implementation with SASL2 support perl-5.12.4_3 Practical Extraction and Report Language pkg-config-0.25_1 A utility to retrieve information about installed libraries png-1.4.8 Library for manipulating PNG images sarg-2.3.2_4 Squid log analyzer and HTML report generator squid-3.1.19 HTTP Caching Proxy [2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(10):
Thank u
-
Can you see if there's ldap queries during sarg reports with this latest version?
-
Can you see if there's ldap queries during sarg reports with this latest version?
I only got this version> [2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(10): sarg version: 2.3.2 Nov-23-2011
For ldap queries,you mean that I have to check at access.log.
When I use ldap search the result is 0 success:
[2.0.1-RELEASE][admin@xxxx.nxbuter.dsns]/root(3): ldapsearch -x -h 172.31.21.10 -p 389 -s sub -D "cn=Administrator,cn=Users,dc=nxxxter,dc=dsns" -w "SargLdapPassWord" -b "dc=nxxxter,DC=dsns" "(sAMAccountName=%s)" cn # extended LDIF # # LDAPv3 # base <dc=nxxxter,dc=dsns>with scope subtree # filter: (sAMAccountName=%s) # requesting: cn # # search reference ref: ldap://ForestDnsZones.nxxxter.dsns/DC=ForestDnsZones,DC=nxxxter,DC=dsns # search reference ref: ldap://DomainDnsZones.nxxxter.dsns/DC=DomainDnsZones,DC=nxxxter,DC=dsns # search reference ref: ldap://nxbuter.dsns/CN=Configuration,DC=nxxxter,DC=dsns # search result search: 2 result: 0 Success # numResponses: 4 # numReferences: 3 [2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(4):</dc=nxxxter,dc=dsns>
-
For ldap queries,you mean that I have to check at access.log.
I mean on a second console/ssh, run tcpdump on lan interface port 389 or host 172.31.21.10 and see if when you run sarg, it tries to search ldap