Sarg package for pfsense

marcelloc

I saw no ldap info on sarg output.

I'll check sarg compile options.

att,
Marcello Coutinho

marcelloc

I've compiled latest sarg code,checked build output and found ldap info there

checking ldap.h usability... yes
checking ldap.h presence... yes
checking for ldap.h... yes
checking for ldap_init in -lldap... yes

Can you try this new build on your system/lab?

amd64
http://e-sac.siteseguro.ws/packages/amd64/8/All/sarg-2.3.2_4.tbz

i386
http://e-sac.siteseguro.ws/packages/8/All/sarg-2.3.2_4.tbz

On console/ssh:

To list current sarg freebsd package use: pkg_info | grep -i sarg
To delete sarg freebsd package use: pkg_delete sarg_version_you_found
To install latest freebsd sarg package use: pkg_add -r http://above_url_with_correct_platform

Also check if you have openldap-sasl-client freebsd package installed too.

Donny

@marcelloc:

I've compiled latest sarg code,checked build output and found ldap info there

checking ldap.h usability... yes
checking ldap.h presence... yes
checking for ldap.h... yes
checking for ldap_init in -lldap... yes

Can you try this new build on your system/lab?

amd64
http://e-sac.siteseguro.ws/packages/amd64/8/All/sarg-2.3.2_4.tbz

i386
http://e-sac.siteseguro.ws/packages/8/All/sarg-2.3.2_4.tbz

On console/ssh:

To list current sarg freebsd package use: pkg_info | grep -i sarg
To delete sarg freebsd package use: pkg_delete sarg_version_you_found
To install latest freebsd sarg package use: pkg_add -r http://above_url_with_correct_platform

Also check if you have openldap-sasl-client freebsd package installed too.

Hello Marcelloc, I already done it a little bit and I will test both of i386 and AMD 64 with my lab system and I inform you within today. Just wake up. Thank u very much, Donny

Donny

Hello Marcelloc

I have installed new build. Here is info.

[2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(9): pkg_info
bsdinstaller-2.0.2011.1212 BSD Installer mega-package
cyrus-sasl-2.1.25_1 RFC 2222 SASL (Simple Authentication and Security Layer)
db41-4.1.25_4       The Berkeley DB package, revision 4.1
freetype2-2.4.7     A free and portable TrueType font rendering engine
gd-2.0.35_7,1       A graphics library for fast creation of images
gettext-0.18.1.1    GNU gettext package
grub-0.97_4         GRand Unified Bootloader
jpeg-8_3            IJG's jpeg compression utilities
libiconv-1.13.1_1   A character set conversion library
openldap-sasl-client-2.4.26 Open source LDAP client implementation with SASL2 support
perl-5.12.4_3       Practical Extraction and Report Language
pkg-config-0.25_1   A utility to retrieve information about installed libraries
png-1.4.8           Library for manipulating PNG images
sarg-2.3.2_4        Squid log analyzer and HTML report generator
squid-3.1.19        HTTP Caching Proxy
[2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(10):

Thank u

marcelloc

Can you see if there's ldap queries during sarg reports with this latest version?

Donny

@marcelloc:

Can you see if there's ldap queries during sarg reports with this latest version?

I only got this version> [2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(10): sarg version: 2.3.2 Nov-23-2011

For ldap queries,you mean that I have to check at access.log.

When I use ldap search the result is 0 success:

[2.0.1-RELEASE][admin@xxxx.nxbuter.dsns]/root(3): ldapsearch -x -h 172.31.21.10 -p 389 -s sub -D "cn=Administrator,cn=Users,dc=nxxxter,dc=dsns" -w "SargLdapPassWord" -b "dc=nxxxter,DC=dsns" "(sAMAccountName=%s)" cn
# extended LDIF
#
# LDAPv3
# base <dc=nxxxter,dc=dsns>with scope subtree
# filter: (sAMAccountName=%s)
# requesting: cn
#

# search reference
ref: ldap://ForestDnsZones.nxxxter.dsns/DC=ForestDnsZones,DC=nxxxter,DC=dsns

# search reference
ref: ldap://DomainDnsZones.nxxxter.dsns/DC=DomainDnsZones,DC=nxxxter,DC=dsns

# search reference
ref: ldap://nxbuter.dsns/CN=Configuration,DC=nxxxter,DC=dsns

# search result
search: 2
result: 0 Success

# numResponses: 4
# numReferences: 3
[2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(4):</dc=nxxxter,dc=dsns> 

marcelloc

@Donny:

For ldap queries,you mean that I have to check at access.log.

I mean on a second console/ssh, run tcpdump on lan interface port 389 or host 172.31.21.10 and see if when you run sarg, it tries to search ldap

Donny

@marcelloc:

@Donny:

For ldap queries,you mean that I have to check at access.log.

I mean on a second console/ssh, run tcpdump on lan interface port 389 or host 172.31.21.10 and see if when you run sarg, it tries to search ldap

!!!!! Nothing happen when I run tcpdump with this -ni, -vi, -vvi
[2.0.1-RELEASE][admin@xxxx.nxxxter.dsns]/root(10): tcpdump -vvi em1 tcp port 389
tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 96 bytes

but sometime work and sometime not

Do I have to edit sarg.conf with more option enable?

marcelloc

@Donny:

Do I have to edit sarg.conf with more option enable?

All ldap options are configured on gui, but of course you can check if there is something missing.

Donny

@marcelloc:

@Donny:

Do I have to edit sarg.conf with more option enable?

All ldap options are configured on gui, but of course you can check if there is something missing.

Hello Marcelloc,

I don't see any sarg on > pfsense > Status. How can I config SARG on gui?

I asked to edit sarg.conf because I just only enable some option on sarg.conf file and I think maybe some option is missing.

Thank u

marcelloc

@Donny:

I don't see any sarg on > pfsense > Status. How can I config SARG on gui?

status -> sarg reports????

try to reinstall package, the menu is there

Donny

@marcelloc:

@Donny:

I don't see any sarg on > pfsense > Status. How can I config SARG on gui?

status -> sarg reports????

try to reinstall package, the menu is there

you mean from this:

pkg_add -r http://e-sac.siteseguro.ws/packages/8/All/sarg-2.3.2_4.tbz

marcelloc

No,

system -> packages -> Available Packages  -> sarg

Donny

@marcelloc:

No,

system -> packages -> Available Packages  -> sarg

I understood now, form pfsense console, first just only delete SARGv.xxxx that it has installed before. After SARGv.xxxx deleted with this command  "pkg_delete sarg-x.x.x", SARG gui still remain on
"Status > Sarg Reports". Then install sarg-2.3.2_4 from "pkg_add -r http://e-sac.siteseguro.ws/packages/8/All/sarg-2.3.2_4.tbz", that's it.
Anyway SARG reports with full user name from LDAP still not work.

Thank u

Donny

Hello Marcello, I have some question I use sarg and squid proxy authentication with Ldap Windows 2008. When I use domain user name to login on Chrome or Firefox web browser, at system log I always get
"DNS-rebind attack detected: xxxxter.dsns" . I always have this problem only I put internal DNS server IP address on System > General Setup> DNS Servers. I spend a lot of time to find out to solve this problem but never success. Is it possible to give me some suggestion where is this the problem coming from?

Thank u

Donny

marcelloc

Somebody posted these day a workaround for this, try to search on forum for dns rebind ad.

Donny

@marcelloc:

Somebody posted these day a workaround for this, try to search on forum for dns rebind ad.

No more ask again because I have 2 or 3 times posted.

Thank u very much Marcelloc

Donny

jikjik101

Hi marcelloc,

Great package. But how to manually delete the sarg reports?
My pfsense got problem with full hard disk error and the largest directory is from the sarg reports.
I forgot to use the rotate logs before.

And what does Cache-in and Cache-out mean?

Thanks in advance.

marcelloc

@jikjik101:

Hi marcelloc,

Great package. But how to manually delete the sarg reports?
My pfsense got problem with full hard disk error and the largest directory is from the sarg reports.
I forgot to use the rotate logs before.

Just delete reports on /usr/local/www/sarg-reports using rm on console/ssh.

marcelloc

Hi all,

Just published version 0.4.2 with fixes on squidguard log rotate and a faster boot startup process.

att,
Marcello Coutinho