Sarg package for pfsense
-
Since last update, there is no more squidguard redirector!
The configs remains the same… What happen? -
Great Job for this Package!
-
Hello all,
Has anyone successes with Sarg report full username from LDAP server of windows 2008?
Thank u
Hello marcelloc and all
So quiet here, any news over SARG
-
-
To get this right, LDAP is not working correctly in sarg pfsense package to report usernames in AD on a Windows 2008 Domain? I have been trying to get this to work and have failed. Is everyone having the same issues?
-
questions
I am Brazilian and I can not speak English so I'm translating it in google translator. I hope you understand and help me.
How do I set up the flap schedule? Can anyone give me an example?
My difficulty is the option Sarg ARGS
can anyone give me an example with a correct date, please?
Which option to use in Action after sarg?
After configuring the View Report tab work? For my gives error saying I need to set the flap schedule -
questions
I am Brazilian and I can not speak English so I'm translating it in google translator. I hope you understand and help me.
How do I set up the flap schedule? Can anyone give me an example?
My difficulty is the option Sarg ARGS
can anyone give me an example with a correct date, please?
Which option to use in Action after sarg?
After configuring the View Report tab work? For my gives error saying I need to set the flap schedulekleyverson,
post without google on portuguese forum :)
Lá já tem um tópico para o sarg.
att,
Marcello Coutinho -
Hi Marcello,
I logged into the pfsence box last week (the 15th) before heading out on vacation (how bad is that? not in the best practices guide anyway…) and noticed there was an update for SARG. I applied it.
I logged in again today to generate a SARG report on a site. I noticed SARG hasn't worked since the upgrade. Seems 'topuser_sort_field' is causing it some grief, (wondering if that was the modification you did when I suggested it as a feature add upon your release of the package...)..
has anyone else had this issue and/or is there anything you would like to see? I'll hold off on a re-install or touching anything till i hear back from you.
take care,
gregMay 15 10:46:52 gw-master php: /pkg_mgr_install.php: Beginning package installation for Sarg.
May 15 10:46:55 gw-master php: /pkg_mgr_install.php: [sarg] sarg_xmlrpc_sync.php is starting.
May 15 10:46:55 gw-master php: /pkg_mgr_install.php: [sarg] sarg_xmlrpc_sync.php is starting.
May 15 11:00:01 gw-master php: : Sarg: force refresh now with '' args and both action after sarg finish.
May 15 11:00:01 gw-master php: : The command '/usr/local/bin/sarg ' returned exit code '1', the output was 'SARG: Unknown sort criterion "NORMAL" for parameter "topuser_sort_field"'
May 15 11:00:01 gw-master php: : executing squid log rotate after sarg.
May 15 12:00:01 gw-master php: : Sarg: force refresh now with '' args and both action after sarg finish.
May 15 12:00:01 gw-master php: : The command '/usr/local/bin/sarg ' returned exit code '1', the output was 'SARG: Unknown sort criterion "NORMAL" for parameter "topuser_sort_field"'
May 15 12:00:01 gw-master php: : executing squid log rotate after sarg.May 22 16:23:44 gw-master php: /pkg_edit.php: The command '/usr/local/bin/sarg ' returned exit code '1', the output was 'SARG: Unknown sort criterion "NORMAL" for parameter "topuser_sort_field"'
May 22 16:23:44 gw-master php: /pkg_edit.php: executing squid log rotate after sarg.
w with '' args and action after sarg finish.
Apr 24 21:00:00 gw-master php: : Sarg: force refresh now with '' args and action after sarg finish.
Apr 24 22:00:01 gw-master php: : Sarg: force refresh now with '' args and action after sarg finish.
Apr 24 23:00:00 gw-master php: : Sarg: force refresh now with '' args and action after sarg finish. -
-
Did you tried to change user sort field on sarg gui?
-
Did you tried to change user sort field on sarg gui?
yes, doing that seemed to fix it.
thanks,
greg -
after last update…
squid logs are in /var/squid/logs/access.log' not "/var/log/squid/access.log""
how to fix???system logs:
php: /pkg_edit.php: The command '/usr/local/bin/sarg ' returned exit code '1', the output was 'SARG: File not found: /var/log/squid/access.log' -
after last update... squid logs are in /var/squid/logs/access.log' not "/var/log/squid/access.log"" how to fix??? system logs: php: /pkg_edit.php: The command '/usr/local/bin/sarg ' returned exit code '1', the output was 'SARG: File not found: /var/log/squid/access.log'
me too the same error at system logs. The squid proxy also got error the line 1378 or 1387 (I am not sure which file name "Squid.conf" or "Squid.inf") after I made config at "General tab", when I click the save button.
SARG also no real time report at all. -
Donny, did you tried to save config after package update?
the code has the correct folder but maybe the default config file of sarg 2.3.2 has /var/log/squid/access.log
$sarg_proxy=array( 'squid_rc'=>'/usr/local/etc/rc.d/squid.sh', 'squid_config'=>'/var/squid/logs/access.log', 'squidguard_config'=>'/usr/local/etc/squidGuard/squidGuard.conf', 'squidguard_block_log'=>'/var/squidGuard/log/block.log', 'dansguardian_config'=>'/usr/local/etc/dansguardian/dansguardian.conf', 'dansguardian_log'=>'/var/log/dansguardian/access.log');
-
Donny, did you tried to save config after package update? the code has the correct folder but maybe the default config file of sarg 2.3.2 has /var/log/squid/access.log
Hallo Marcelloc
First, I have clean install Squid3 and configured, then I click save and I got squid proxy error fatal the line 1378 or 1387 (I am not sure which number) on Chrome web browser and I also not sure which file name "Squid.conf" or "Squid_reverse.inf")
Second, I have clean install SARG last version and configured in General tab, User tab and Schedule tab, then save. When I click update button at Real time report, no real time report appear at all.
I also try to reboot pfsense many time after config Squid3 and SARG but the Real time report still not appear.
Anyway I will try to clean install pfSense and Squid3 and SARG again later.Thank you
Donny -
Anyway I will try to clean install pfSense and Squid3 and SARG again later.
Try sarg just after you get squid up and running.
I'll check this squid3 first run error as soon as possible.
att,
Marcello Coutinho -
Anyway I will try to clean install pfSense and Squid3 and SARG again later.
Try sarg just after you get squid up and running.
I'll check this squid3 first run error as soon as possible.
att,
Marcello CoutinhoHello Marcelloc
I will do and test it in this evening. I will make some screenshot also for some error.
Donny
-
Hello Marcelloc
I just clean install pfSense and basic configured. After that I have installed Squid3 last version.
In the Squid "general tab" I just only use some default setting. I enable "Enable logging and log rotate" and also changed the language to "en". So I click save.I got fatal error on Chrome web browser like this:
"Fatal error: Cannot use string offset as an array in /usr/local/pkg/squid.inc on line 1378"
and at this point I enter Chrome web browser again I got: "Error: No packege defined".
then I enter pfSense Lan IP and went back to Squid general tab but not things save (Enable logging and log rotate and language "en"). I saw on dashboard that Squid is not running and then
I tried to configure squid on general tab again and the click save but at this time I don't get any fatal error.I also checked at system log file and I saw some error like this:
php: /pkg_edit.php: The command '/usr/local/sbin/squid -k kill' returned exit code '1', the output was 'squid: ERROR: No running copy'
So you can see my screenshot.
I did not install SARG yet. Just only clean install pfsense and squid3Thank u
Donny
![Squid fatal error.png](/public/imported_attachments/1/Squid fatal error.png)
![Squid fatal error.png_thumb](/public/imported_attachments/1/Squid fatal error.png_thumb)
![Squid Error No package defined.png](/public/imported_attachments/1/Squid Error No package defined.png)
![Squid Error No package defined.png_thumb](/public/imported_attachments/1/Squid Error No package defined.png_thumb)
![Squid syslog file.png](/public/imported_attachments/1/Squid syslog file.png)
![Squid syslog file.png_thumb](/public/imported_attachments/1/Squid syslog file.png_thumb) -
Donny,
I've pushed a fix to this issue with no version change, on my tests it's working fine now.
wait 15 minutes, reinstall the package and try to configure it again.
att,
Marcello Coutinho -
Donny,
I've pushed a fix to this issue with no version change, on my tests it's working fine now.
wait 15 minutes, reinstall the package and try to configure it again.
att,
Marcello CoutinhoOk, I will try after 30 minutes.
-
I just clean install pfSense and basic configured. After that I have installed Squid3 last version. In the Squid "general tab" I just only use some default setting. I enable "Enable logging and log rotate" and also changed the language to "en". So I click save. I got fatal error on Chrome web browser like this: "Fatal error: Cannot use string offset as an array in /usr/local/pkg/squid.inc on line 1378" and at this point I enter Chrome web browser again I got: "Error: No packege defined". then I enter pfSense Lan IP and went back to Squid general tab but not things save (Enable logging and log rotate and language "en"). I saw on dashboard that Squid is not running and then I tried to configure squid on general tab again and the click save but at this time I don't get any fatal error. I also checked at system log file and I saw some error like this: php: /pkg_edit.php: The command '/usr/local/sbin/squid -k kill' returned exit code '1', the output was 'squid: ERROR: No running copy' So you can see my screenshot. I did not install SARG yet. Just only clean install pfsense and squid3
Hello Marcello,
I just tried it and I got the same fatal error and the same result that I explain before.
This is second time to clean install pfSense and Squid. I did not try to reinstall squid package because I want to be sure that squid work without error.
Now in Holland is almost 1 AM in the morning, I am going to bed now.
Donny
-
I'll try to reproduce this error.
Try to refresh the page with f5 and save again.
-
Hi marcelloc
looks like sarg can't handle large entries on file /var/squidGuard/log/block.log
I don't want erase the file /var/squidGuard/log/block.log, could u help me?
php: /pkg_edit.php: The command '/usr/local/bin/sarg ' returned exit code '1', the output was 'SARG: Records in file: 27976, reading: 0.00%^MSARG: Records in file: 5000, reading: 17.87%^MSARG: Records in file: 10000, reading: 35.74%^MSARG: Records in file: 15000, reading: 53.62%^MSARG: Records in file: 20000, reading: 71.49%^MSARG: Records in file: 25000, reading: 89.36%^MSARG: Hour string too long in redirector log file /var/squidGuard/log/block.log SARG: Records in file: 27976, reading: 100.00%'
-
looks like sarg can't handle large entries on file /var/squidGuard/log/block.log
I don't want erase the file /var/squidGuard/log/block.log, could u help me?try to split this log or use sarg args to limit log search.
Hour string too long in redirector log file /var/squidGuard/log/block.log SARG: Records in file: 27976, reading: 100.00%'
I understand this error as some format error on log file/line not a too many records errors.
-
Thanks!
I've set the User_report_limit to 300 and rotate squidguard block log…
It's work for a while... than stopped sudenly again!
php: /pkg_edit.php: The command '/usr/local/bin/sarg ' returned exit code '1', the output was 'SARG: Records in file: 86169, reading: 0.00%^MSARG: Records in file: 5000, reading: 5.80%^MSARG: Records in file: 10000, reading: 11.61%^MSARG: Records in file: 15000, reading: 17.41%^MSARG: Records in file: 20000, reading: 23.21%^MSARG: Records in file: 25000, reading: 29.01%^MSARG: Records in file: 30000, reading: 34.82%^MSARG: Records in file: 35000, reading: 40.62%^MSARG: Records in file: 40000, reading: 46.42%^MSARG: Records in file: 45000, reading: 52.22%^MSARG: Records in file: 50000, reading: 58.03%^MSARG: Records in file: 55000, reading: 63.83%^MSARG: Records in file: 60000, reading: 69.63%^MSARG: Records in file: 65000, reading: 75.43%^MSARG: Records in file: 70000, reading: 81.24%^MSARG: Records in file: 75000, reading: 87.04%^MSARG: Records in file: 80000, reading: 92.84%^MSARG: Records in file: 85000, reading: 98.64%^MSARG: Successful report generated on /usr/local/sarg-reports/29May2
- 11 days later
-
i did conf like you,http://forum.pfsense.org/index.php/topic,47765.165.html
its ok now ,thank you for great jobhello marcelloc,i got this error while testing sarg with squid and squidguard,and can't see reports on view report tab
Error: Could not find report index file.
Check and save sarg settings and try to force sarg schedule.php: : The command '/usr/local/bin/sarg ' returned exit code '1', the output was 'SARG: Records in file: 72216, reading: 0.00%^MSARG: Records in file: 5000, reading: 6.92%^MSARG: Records in file: 10000, reading: 13.85%^MSARG: Records in file: 15000, reading: 20.77%^MSARG: Records in file: 20000, reading: 27.69%^MSARG: Records in file: 25000, reading: 34.62%^MSARG: Records in file: 30000, reading: 41.54%^MSARG: Records in file: 35000, reading: 48.47%^MSARG: Records in file: 40000, reading: 55.39%^MSARG: Records in file: 45000, reading: 62.31%^MSARG: Records in file: 50000, reading: 69.24%^MSARG: Records in file: 55000, reading: 76.16%^MSARG: Records in file: 60000, reading: 83.08%^MSARG: Records in file: 65000, reading: 90.01%^MSARG: Records in file: 70000, reading: 96.93%^MSARG: Cannot delete /usr/local/sarg-reports/2012/06/12/debakim.html - No such file or directory SARG: Records in file: 72216, reading: 100.00%'
- about a month later
-
Is Sarg currently broken?
I am running Sarg on Squid2 logs, kept the default Report Options, selected all entries in Report to generate, and set up an hourly schedule.
After forcing the update, the View Report gives me:
Error: Could not find report index file.
Check and save sarg settings and try to force sarg schedule.{$dir}/{$url} in sarg_frame-php contains /usr/local/sarg-reports/index.html, which does not exist, but report files have been generated under /usr/local/sarg-reports/2012/07/26 which mirrors today's date.
Any suggestions what to do?
-
Is Sarg currently broken?
No, I have 6 working with latest version
{$dir}/{$url} in sarg_frame-php contains /usr/local/sarg-reports/index.html, which does not exist, but report files have been generated under /usr/local/sarg-reports/2012/07/26 which mirrors today's date.
Any suggestions what to do?
Did you selected "Generate the main index.html" option on gui?
I've attached a screenshot with my current setup.
-
Did you selected "Generate the main index.html" option on gui?
No, I didn't. Now that I did it, it is working.
Thanx.
-
Can somebody explain if I need to set up log rotation in the schedule or not? And how this works?
I have it set to default ( do nothing) in SAR and have my squid settings set to 186 days log rotation (aprox 6 months).
Do I need to use the log rotation of SARG as wel? What does it do exactly? Clean up my old logs?
-
Do I need to use the log rotation of SARG as wel?
No, just one log rotate is fine.
What does it do exactly? Clean up my old logs?
Rotate logs and keep last 10 rotated files.(access.log.0 access.log.1 access.log.2…)
att,
Marcello Coutinho -
Thanks for your reply.
Does it mean that it reads through the whole file everytime? So If I have it set to rotate in squid settings every 6 months will this cause it to be slow at generating the report?
-
Thanks for your reply.
Does it mean that it reads through the whole file everytime? So If I have it set to rotate in squid settings every 6 months will this cause it to be slow at generating the report?
Yes, you can use date arg in schedules, but sarg will read all file the same way looking for logs on that date range.
-
If I change the rotation to 1 month in squid settings? Will it "save" my old logs in SARG? So I can view the internet logs older than one month?
So.. if I set squid to rotate every 30 days, does SARG delete the old data? Or does it display the old logs (from the last months) even though they have been rotated? (renamed?)
-
If I change the rotation to 1 month in squid settings? Will it "save" my old logs in SARG? So I can view the internet logs older than one month?
yes
So.. if I set squid to rotate every 30 days, does SARG delete the old data? Or does it display the old logs (from the last months) even though they have been rotated? (renamed?)
no
-
Maybe a language barrier here.. but do you mean yes I can still view the older internet proxy logs (older than 30 days) in SARG even though I set it to rotate every 30 days in Squid?
-
Maybe a language barrier here.. but do you mean yes I can still view the older internet proxy logs (older than 30 days) in SARG even though I set it to rotate every 30 days in Squid?
yes, you can. Sarg create html static reports on /usr/local/sarg-reports.
If you delete your squid logs, reports will be there.
if you run sarg after rotating logs, old reports will not be deleted. -
Hi.
I am struggling to get Sarg to work for me with Squid.
I initially created some reports, and they showed many users, everything seemed fine.
Now, if I click to create logs on the schedule (force), using a wide date range, I get just one user in the report? I know there is more activity than that!
I tried to delete sarg (and used file manager to delete sarg folders I could see), reinstalled (it seemed to still remember my settings), but now I just get:
Error: Could not find report index file.
Check and save sarg settings and try to force sarg schedule.when I try to view reports (after trying to force them again). There are loads of log files in the squid log folder.
I set the schedule to 1d, rotate and restart, but it never seemed to create a report when I looked, only when I forced it?
What am I doing wrong?
Thanks :)
-
Check my config on previous thread page
http://forum.pfsense.org/index.php/topic,47765.msg277422.html#msg277422 -
Thanks.
My setup is similar to your screen shot, except I turn userid into IP address. I have changed the config and resaved, but it still will not work correctly.
I managed to get it to create a single report, but the report shows 0 users and has nothing in it.
I then left it a few days and tried to create a new report in the same way but nothing appears on the report page?
Is it possible to remove the package completely and re-install? When I tried that, when reinstalling, it knew all my settings from the last time, so obviously did not fully uninstall? What files would I need to delete to have a completely clean re-install?
When you select "restart proxy" on the schedule, does this clear the squid logs?
Should the schedule run every day if I enter 1d? When during the day would it?
Really struggling to get this going!
Cheers.