Sarg package for pfsense
-
Can somebody explain if I need to set up log rotation in the schedule or not? And how this works?
I have it set to default ( do nothing) in SAR and have my squid settings set to 186 days log rotation (aprox 6 months).
Do I need to use the log rotation of SARG as wel? What does it do exactly? Clean up my old logs?
-
Do I need to use the log rotation of SARG as wel?
No, just one log rotate is fine.
What does it do exactly? Clean up my old logs?
Rotate logs and keep last 10 rotated files.(access.log.0 access.log.1 access.log.2…)
att,
Marcello Coutinho -
Thanks for your reply.
Does it mean that it reads through the whole file everytime? So If I have it set to rotate in squid settings every 6 months will this cause it to be slow at generating the report?
-
Thanks for your reply.
Does it mean that it reads through the whole file everytime? So If I have it set to rotate in squid settings every 6 months will this cause it to be slow at generating the report?
Yes, you can use date arg in schedules, but sarg will read all file the same way looking for logs on that date range.
-
If I change the rotation to 1 month in squid settings? Will it "save" my old logs in SARG? So I can view the internet logs older than one month?
So.. if I set squid to rotate every 30 days, does SARG delete the old data? Or does it display the old logs (from the last months) even though they have been rotated? (renamed?)
-
If I change the rotation to 1 month in squid settings? Will it "save" my old logs in SARG? So I can view the internet logs older than one month?
yes
So.. if I set squid to rotate every 30 days, does SARG delete the old data? Or does it display the old logs (from the last months) even though they have been rotated? (renamed?)
no
-
Maybe a language barrier here.. but do you mean yes I can still view the older internet proxy logs (older than 30 days) in SARG even though I set it to rotate every 30 days in Squid?
-
Maybe a language barrier here.. but do you mean yes I can still view the older internet proxy logs (older than 30 days) in SARG even though I set it to rotate every 30 days in Squid?
yes, you can. Sarg create html static reports on /usr/local/sarg-reports.
If you delete your squid logs, reports will be there.
if you run sarg after rotating logs, old reports will not be deleted. -
Hi.
I am struggling to get Sarg to work for me with Squid.
I initially created some reports, and they showed many users, everything seemed fine.
Now, if I click to create logs on the schedule (force), using a wide date range, I get just one user in the report? I know there is more activity than that!
I tried to delete sarg (and used file manager to delete sarg folders I could see), reinstalled (it seemed to still remember my settings), but now I just get:
Error: Could not find report index file.
Check and save sarg settings and try to force sarg schedule.when I try to view reports (after trying to force them again). There are loads of log files in the squid log folder.
I set the schedule to 1d, rotate and restart, but it never seemed to create a report when I looked, only when I forced it?
What am I doing wrong?
Thanks :)
-
Check my config on previous thread page
http://forum.pfsense.org/index.php/topic,47765.msg277422.html#msg277422 -
Thanks.
My setup is similar to your screen shot, except I turn userid into IP address. I have changed the config and resaved, but it still will not work correctly.
I managed to get it to create a single report, but the report shows 0 users and has nothing in it.
I then left it a few days and tried to create a new report in the same way but nothing appears on the report page?
Is it possible to remove the package completely and re-install? When I tried that, when reinstalling, it knew all my settings from the last time, so obviously did not fully uninstall? What files would I need to delete to have a completely clean re-install?
When you select "restart proxy" on the schedule, does this clear the squid logs?
Should the schedule run every day if I enter 1d? When during the day would it?
Really struggling to get this going!
Cheers.
-
Is it possible to remove the package completely and re-install? When I tried that, when reinstalling, it knew all my settings from the last time, so obviously did not fully uninstall? What files would I need to delete to have a completely clean re-install?
There is no file to delete, all sarg settings stays on pfsense xml file.
When you select "restart proxy" on the schedule, does this clear the squid logs?
No, just a restart.
Should the schedule run every day if I enter 1d? When during the day would it?
It runs at 00:00 via cron job. You can install cron package to see it.
-
Thanks.
I can see it in Cron.
I am able to run the schedule fanualy (force button) and the reports do now create for the day, but the schedule is not working?
I have it set to do a report for the day each day.
Where do I look to see why it wont run on the schedule?
Thanks.
-
Hi,
My Sarg settings also same. Schedule is 1d, but was not working. Then installed the Cron package and edited the cron job,
59 23 * * * root /usr/local/bin/php /usr/local/www/sarg.php 0
Now, I am getting the report.
-
maybe because you selected to rotate logs on squid too. This way sarg has a small log to read.
-
Thanks - I will give that a go and see how it works tomorrow :)
-
Altering the CRON job seems to have sorted it, thanks.
-
marcelloc,
I have kept Squid log rotate for 5 days and sarg schedule Post action is none.
Now SARG reports are generated every day after editing the schedule in the cron (59 23 …).
Thanks for the package.
-
Now SARG reports are generated every day after editing the schedule in the cron (59 23 …).
It makes sense. You've included the -d arg on your schedule, so if it runs at 00:00, it will get no log from current day.
The change to 23:59 is a good workaround for that.att,
Marcello Coutinho -
Confusing me a tat ;D
How should I set this up to create a log each day? I have open WiFi which turns on at 8am and off at midnight, so although the log being created at 11:59pm is fine, 12:01 would be better :P
Can't quite work it around in my head?
If I don't have -d on the sarg args line, how do I specify the previous day in the schedule?
ALSO
Is it possible to delete some of the reports before they rotate? I have my rotate set as 90 days, the first 6 or so reports are pointless and I would like to delete them if possible?
Thanks!
