• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Sarg package for pfsense

Scheduled Pinned Locked Moved
pfSense Packages
99
467
469.0k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    Fesoj
    last edited by Jul 26, 2012, 9:37 PM

    Did you selected "Generate the main index.html" option on gui?

    No, I didn't. Now that I did it, it is working.

    Thanx.

    1 Reply Last reply Reply Quote 0
    • A
      AudiAddict
      last edited by Jul 30, 2012, 1:52 PM Jul 30, 2012, 1:34 PM

      Can somebody explain if I need to set up log rotation in the schedule or not? And how this works?

      I have it set to default ( do nothing) in SAR and have my squid settings set to 186 days log rotation (aprox 6 months).

      Do I need to use the log rotation of SARG as wel? What does it do exactly? Clean up my old logs?

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by Jul 30, 2012, 3:22 PM

        @AudiAddict:

        Do I need to use the log rotation of SARG as wel?

        No, just one log rotate is fine.

        @AudiAddict:

        What does it do exactly? Clean up my old logs?

        Rotate logs and keep last 10 rotated files.(access.log.0 access.log.1 access.log.2…)

        att,
        Marcello Coutinho

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • A
          AudiAddict
          last edited by Jul 30, 2012, 4:01 PM

          Thanks for your reply.

          Does it mean that it reads through the whole file everytime? So If I have it set to rotate in squid settings every 6 months will this cause it to be slow at generating the report?

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by Jul 30, 2012, 5:43 PM

            @AudiAddict:

            Thanks for your reply.

            Does it mean that it reads through the whole file everytime? So If I have it set to rotate in squid settings every 6 months will this cause it to be slow at generating the report?

            Yes, you can use date arg in schedules, but sarg will read all file the same way looking for logs on that date range.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • A
              AudiAddict
              last edited by Jul 30, 2012, 5:51 PM

              If I change the rotation to 1 month in squid settings? Will it "save" my old logs in SARG? So I can view the internet logs older than one month?

              So.. if I set squid to rotate every 30 days, does SARG delete the old data? Or does it display the old logs (from the last months) even though they have been rotated? (renamed?)

              1 Reply Last reply Reply Quote 0
              • marcellocM
                marcelloc
                last edited by Jul 30, 2012, 6:09 PM

                @AudiAddict:

                If I change the rotation to 1 month in squid settings? Will it "save" my old logs in SARG? So I can view the internet logs older than one month?

                yes

                @AudiAddict:

                So.. if I set squid to rotate every 30 days, does SARG delete the old data? Or does it display the old logs (from the last months) even though they have been rotated? (renamed?)

                no

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • A
                  AudiAddict
                  last edited by Jul 30, 2012, 6:29 PM

                  Maybe a language barrier here.. but do you mean yes I can still view the older internet proxy logs (older than 30 days) in SARG even though I set it to rotate every 30 days in Squid?

                  1 Reply Last reply Reply Quote 0
                  • marcellocM
                    marcelloc
                    last edited by Jul 30, 2012, 6:33 PM

                    @AudiAddict:

                    Maybe a language barrier here.. but do you mean yes I can still view the older internet proxy logs (older than 30 days) in SARG even though I set it to rotate every 30 days in Squid?

                    yes, you can. Sarg create html static reports on /usr/local/sarg-reports.

                    If you delete your squid logs, reports will be there.
                    if you run sarg after rotating logs, old reports will not be deleted.

                    Treinamentos de Elite: http://sys-squad.com

                    Help a community developer! ;D

                    1 Reply Last reply Reply Quote 0
                    • L
                      Lectrician
                      last edited by Aug 4, 2012, 7:48 AM

                      Hi.

                      I am struggling to get Sarg to work for me with Squid.

                      I initially created some reports, and they showed many users, everything seemed fine.

                      Now, if I click to create logs on the schedule (force), using a wide date range, I get just one user in the report?  I know there is more activity than that!

                      I tried to delete sarg (and used file manager to delete sarg folders I could see), reinstalled (it seemed to still remember my settings), but now I just get:

                      Error: Could not find report index file.
                      Check and save sarg settings and try to force sarg schedule.

                      when I try to view reports (after trying to force them again).  There are loads of log files in the squid log folder.

                      I set the schedule to 1d, rotate and restart, but it never seemed to create a report when I looked, only when I forced it?

                      What am I doing wrong?

                      Thanks  :)

                      1 Reply Last reply Reply Quote 0
                      • marcellocM
                        marcelloc
                        last edited by Aug 5, 2012, 1:48 AM

                        Check my config on previous thread page
                        http://forum.pfsense.org/index.php/topic,47765.msg277422.html#msg277422

                        Treinamentos de Elite: http://sys-squad.com

                        Help a community developer! ;D

                        1 Reply Last reply Reply Quote 0
                        • L
                          Lectrician
                          last edited by Aug 7, 2012, 6:03 AM

                          Thanks.

                          My setup is similar to your screen shot, except I turn userid into IP address.  I have changed the config and resaved, but it still will not work correctly.

                          I managed to get it to create a single report, but the report shows 0 users and has nothing in it.

                          I then left it a few days and tried to create a new report in the same way but nothing appears on the report page?

                          Is it possible to remove the package completely and re-install?  When I tried that, when reinstalling, it knew all my settings from the last time, so obviously did not fully uninstall?  What files would I need to delete to have a completely clean re-install?

                          When you select "restart proxy" on the schedule, does this clear the squid logs?

                          Should the schedule run every day if I enter 1d?  When during the day would it?

                          Really struggling to get this going!

                          Cheers.

                          1 Reply Last reply Reply Quote 0
                          • marcellocM
                            marcelloc
                            last edited by Aug 7, 2012, 2:57 PM

                            @Lectrician:

                            Is it possible to remove the package completely and re-install?  When I tried that, when reinstalling, it knew all my settings from the last time, so obviously did not fully uninstall?  What files would I need to delete to have a completely clean re-install?

                            There is no file to delete, all sarg settings stays on pfsense xml file.

                            @Lectrician:

                            When you select "restart proxy" on the schedule, does this clear the squid logs?

                            No, just a restart.

                            @Lectrician:

                            Should the schedule run every day if I enter 1d?  When during the day would it?

                            It runs at 00:00 via cron job. You can install cron package to see it.

                            Treinamentos de Elite: http://sys-squad.com

                            Help a community developer! ;D

                            1 Reply Last reply Reply Quote 0
                            • L
                              Lectrician
                              last edited by Aug 9, 2012, 1:19 PM

                              Thanks.

                              I can see it in Cron.

                              I am able to run the schedule fanualy (force button) and the reports do now create for the day, but the schedule is not working?

                              I have it set to do a report for the day each day.

                              Where do I look to see why it wont run on the schedule?

                              Thanks.

                              1 Reply Last reply Reply Quote 0
                              • C
                                chowtamah
                                last edited by Aug 10, 2012, 3:41 AM

                                Hi,

                                My Sarg settings also same. Schedule is 1d, but was not working. Then installed the Cron package and edited the cron job,

                                59 23 * * * root /usr/local/bin/php /usr/local/www/sarg.php 0

                                Now, I am getting the report.

                                2.0.2-RELEASE (amd64)  &  2.2.2-RELEASE (amd64)

                                Always trying to learn!!

                                1 Reply Last reply Reply Quote 0
                                • marcellocM
                                  marcelloc
                                  last edited by Aug 10, 2012, 10:14 PM

                                  maybe because you selected to rotate logs on squid too. This way sarg has a small log to read.

                                  Treinamentos de Elite: http://sys-squad.com

                                  Help a community developer! ;D

                                  1 Reply Last reply Reply Quote 0
                                  • L
                                    Lectrician
                                    last edited by Aug 11, 2012, 4:46 PM

                                    Thanks - I will give that a go and see how it works tomorrow  :)

                                    1 Reply Last reply Reply Quote 0
                                    • L
                                      Lectrician
                                      last edited by Aug 12, 2012, 8:40 AM

                                      Altering the CRON job seems to have sorted it, thanks.

                                      1 Reply Last reply Reply Quote 0
                                      • C
                                        chowtamah
                                        last edited by Aug 13, 2012, 5:35 AM

                                        marcelloc,

                                        I have kept Squid log rotate for 5 days and sarg schedule Post action is none.

                                        Now SARG reports are generated every day after editing the schedule in the cron (59 23 …).

                                        Thanks for the package.

                                        2.0.2-RELEASE (amd64)  &  2.2.2-RELEASE (amd64)

                                        Always trying to learn!!

                                        1 Reply Last reply Reply Quote 0
                                        • marcellocM
                                          marcelloc
                                          last edited by Aug 13, 2012, 2:16 PM

                                          @chowtamah:

                                          Now SARG reports are generated every day after editing the schedule in the cron (59 23 …).

                                          It makes sense. You've included the -d arg on your schedule, so if it runs at 00:00, it will get no log from current day.
                                          The change to 23:59 is a good workaround for that.

                                          att,
                                          Marcello Coutinho

                                          Treinamentos de Elite: http://sys-squad.com

                                          Help a community developer! ;D

                                          1 Reply Last reply Reply Quote 0
                                          • L
                                            Lectrician
                                            last edited by Aug 14, 2012, 9:39 AM Aug 13, 2012, 8:33 PM

                                            Confusing me a tat  ;D

                                            How should I set this up to create a log each day?  I have open WiFi which turns on at 8am and off at midnight, so although the log being created at 11:59pm is fine, 12:01 would be better  :P

                                            Can't quite work it around in my head?

                                            If I don't have -d on the sarg args line, how do I specify the previous day in the schedule?

                                            ALSO

                                            Is it possible to delete some of the reports before they rotate?  I have my rotate set as 90 days, the first 6 or so reports are pointless and I would like to delete them if possible?

                                            Thanks!

                                            1 Reply Last reply Reply Quote 0
                                            • marcellocM
                                              marcelloc
                                              last edited by Aug 14, 2012, 3:15 PM

                                              I'll change the schedule on the package to run at minute 59.
                                              use the same day arg that is available on package schedule description.

                                              I did not included a remove previous logs on current package version, but maybe on a future release.

                                              Try to clean it using a shell script on cron.

                                              att,
                                              Marcello Coutinho

                                              Treinamentos de Elite: http://sys-squad.com

                                              Help a community developer! ;D

                                              1 Reply Last reply Reply Quote 0
                                              • 29 days later
                                              • A
                                                aru
                                                last edited by Sep 12, 2012, 11:18 AM

                                                Hi,

                                                I am having problems with sarg package. I am running pfsense 2.1-BETA0 (i386) built on Tue Aug 28 14:42:47 EDT 2012 FreeBSD 8.3-RELEASE-p4 with squid 3 with dansguardian and freeradius 2. 
                                                Everything works except sarg.  I have configured sarg as suggested on this forum ie, i have selected default options mentioned in brackets including index and tree file.

                                                At console if i run sarg -x -z it shows errors with input log file location and output directory locations as in /usr/pbi/sarg-i386/etc/sarg/sarg.conf

                                                I found that from web gui, the config file is at /usr/local/etc/sarg/sarg.conf.  I created a symlink from /usr/pbi/sarg-i386/etc/sarg to point to /usr/local/etc/sarg/sarg.conf

                                                After this I ran sarg -x -z from pfsense box and reports created at /usr/local/sarg-reports which can be seen
                                                from gui and cron job creates report based on schedule, but "force update now" doesn't create any report and
                                                realtime also does'nt show any report.  Sorry if this is answered already, but I couldn't find anywhere.

                                                Kindly help,

                                                Thanks
                                                Arun

                                                1 Reply Last reply Reply Quote 0
                                                • marcellocM
                                                  marcelloc
                                                  last edited by Sep 12, 2012, 2:36 PM

                                                  I did had not time yet to make sarg running without manual symlinks on 2.1.

                                                  It will work fine on next package release.

                                                  Treinamentos de Elite: http://sys-squad.com

                                                  Help a community developer! ;D

                                                  1 Reply Last reply Reply Quote 0
                                                  • A
                                                    aru
                                                    last edited by Sep 12, 2012, 2:46 PM

                                                    Hi Marcello, I could not get it to work as I installed other packages from the gui.  My procedure may be wrong.
                                                    Need your help.  I am new to pfsense/freebsd & linux.  I could not understand your reply.

                                                    1 Reply Last reply Reply Quote 0
                                                    • marcellocM
                                                      marcelloc
                                                      last edited by Sep 12, 2012, 2:49 PM

                                                      @aru:

                                                      I am new to pfsense/freebsd & linux.  I could not understand your reply.

                                                      This package need some fixes do work with 2.1. I'll do it when I have time.

                                                      If you do not need ipv6, sarg package works fine on  pfsense 2.0.1

                                                      Treinamentos de Elite: http://sys-squad.com

                                                      Help a community developer! ;D

                                                      1 Reply Last reply Reply Quote 0
                                                      • A
                                                        aru
                                                        last edited by Sep 12, 2012, 2:55 PM

                                                        Thanks for your quick reply Marcello.

                                                        1 Reply Last reply Reply Quote 0
                                                        • marcellocM
                                                          marcelloc
                                                          last edited by Sep 14, 2012, 4:15 PM

                                                          Sarg pkg v 0.6 is out with gzip compress report options to reduce 4 times reports disk usage.

                                                          sarg_compress.png
                                                          sarg_compress.png_thumb

                                                          Treinamentos de Elite: http://sys-squad.com

                                                          Help a community developer! ;D

                                                          1 Reply Last reply Reply Quote 0
                                                          • S
                                                            serialdie
                                                            last edited by Sep 16, 2012, 5:09 PM

                                                            @marcelloc:

                                                            Sarg pkg v 0.6 is out with gzip compress report options to reduce 4 times reports disk usage.

                                                            Awesome.

                                                            Thanks marcelloc!

                                                            1 Reply Last reply Reply Quote 0
                                                            • marcellocM
                                                              marcelloc
                                                              last edited by Sep 17, 2012, 8:22 PM

                                                              version 0.6.1 is out with

                                                              • pfsense 2.1 support

                                                              • max report age option

                                                              backup you data and test it on labs before using report max age option on production. I'm not responsible for data lost.

                                                              Treinamentos de Elite: http://sys-squad.com

                                                              Help a community developer! ;D

                                                              1 Reply Last reply Reply Quote 0
                                                              • M
                                                                miles267
                                                                last edited by Sep 20, 2012, 1:35 PM

                                                                I recently updated to Sarg 2.3.2 pkg v.0.6.1.  Since then my reports have stopped refreshing.  When  attempt to force an update now, the system log reports the following error:

                                                                php: /pkg_edit.php: The command '/usr/local/bin/sarg -d date +%d/%m/%Y-date +%d/%m/%Y' returned exit code '1', the output was 'SARG: (util) Cannot open file /etc/sarg/exclude_codes (exclude_codes)'

                                                                1 Reply Last reply Reply Quote 0
                                                                • marcellocM
                                                                  marcelloc
                                                                  last edited by Sep 20, 2012, 2:27 PM

                                                                  Reinstall the package, save sarg config on gui and try again.

                                                                  Treinamentos de Elite: http://sys-squad.com

                                                                  Help a community developer! ;D

                                                                  1 Reply Last reply Reply Quote 0
                                                                  • M
                                                                    miles267
                                                                    last edited by Sep 20, 2012, 2:48 PM

                                                                    @marcelloc:

                                                                    Reinstall the package, save sarg config on gui and try again.

                                                                    unfortunately that didn't correct the issue.  tried 2X.  however, I did go into my schedule and for this task:

                                                                    Rotate Logs and Restart Daemon
                                                                    -d date +%d/%m/%Y-date +%d/%m/%Y

                                                                    I checked the 'Enable Compression'
                                                                    Setting: Default gzip compression (recommended)

                                                                    Then SAVED and FORCEd UPDATE NOW.  It then appeared to refresh my VIEW REPORT data.  Though it left a gap between 9/18 and 9/20 (no entry listed for 9/19).  I will monitor to see whether 9/21 data appears automatically tomorrow without any manual intervention.

                                                                    1 Reply Last reply Reply Quote 0
                                                                    • marcellocM
                                                                      marcelloc
                                                                      last edited by Sep 20, 2012, 3:11 PM

                                                                      using sarg -x  exclude_codes path is  "/usr/local/etc/sarg/exclude_codes" instead of  "/etc/sarg/exclude_codes".

                                                                      That's what resintall package/save config do.

                                                                      The gzip option reduces 4 times reports disk usage.

                                                                      Treinamentos de Elite: http://sys-squad.com

                                                                      Help a community developer! ;D

                                                                      1 Reply Last reply Reply Quote 0
                                                                      • M
                                                                        miles267
                                                                        last edited by Sep 20, 2012, 3:22 PM

                                                                        @marcelloc:

                                                                        using sarg -x  exclude_codes path is  "/usr/local/etc/sarg/exclude_codes" instead of  "/etc/sarg/exclude_codes".

                                                                        That's what resintall package/save config do.

                                                                        OK.  I am a bit confused.  So when I uninstalled and reinstalled the Sarg package to update to the latest version, it moved the exclude_codes path

                                                                        FROM: "/usr/local/etc/sarg/exclude_codes"
                                                                        TO: "/etc/sarg/exclude_codes"

                                                                        Do I need to add the argument 'sarg -x' somewhere?  Also my EXCLUDE CODES dialog box on the Sarg GENERAL tab is empty.

                                                                        Thanks again.

                                                                        1 Reply Last reply Reply Quote 0
                                                                        • marcellocM
                                                                          marcelloc
                                                                          last edited by Sep 20, 2012, 3:28 PM

                                                                          No need to change config files or dirs. Just check the sarg -x output.

                                                                          On my tests, after reinstall/save config file is correct and sarg ir running fine.

                                                                          SARG: Init
                                                                          SARG: Loading configuration from /usr/local/etc/sarg/sarg.conf
                                                                          SARG: Loading exclude host file from: /usr/local/etc/sarg/exclude_hosts.conf
                                                                          SARG: Loading exclude file from: /usr/local/etc/sarg/exclude_users.conf
                                                                          SARG: Reading host alias file "/usr/local/etc/sarg/hostalias"
                                                                          SARG: List of host names to alias:
                                                                          SARG: Parameters:
                                                                          SARG:           Hostname or IP address (-a) =
                                                                          SARG:                    Useragent log (-b) =
                                                                          SARG:                     Exclude file (-c) = /usr/local/etc/sarg/exclude_hosts.conf
                                                                          SARG:                  Date from-until (-d) =
                                                                          SARG:    Email address to send reports (-e) =
                                                                          SARG:                      Config file (-f) = /usr/local/etc/sarg/sarg.conf
                                                                          SARG:                      Date format (-g) = USA (mm/dd/yyyy)
                                                                          SARG:                        IP report (-i) = No
                                                                          SARG:                        Input log (-l) = /var/squid/logs/access.log
                                                                          SARG:               Resolve IP Address (-n) = No
                                                                          SARG:                       Output dir (-o) = /usr/local/sarg-reports/
                                                                          SARG: Use Ip Address instead of userid (-p) = No
                                                                          SARG:                    Accessed site (-s) =
                                                                          SARG:                             Time (-t) =
                                                                          SARG:                             User (-u) =
                                                                          SARG:                    Temporary dir (-w) = /tmp/sarg
                                                                          SARG:                   Debug messages (-x) = Yes
                                                                          SARG:                 Process messages (-z) = No
                                                                          SARG:  Previous reports to keep (--lastlog) = 0
                                                                          SARG:
                                                                          SARG: sarg version: 2.3.2 Nov-23-2011
                                                                          SARG: Reading access log file: /var/squid/logs/access.log
                                                                          SARG: Records in file: 3298, reading: 100.00%
                                                                          SARG:    Records read: 3298, written: 3297, excluded: 0
                                                                          SARG: Squid log format
                                                                          SARG: Period: 2012 Apr 03-2012 Sep 14
                                                                          SARG: pre-sorting files
                                                                          SARG: Making file: /tmp/sarg/164_XXXXXX
                                                                          SARG: Making file: /tmp/sarg/127_0_0_1
                                                                          SARG: Making file: /tmp/sarg/164_XXXXX
                                                                          SARG: Making file: /tmp/sarg/teste1
                                                                          SARG: Sorting file: /tmp/sarg/164_XXXXX.utmp
                                                                          SARG: Making report: 164.XXXXX
                                                                          SARG: Sorting file: /tmp/sarg/127_0_0_1.utmp
                                                                          SARG: Making report: 127.0.0.1
                                                                          SARG: Sorting file: /tmp/sarg/164_XXXXX.utmp
                                                                          SARG: Making report: 164.XXXXX
                                                                          SARG: Sorting file: /tmp/sarg/teste1.utmp
                                                                          SARG: Making report: teste1
                                                                          SARG: Making index.html
                                                                          SARG: Successful report generated on /usr/local/sarg-reports/2012Apr03-2012Sep14
                                                                          SARG: Purging temporary file sarg-general
                                                                          SARG: End
                                                                          
                                                                          

                                                                          Treinamentos de Elite: http://sys-squad.com

                                                                          Help a community developer! ;D

                                                                          1 Reply Last reply Reply Quote 0
                                                                          • M
                                                                            miles267
                                                                            last edited by Sep 20, 2012, 3:59 PM

                                                                            Thank you.  Sarg -x from a shell command prompt complete successfully (no errors) similar to result you posted from your log.  If my Sarg doesn't update on it's own on 9/21 (without a forced update), I'll advise.

                                                                            1 Reply Last reply Reply Quote 0
                                                                            • marcellocM
                                                                              marcelloc
                                                                              last edited by Sep 24, 2012, 9:20 PM

                                                                              @namek:

                                                                              Hello, Is it possible to change the unit from bytes to something higher? like KB or MB?

                                                                              Sure. :)

                                                                              Just select Show values in reports using abbreviation on sarg general tab.

                                                                              Treinamentos de Elite: http://sys-squad.com

                                                                              Help a community developer! ;D

                                                                              1 Reply Last reply Reply Quote 0
                                                                              • I
                                                                                ilium007
                                                                                last edited by Sep 26, 2012, 9:28 AM

                                                                                I can;t seem to see any option to restrict access to SARG reports. I can't have direct user access to these ports. I know this was supposed to be fixed in 0.6 but I am running the latest and direct access still works. How can we disable / password protect this ? Cheers.

                                                                                1 Reply Last reply Reply Quote 0
                                                                                • marcellocM
                                                                                  marcelloc
                                                                                  last edited by Sep 26, 2012, 2:46 PM

                                                                                  sarg create reports on /usr/local/sarg-reports, check if you still have both dirs.

                                                                                  Treinamentos de Elite: http://sys-squad.com

                                                                                  Help a community developer! ;D

                                                                                  1 Reply Last reply Reply Quote 0
                                                                                  230 out of 467
                                                                                  • First post
                                                                                    Last post
                                                                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.

                                                                                  Looks like your connection to Netgate Forum was lost, please wait while we try to reconnect.