Sarg package for pfsense
-
Reinstall the package, save sarg config on gui and try again.
unfortunately that didn't correct the issue. tried 2X. however, I did go into my schedule and for this task:
Rotate Logs and Restart Daemon
-ddate +%d/%m/%Y
-date +%d/%m/%Y
I checked the 'Enable Compression'
Setting: Default gzip compression (recommended)Then SAVED and FORCEd UPDATE NOW. It then appeared to refresh my VIEW REPORT data. Though it left a gap between 9/18 and 9/20 (no entry listed for 9/19). I will monitor to see whether 9/21 data appears automatically tomorrow without any manual intervention.
-
using sarg -x exclude_codes path is "/usr/local/etc/sarg/exclude_codes" instead of "/etc/sarg/exclude_codes".
That's what resintall package/save config do.
The gzip option reduces 4 times reports disk usage.
-
using sarg -x exclude_codes path is "/usr/local/etc/sarg/exclude_codes" instead of "/etc/sarg/exclude_codes".
That's what resintall package/save config do.
OK. I am a bit confused. So when I uninstalled and reinstalled the Sarg package to update to the latest version, it moved the exclude_codes path
FROM: "/usr/local/etc/sarg/exclude_codes"
TO: "/etc/sarg/exclude_codes"Do I need to add the argument 'sarg -x' somewhere? Also my EXCLUDE CODES dialog box on the Sarg GENERAL tab is empty.
Thanks again.
-
No need to change config files or dirs. Just check the sarg -x output.
On my tests, after reinstall/save config file is correct and sarg ir running fine.
SARG: Init SARG: Loading configuration from /usr/local/etc/sarg/sarg.conf SARG: Loading exclude host file from: /usr/local/etc/sarg/exclude_hosts.conf SARG: Loading exclude file from: /usr/local/etc/sarg/exclude_users.conf SARG: Reading host alias file "/usr/local/etc/sarg/hostalias" SARG: List of host names to alias: SARG: Parameters: SARG: Hostname or IP address (-a) = SARG: Useragent log (-b) = SARG: Exclude file (-c) = /usr/local/etc/sarg/exclude_hosts.conf SARG: Date from-until (-d) = SARG: Email address to send reports (-e) = SARG: Config file (-f) = /usr/local/etc/sarg/sarg.conf SARG: Date format (-g) = USA (mm/dd/yyyy) SARG: IP report (-i) = No SARG: Input log (-l) = /var/squid/logs/access.log SARG: Resolve IP Address (-n) = No SARG: Output dir (-o) = /usr/local/sarg-reports/ SARG: Use Ip Address instead of userid (-p) = No SARG: Accessed site (-s) = SARG: Time (-t) = SARG: User (-u) = SARG: Temporary dir (-w) = /tmp/sarg SARG: Debug messages (-x) = Yes SARG: Process messages (-z) = No SARG: Previous reports to keep (--lastlog) = 0 SARG: SARG: sarg version: 2.3.2 Nov-23-2011 SARG: Reading access log file: /var/squid/logs/access.log SARG: Records in file: 3298, reading: 100.00% SARG: Records read: 3298, written: 3297, excluded: 0 SARG: Squid log format SARG: Period: 2012 Apr 03-2012 Sep 14 SARG: pre-sorting files SARG: Making file: /tmp/sarg/164_XXXXXX SARG: Making file: /tmp/sarg/127_0_0_1 SARG: Making file: /tmp/sarg/164_XXXXX SARG: Making file: /tmp/sarg/teste1 SARG: Sorting file: /tmp/sarg/164_XXXXX.utmp SARG: Making report: 164.XXXXX SARG: Sorting file: /tmp/sarg/127_0_0_1.utmp SARG: Making report: 127.0.0.1 SARG: Sorting file: /tmp/sarg/164_XXXXX.utmp SARG: Making report: 164.XXXXX SARG: Sorting file: /tmp/sarg/teste1.utmp SARG: Making report: teste1 SARG: Making index.html SARG: Successful report generated on /usr/local/sarg-reports/2012Apr03-2012Sep14 SARG: Purging temporary file sarg-general SARG: End
-
Thank you. Sarg -x from a shell command prompt complete successfully (no errors) similar to result you posted from your log. If my Sarg doesn't update on it's own on 9/21 (without a forced update), I'll advise.
-
@namek:
Hello, Is it possible to change the unit from bytes to something higher? like KB or MB?
Sure. :)
Just select Show values in reports using abbreviation on sarg general tab.
-
I can;t seem to see any option to restrict access to SARG reports. I can't have direct user access to these ports. I know this was supposed to be fixed in 0.6 but I am running the latest and direct access still works. How can we disable / password protect this ? Cheers.
-
sarg create reports on /usr/local/sarg-reports, check if you still have both dirs.
-
Hi - the reports all work, that's not the issue. My problem is that you can access them with a direct URL with no authentication. Is there anyway to resolve this ? Cheers
-
Reports on /usar/local/www/sarg-reports are visible to everyone.
Since version 0.5 reports are saved on /usr/local/sarg-reports out of www http server.
Check what dirs you have and where new reports are being saved.
Also, enabling report compress, it will not be visible without php script that reads it.
-
Cool - I will check tonight but even if I have both, how do I prevent reports being made into the publicly accessible directory. I don't want anyone able to access those reports.
-
Just move old reports to current sarg dir.
-
Still having issues here !
The sarg-reports folder is in /usr/local (as shown below) but I log out of the pfsense console and then go to the URL:
http://pfsense.harland/sarg_frame.php?prevent=900651242816820700?
and can still see the reports with no authentication. What am doing wrong !!
[2.0.1-RELEASE][admin@pfSense.harland]/usr/local(35): ls -la total 54 drwxr-xr-x 16 root wheel 512 Sep 28 00:27 . drwxr-xr-x 11 root wheel 512 Mar 11 2012 .. drwxr-xr-x 2 root wheel 4608 Sep 28 00:26 bin drwxr-xr-x 2 root wheel 512 Mar 11 2012 captiveportal drwxr-xr-x 18 root wheel 512 Sep 28 00:24 etc drwxr-xr-x 27 root wheel 1536 Sep 28 00:26 include drwxr-xr-x 2 root wheel 512 Sep 26 16:43 info drwxr-xr-x 16 root wheel 12288 Sep 28 00:26 lib drwxr-xr-x 5 root wheel 512 Sep 28 00:24 libdata drwxr-xr-x 5 root wheel 512 Sep 26 20:31 libexec drwxr-xr-x 28 root wheel 512 Dec 13 2011 man drwxr-xr-x 6 root wheel 2560 Sep 28 00:26 pkg drwxr-xr-x 4 root wheel 512 Sep 28 00:27 sarg-reports drwxr-xr-x 2 root wheel 1536 Sep 28 00:24 sbin drwxr-xr-x 38 root wheel 1024 Sep 26 22:18 share drwxr-xr-x 20 root wheel 8192 Sep 28 00:27 www [2.0.1-RELEASE][admin@pfSense.harland]/usr/local(36): ls -la ./www/sarg* -rwxr-xr-x 1 root wheel 2152 Sep 28 00:26 ./www/sarg.php -rwxr-xr-x 1 root wheel 4308 Sep 28 00:26 ./www/sarg_about.php -rwxr-xr-x 1 root wheel 3120 Sep 28 00:26 ./www/sarg_frame.php -rwxr-xr-x 1 root wheel 9739 Sep 28 00:26 ./www/sarg_realtime.php -rwxr-xr-x 1 root wheel 3314 Sep 28 00:26 ./www/sarg_reports.php -rwxr-xr-x 1 root wheel 16917 Sep 28 00:26 ./www/sarg_sorttable.js ./www/sarg-images: total 26 drwxr-xr-x 3 root wheel 512 Sep 28 00:27 . drwxr-xr-x 20 root wheel 8192 Sep 28 00:27 .. -rw-r--r-- 1 root wheel 199 Sep 28 00:27 datetime.png -rw-r--r-- 1 root wheel 95 Sep 28 00:27 graph.png -rw-r--r-- 1 root wheel 291 Sep 28 00:27 sarg-squidguard-block.png -rw-r--r-- 1 root wheel 7153 Sep 28 00:27 sarg.png drwxr-xr-x 2 root wheel 512 Sep 28 00:27 temp [2.0.1-RELEASE][admin@pfSense.harland]/usr/local(37):
-
http://pfsense.harland/sarg_frame.php?prevent=900651242816820700?
and can still see the reports with no authentication. What am doing wrong !!
Now I got what you were accessing.
I'm checking sarg_frame.php code.
-
Glad I am not going mad !!
-
Reinstall the package in 15 minutes and check if it's ok now.
Thanks for the feedback! :)
-
Will do !! Thanks !
-
I had follow this package and read this thread, I had try sarg and works, but I have seen that cron run 2 jobs in my system.
I setup squid without any log rotate, but I see that my system rotate my logs twice.
Sep 29 23:00:02 gw php: : Sarg: force refresh now with args, compress() and rotate action after sarg finish.
Sep 29 23:00:17 gw php: : executing squid log rotate after sarg.
Sep 30 00:00:01 gw php: : Sarg: force refresh now with args, compress() and rotate action after sarg finish.
Sep 30 00:00:17 gw php: : executing squid log rotate after sarg.I setup sarg to rotate at 23h, I have this on cron:
0 * * * * root /usr/bin/nice -n20 newsyslog
1,31 0-5 * * * root /usr/bin/nice -n20 adjkerntz -a
1 3 1 * * root /usr/bin/nice -n20 /etc/rc.update_bogons.sh
*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout
1 1 * * * root /usr/bin/nice -n20 /etc/rc.dyndns.update
*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot
30 12 * * * root /usr/bin/nice -n20 /etc/rc.update_urltables
0 0 * * * root /bin/rm /var/squid/cache/swap.state; /usr/local/sbin/squid -k rotate
*/15 * * * * root /usr/local/pkg/swapstate_check.php
0 */23 * * * root /usr/local/bin/php /usr/local/www/sarg.php 0Why it run at 00:00?
sarg-2.3.2_2 Squid log analyzer and HTML report generator
squid-2.7.9_1 HTTP Caching ProxyAny tip will be appreciate, thanks!!!
-
Hi,
The daily report works great.
But what are the arguments for a weekly and a monthly report.Tom
-
But what are the arguments for a weekly and a monthly report.
google search could help a lot ;).
I've found this on http://lists.freebsd.org/pipermail/freebsd-ports/2005-November/027512.html
TODAY=$(date +%d/%m/%Y)
YESTERDAY=$(date -v-1d +%d/%m/%Y)
WEEKAGO=$(date -v-1w -v-1d +%d/%m/%Y)
MONTHAGO=$(date -v-1m -v-1d +%d/%m/%Y)
YEARAGO=$(date -v-1y -v-1d +%d/%m/%Y)