Sarg package for pfsense
-
Cool - I will check tonight but even if I have both, how do I prevent reports being made into the publicly accessible directory. I don't want anyone able to access those reports.
-
Just move old reports to current sarg dir.
-
Still having issues here !
The sarg-reports folder is in /usr/local (as shown below) but I log out of the pfsense console and then go to the URL:
http://pfsense.harland/sarg_frame.php?prevent=900651242816820700?
and can still see the reports with no authentication. What am doing wrong !!
[2.0.1-RELEASE][admin@pfSense.harland]/usr/local(35): ls -la total 54 drwxr-xr-x 16 root wheel 512 Sep 28 00:27 . drwxr-xr-x 11 root wheel 512 Mar 11 2012 .. drwxr-xr-x 2 root wheel 4608 Sep 28 00:26 bin drwxr-xr-x 2 root wheel 512 Mar 11 2012 captiveportal drwxr-xr-x 18 root wheel 512 Sep 28 00:24 etc drwxr-xr-x 27 root wheel 1536 Sep 28 00:26 include drwxr-xr-x 2 root wheel 512 Sep 26 16:43 info drwxr-xr-x 16 root wheel 12288 Sep 28 00:26 lib drwxr-xr-x 5 root wheel 512 Sep 28 00:24 libdata drwxr-xr-x 5 root wheel 512 Sep 26 20:31 libexec drwxr-xr-x 28 root wheel 512 Dec 13 2011 man drwxr-xr-x 6 root wheel 2560 Sep 28 00:26 pkg drwxr-xr-x 4 root wheel 512 Sep 28 00:27 sarg-reports drwxr-xr-x 2 root wheel 1536 Sep 28 00:24 sbin drwxr-xr-x 38 root wheel 1024 Sep 26 22:18 share drwxr-xr-x 20 root wheel 8192 Sep 28 00:27 www [2.0.1-RELEASE][admin@pfSense.harland]/usr/local(36): ls -la ./www/sarg* -rwxr-xr-x 1 root wheel 2152 Sep 28 00:26 ./www/sarg.php -rwxr-xr-x 1 root wheel 4308 Sep 28 00:26 ./www/sarg_about.php -rwxr-xr-x 1 root wheel 3120 Sep 28 00:26 ./www/sarg_frame.php -rwxr-xr-x 1 root wheel 9739 Sep 28 00:26 ./www/sarg_realtime.php -rwxr-xr-x 1 root wheel 3314 Sep 28 00:26 ./www/sarg_reports.php -rwxr-xr-x 1 root wheel 16917 Sep 28 00:26 ./www/sarg_sorttable.js ./www/sarg-images: total 26 drwxr-xr-x 3 root wheel 512 Sep 28 00:27 . drwxr-xr-x 20 root wheel 8192 Sep 28 00:27 .. -rw-r--r-- 1 root wheel 199 Sep 28 00:27 datetime.png -rw-r--r-- 1 root wheel 95 Sep 28 00:27 graph.png -rw-r--r-- 1 root wheel 291 Sep 28 00:27 sarg-squidguard-block.png -rw-r--r-- 1 root wheel 7153 Sep 28 00:27 sarg.png drwxr-xr-x 2 root wheel 512 Sep 28 00:27 temp [2.0.1-RELEASE][admin@pfSense.harland]/usr/local(37):
-
http://pfsense.harland/sarg_frame.php?prevent=900651242816820700?
and can still see the reports with no authentication. What am doing wrong !!
Now I got what you were accessing.
I'm checking sarg_frame.php code.
-
Glad I am not going mad !!
-
Reinstall the package in 15 minutes and check if it's ok now.
Thanks for the feedback! :)
-
Will do !! Thanks !
-
I had follow this package and read this thread, I had try sarg and works, but I have seen that cron run 2 jobs in my system.
I setup squid without any log rotate, but I see that my system rotate my logs twice.
Sep 29 23:00:02 gw php: : Sarg: force refresh now with args, compress() and rotate action after sarg finish.
Sep 29 23:00:17 gw php: : executing squid log rotate after sarg.
Sep 30 00:00:01 gw php: : Sarg: force refresh now with args, compress() and rotate action after sarg finish.
Sep 30 00:00:17 gw php: : executing squid log rotate after sarg.I setup sarg to rotate at 23h, I have this on cron:
0 * * * * root /usr/bin/nice -n20 newsyslog
1,31 0-5 * * * root /usr/bin/nice -n20 adjkerntz -a
1 3 1 * * root /usr/bin/nice -n20 /etc/rc.update_bogons.sh
*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout
1 1 * * * root /usr/bin/nice -n20 /etc/rc.dyndns.update
*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot
30 12 * * * root /usr/bin/nice -n20 /etc/rc.update_urltables
0 0 * * * root /bin/rm /var/squid/cache/swap.state; /usr/local/sbin/squid -k rotate
*/15 * * * * root /usr/local/pkg/swapstate_check.php
0 */23 * * * root /usr/local/bin/php /usr/local/www/sarg.php 0Why it run at 00:00?
sarg-2.3.2_2 Squid log analyzer and HTML report generator
squid-2.7.9_1 HTTP Caching ProxyAny tip will be appreciate, thanks!!!
-
Hi,
The daily report works great.
But what are the arguments for a weekly and a monthly report.Tom
-
But what are the arguments for a weekly and a monthly report.
google search could help a lot ;).
I've found this on http://lists.freebsd.org/pipermail/freebsd-ports/2005-November/027512.html
TODAY=$(date +%d/%m/%Y)
YESTERDAY=$(date -v-1d +%d/%m/%Y)
WEEKAGO=$(date -v-1w -v-1d +%d/%m/%Y)
MONTHAGO=$(date -v-1m -v-1d +%d/%m/%Y)
YEARAGO=$(date -v-1y -v-1d +%d/%m/%Y) -
google search could help a lot ;).
I've found this on http://lists.freebsd.org/pipermail/freebsd-ports/2005-November/027512.html
TODAY=$(date +%d/%m/%Y)
YESTERDAY=$(date -v-1d +%d/%m/%Y)
WEEKAGO=$(date -v-1w -v-1d +%d/%m/%Y)
MONTHAGO=$(date -v-1m -v-1d +%d/%m/%Y)
YEARAGO=$(date -v-1y -v-1d +%d/%m/%Y)Hi Marcelloc
This page I had already found. But somehow it did not work.
But I get no errors.Tom
-
Are you rotating the squid log?
-
Yes. Every 60 days.
-
-
hi guys, i've been reading this thread. I just installed Sarg today.
I'm using Squid Transparent with SquidGuard. Just standard config, with log turned on (log rotate also).
I can view Realtime just fine, but I can't seem to generate a report when I try forcing a sched with the following args:
-d
date +%d/%m/%Y
-date +%d/%m/%Y
I just get this:
Error: Could not find report index file.
Check and save sarg settings and try to force sarg schedule.Should I do anything special config to make it work?
-
Should I do anything special config to make it work?
yes, check all sarg config options, reports to generate and create a schedule to run.
Default sarg options has (yes) after it's description. Select all to create a default config.
-
Should I do anything special config to make it work?
yes, check all sarg config options, reports to generate and create a schedule to run.
Default sarg options has (yes) after it's description. Select all to create a default config.
Thank you. I had to simply select (ctrl+click to highlight) the config options then click save. I got confused because I thought they're already enabled since they already have a (yes) on them.
-
I have Sarg running on multiple pfsense boxes. One of my boxes has about 100 users behind it and the report will only work for about the first 4 hours after I wipe out the squid logs. After that I am guessing the squid log gets too big and the sarg report will no longer work.
I am using the -d arguments and I have tried limiting the number of users.
Any suggestions on how I can get sarg to accept a larger log file?
-
Any suggestions on how I can get sarg to accept a larger log file?
I have large files working fine.
try to run sarg on console to check what it returns.
-
Any suggestions on how I can get sarg to accept a larger log file?
I have large files working fine.
try to run sarg on console to check what it returns.
Seems to be working fine now. I just need to figure out my schedule because, like others my report is pretty empty at 00:00. I need to figure out Cron now.
I have highlighted what I am questioning. Is this rotating my squid logs even after I have set them not to rotate?
![cron sarg.PNG](/public/imported_attachments/1/cron sarg.PNG)
![cron sarg.PNG_thumb](/public/imported_attachments/1/cron sarg.PNG_thumb)