Sarg package for pfsense
-
$ export LC_ALL=C && sarg SARG: Records in file: 0, reading: 0.00% SARG: No records found SARG: End SARG: Records in file: 0, reading: 100.00%
$ sarg -x SARG: Cannot set the locale LC_ALL to the environment variable
-
looks like you have no logs on squid file
sarg -x also need the export LC_ALL=C &&
-
looks like you have no logs on squid file
sarg -x also need the export LC_ALL=C &&
Not entirely following you by this suggestion. But I think you are wanting the output of this from?
sarg -x export LC_ALL=C &&If so, the output just shows the same command entered (this is from the GUI). No error messages or anything else.
In looking at the log files in /var/squid/log, I noticed that all of the access.log files are EMPTY (0 byte files). The cache logs look normal though. Also, all the dates on the log files in that dir are current from the last few days.
I'm not sure how to proceed next though to troubleshoot this. Seems to me that this may be the issue (or at least part of it). Why are the access log files not accumulating data?[EDIT] Might be on to something. I forced an update in a schedule and then noticed that the .0 access log is accumulating. The View Report tab also now no longer gives me the error about the index file.
So what I've done for a test is to disable the log rotation in the report settings. Log rotation is already set for 30 days in the Squid setup.Still seeing " Cannot set the locale LC_ALL to the environment variable" when I try to run sarg -x though.
Something else that might be helpful from my system.
# LC_ALL=C sarg -x SARG: Init SARG: Loading configuration from /usr/local/etc/sarg/sarg.conf SARG: Chaining IP resolving module "dns" SARG: Loading exclude host file from: /usr/pbi/sarg-i386/etc/sarg/exclude_hosts.conf SARG: Loading exclude file from: /usr/pbi/sarg-i386/etc/sarg/exclude_users.conf SARG: Reading host alias file "/usr/pbi/sarg-i386/etc/sarg/hostalias" SARG: List of host names to alias: SARG: Parameters: SARG: Hostname or IP address (-a) = SARG: Useragent log (-b) = SARG: Exclude file (-c) = /usr/pbi/sarg-i386/etc/sarg/exclude_hosts.conf SARG: Date from-until (-d) = SARG: Email address to send reports (-e) = SARG: Config file (-f) = /usr/local/etc/sarg/sarg.conf SARG: Date format (-g) = Sites & Users (yyyy/ww) SARG: IP report (-i) = No SARG: Keep temporary files (-k) = No SARG: Input log (-l) = /var/squid/logs/access.log SARG: Resolve IP Address (-n) = Yes SARG: Output dir (-o) = /usr/local/sarg-reports/ SARG: Use Ip Address instead of userid (-p) = Yes SARG: Accessed site (-s) = SARG: Time (-t) = SARG: User (-u) = SARG: Temporary dir (-w) = /tmp/sarg SARG: Debug messages (-x) = Yes SARG: Process messages (-z) = No SARG: Previous reports to keep (--lastlog) = 0 SARG: SARG: sarg version: 2.3.9 Sep-21-2014 SARG: Loading User table: /usr/pbi/sarg-i386/etc/sarg/usertab.conf SARG: Reading access log file: /var/squid/logs/access.log SARG: Records in file: 174, reading: 100.00% SARG: Records read: 174, written: 174, excluded: 0 SARG: Squid log format SARG: Period: 2015.05 SARG: Sorting log /tmp/sarg/0.user_unsort SARG: Sorting log /tmp/sarg/1.user_unsort SARG: Sorting log /tmp/sarg/2.user_unsort SARG: (repday) Cannot open log file /usr/local/sarg-reports/2015.05/0/d0.html
Regarding that very last line of output, here's what in the 2015.05 directory:
# ls -la /usr/local/sarg-reports/2015.05 total 18 drwxr-xr-x 2 root wheel 512 Feb 4 11:54 . drwxr-xr-x 5 root wheel 512 Feb 4 11:54 .. -rw-r--r-- 1 root wheel 4437 Feb 4 11:54 index.html -rw-r--r-- 1 root wheel 22 Feb 4 11:54 sarg-date -rw-r--r-- 1 root wheel 1398 Feb 4 11:54 sarg-general -rw-r--r-- 1 root wheel 2 Feb 4 11:54 sarg-users -rw-r--r-- 1 root wheel 116 Feb 4 11:54 top
So it's correct in that there's no "0" directory in which to find the d0.html file it's looking for.
A system wide search for this file DOES show that a copy exist here though.
/usr/pbi/sarg-i386/local/sarg-reports/2015.01.1/0/d0.htmlAnd lastly, the Realtime logging appears to be working correctly.
-
Not entirely following you by this suggestion. But I think you are wanting the output of this from?
sarg -x export LC_ALL=C &&export LC_ALL=C && sarg -x
-
Not entirely following you by this suggestion. But I think you are wanting the output of this from?
sarg -x export LC_ALL=C &&export LC_ALL=C && sarg -x
Here we go:
$ export LC_ALL=C && sarg -x SARG: Init SARG: Loading configuration from /usr/local/etc/sarg/sarg.conf SARG: Chaining IP resolving module "dns" SARG: Loading exclude host file from: /usr/pbi/sarg-i386/etc/sarg/exclude_hosts.conf SARG: Loading exclude file from: /usr/pbi/sarg-i386/etc/sarg/exclude_users.conf SARG: Reading host alias file "/usr/pbi/sarg-i386/etc/sarg/hostalias" SARG: List of host names to alias: SARG: Deleting temporary directory "/tmp/sarg" SARG: Parameters: SARG: Hostname or IP address (-a) = SARG: Useragent log (-b) = SARG: Exclude file (-c) = /usr/pbi/sarg-i386/etc/sarg/exclude_hosts.conf SARG: Date from-until (-d) = SARG: Email address to send reports (-e) = SARG: Config file (-f) = /usr/local/etc/sarg/sarg.conf SARG: Date format (-g) = USA (mm/dd/yyyy) SARG: IP report (-i) = No SARG: Keep temporary files (-k) = No SARG: Input log (-l) = /var/squid/logs/access.log SARG: Resolve IP Address (-n) = Yes SARG: Output dir (-o) = /usr/local/sarg-reports/ SARG: Use Ip Address instead of userid (-p) = Yes SARG: Accessed site (-s) = SARG: Time (-t) = SARG: User (-u) = SARG: Temporary dir (-w) = /tmp/sarg SARG: Debug messages (-x) = Yes SARG: Process messages (-z) = No SARG: Previous reports to keep (--lastlog) = 0 SARG: SARG: sarg version: 2.3.9 Sep-21-2014 SARG: Loading User table: /usr/pbi/sarg-i386/etc/sarg/usertab.conf SARG: Reading access log file: /var/squid/logs/access.log SARG: Records in file: 1042, reading: 0.00% SARG: Records read: 1042, written: 1042, excluded: 0 SARG: Squid log format SARG: Period: 2015 Feb 04 SARG: File /usr/local/sarg-reports/2015Feb04-2015Feb04 already exists, moved to /usr/local/sarg-reports/2015Feb04-2015Feb04.2 SARG: Sorting log /tmp/sarg/0.user_unsort SARG: Making file: /tmp/sarg/0 SARG: Sorting log /tmp/sarg/1.user_unsort SARG: Making file: /tmp/sarg/1 SARG: Sorting log /tmp/sarg/2.user_unsort SARG: Making file: /tmp/sarg/2 SARG: Sorting log /tmp/sarg/3.user_unsort SARG: Making file: /tmp/sarg/3 SARG: Sorting log /tmp/sarg/4.user_unsort SARG: Making file: /tmp/sarg/4 SARG: Sorting log /tmp/sarg/5.user_unsort SARG: Making file: /tmp/sarg/5 SARG: Sorting log /tmp/sarg/6.user_unsort SARG: Making file: /tmp/sarg/6 SARG: (repday) Cannot open log file /usr/local/sarg-reports/2015Feb04-2015Feb04/5/d5.html SARG: Records in file: 1042, reading: 100.00%
-
OK, making progress. Sarg seems to be one of the more fragile packages. If you happen to select the wrong report options or report to generate, it won't work. Here is what I use and it seems to work OK:
-
KOM: That's pretty odd that something like the chosen report selection is causing this…but that was issue! :o
Is this a bug or is this something that is out of Sarg's control?BTW: Thank you both, KOM and marcelloc!!
-
Is this a bug or is this something that is out of Sarg's control?
Probably a bug in the pfSense Sarg package. Sarg is currently at 2.3.9 while the pfSense package is 2.3.6 so it's 1.5 years older, and as far as I know it's always acted funky like that. Pick the wrong report and the whole thing falls over.
Glad to hear you got it working.
-
looks like its using 2.3.9 on 2.2
https://github.com/pfsense/pfsense-packages/blob/master/pkg_config.10.xml
<depends_on_package_pbi>sarg-2.3.9-##ARCH##.pbi</depends_on_package_pbi>
I haven't downloaded the package myself yet on 2.2
-
I must have been looking at my 2.1.5 box.
-
The only manual fix I had to do on my 2.2 labs was the manual symlink to fix pbi mess.
-
@KOM:
OK, making progress. Sarg seems to be one of the more fragile packages. If you happen to select the wrong report options or report to generate, it won't work. Here is what I use and it seems to work OK:
Hi, I can't get Sarg to produce any report, not even with these settings. Any idea ?
Realtime works fine thoughtI got one Report in the list, which is broken, from last year when I tried it once. How can I delete this report and strat over new ?
-
@Satras:
I got one Report in the list, which is broken, from last year when I tried it once. How can I delete this report and strat over new ?
Did you tried to remove old reports via console/ssh ?
-
I've been digging sarg codes these past days. I tried hacking the template which overrides any changes on the sarg.conf file. I hope we can point the directory of squid rather than have it fixed directory
-
@tux:
rather than have it fixed directory
Do you mean /usr/local/sarg-reports ?
Sarg package needs this to "jail" report access permissions on pfsense gui.
-
No, I mean the sarg.template file. Since whenever there is a change in the config(on the webconfig) it is overridden by the template. So I changed the access log path. Then I also tried creating a folder on a separate drive and symlinked to the default sarg-reports folder but it was a fail. Hope we can configure the path of the access log and same for where to store sarg reports.
-
Hi marcelloc,
i figured out that my sarg dont rotate access.log file. I got a 21GB logfile and wonder why my reports takes so long ;D.
Log: php: /pkg_edit.php: Sarg: force refresh now with -d
date +%d/%m/%Y
args, compress(on) and rotate action after sarg finish.But i saw only cache.log seams to be rotated.
If i use the rotation settings on proxy server tab it works…..but then i have no sarg reports over long period ()eg. 30 days).
Versions:
PfSense 2.1.5 (i386)
squid3 3.1.20 pkg 2.1.2
squidguard 1.4_4 pkg v.1.9.6
havp 0.91_1 pkg v1.05
sarg 2.3.6_2 pkg v.0.6.3
Lightsquid 1.8.2 pkg v.2.33thanks
PS: maybe lightsquid prevent sarg from rotating...so i temporary disabled automatic reports in lightsquid.
-
thanks for the feedback, I'll take a look on rotate call done by sarg.
what pfsense version are you using?
-
hi,
what pfsense version are you using?
PfSense 2.1.5 (i386)
-
Hi I am new to pfsense and i was able to figure out IP sec vpn but i can not get the reports to work nor can I get the realtime to show any dans names.
Can any one help me?
I am running the latest version of pfsense. -
Hi I am new to pfsense and i was able to figure out IP sec vpn but i can not get the reports to work nor can I get the realtime to show any dans names.
Can any one help me?
I am running the latest version of pfsense.Maybe you forgot to enable logging on squid settings.
-
Hi,
My goal with Sarg is to create Squid's daily reports. I have logging and logging rotation both enabled on Squid. My question is why Sarg doesn't show any reports for the previous day (with -d
date -v-1d +%d/%m/%Y
extra args) even though I definitely have yesterday's reports in /var/squid/logs. Is it because of Squid's own logging rotation feature? Do I need to turn it off? Or is it because of 60 minutes restriction on "Find Limit" option? I'm asking this because Sarg easily creates daily reports with -ddate +%d/%m/%Y
extra args.I'm using pfSense 2.2-RELEASE (amd64) with Sarg package 2.3.9 pkg v.0.6.4. Enabled Sarg report options are: 1, 5-10, 13-16.
Thank you!
-
I had a look in the sarg.conf file when I was looking for somthing other and I found that the configuration there only points to the actual access.log file.
access_log /var/log/squid/access.log
So I assume when squid rotates your logs then sarg cannot analyze the logs form access.log.1.
I did some research and found out that since some newer version of sarg (2.3?) - which is installed on pfsense - there is the possibility to set a "*" so sarg analyzes more logfiles.access_log /var/log/squid/access.log*
Source:
http://sourceforge.net/p/sarg/discussion/363374/thread/e2e10ffb/ -
Thanks for your reply!
I modified access_log string in sarg.conf and after that I got "file not found" error (Cannot get the modification time of input log file /var/squid/logs/access.log* (No such file or directory)). So the current version doesn't support this feature.
-
@worldfirst You can not directly edit the sarg.conf since it will be changed backed to its original configuration using the template which is the sarg.template file
-
Yes, I noticed that.
-
pfSense 2.2 (i386)
Squid 3 + SargCan't get report, error message:
Error: Could not find report index file. Check and save sarg settings and try to force sarg schedule.
Interesting thing with 2 almost same commands in console:
1. Don't work. No report in destination directory after run, i.e. dir is empty.sarg -x -f /usr/pbi/sarg-i386/etc/sarg/sarg.conf -o /usr/local/sarg-reports/
2. Works fine. Generates report in destination directory and after linking this dir to /usr/local/sarg-reports i can see reports via pfsense's GUI.
sarg -x -f /usr/pbi/sarg-i386/etc/sarg/sarg.conf -o /sarg-reports/
So, sarg works for 1st level directory but don't work for 3rd level subdir.
Any ideas how to solve problem?
-
I confirm the problem ! :(
-
Try this from the shell:
rm -r /usr/local/sarg-reports
ln -s /usr/pbi/sarg-i386/local/sarg-reports /usr/local/sarg-reportsUse ln -s /usr/pbi/sarg-amd64/local/sarg-reports /usr/local/sarg-reports if you have 64-bit build.
-
@KOM:
Try this from the shell:
rm -r /usr/local/sarg-reports
ln -s /usr/pbi/sarg-i386/local/sarg-reports /usr/local/sarg-reportsThanks! Fixes problem :)
-
My Hardware: APU1C4
only this solved the Problem:
in console
rm -rf /usr/local/sarg-reports
ln -s /usr/pbi/sarg-amd64/local/sarg-reports /usr/local/sarg-reports -
Was having a similar issue glad i found this post fixed the issue for me thanks
-
I ran the above commands to delete the directory and create the symlink to /usr/pbi/sarg-amd64/local/sarg-reports. I can see sarg generated logs under here. However on the 'View Report' tab I still get
Error: Could not find report index file. Check and save sarg settings and try to force sarg schedule.
This is on a fresh pfSense install running 2.2-RELEASE with Sarg 2.3.9 pkg v.0.6.4, Squid3 4.3.10_2 pkg 0.2.6
-
Check your other options. Sarg seems to be finicky and will not work right with the wrong combination of report options. Do you have Generate main index.html and Generate the index tree by file set to Yes, for instance?
-
Thanks KOM - checked the two options you suggested about index.html and they were selected. I then selected all and thought to try that and reduce it to my original set.
After selecting every option, I ran```
sarg -xThanks for the help.
-
for who have this error even after creating symlink /usr/local/sarg-reports to /usr/pbi/sarg-i386/local/sarg-reports /usr/local/sarg-reports or /usr/pbi/sarg-amd64/local/sarg-reports /usr/local/sarg-reports depending on the version you have installed
Error: Could not find report index file. Check and save sarg settings and try to force sarg schedule.
you certainly chosen SquidGuard as proxy server in Sarg general report setting (with Squid it's work fine).
after some debug,i noticed that Sarg is looking for SquidGuard config file in the below location
/usr/pbi/squidguard-i386/etc/squidguard/squidGuard.conf
but the conf file is located in an other folder
/usr/pbi/squidguard-i386/local/etc/squid/squidGuard.conf
for this Srag break generating index report, even if you try to change the folder in the Sarg configuration file, it will always set to the wrong one after each saving Sarg configuration.
i wil tryed to fixe that with symlink but it's dont work,
-
I too am having problems with sarg reports, but having looked at this thread I can't see an identical issue - realtime report is OK but normal reports aren't generated, in syslog I get
php-fpm[68742]: /pkg_edit.php: The command 'export LC_ALL=C && /usr/pbi/sarg-amd64/bin/sarg -d `date +%d/%m/%Y' returned exit code '2', the output was ''
In SSH I get
export: Command not found.
Sarg is 2.3.9 v0.6.4 and pfsense is 2.2.1 (amd64) ie. both the latest.
Any ideas?
thanks
-
Forget that. It was the wrong close quote mark ie should have been:
date +%d/%m/%Y
more dumb questions coming soon.
Oh and add me to the "me too" people who had to do the link command ln -s to get this to work
-
I can't seem to get the report feature to work. Error:
Error: Could not find report index file.
Check and save sarg settings and try to force sarg schedule.
have forced updates etc… but no help. I know it can generate them in the cli by running sarg -x and then if I go into the tmp directory I can see them and read them, however the index file is not being created.
I believe the conf file is correct butTAG: index yes|no|only
# Generate the main index.html.
# only - generate only the main index.htmlindex yes
TAG: index_tree date|file
# How to generate the index.
index_tree file
TAG: output_dir
# The reports will be saved in that directory
# sarg -o diroutput_dir /usr/local/sarg-reports
any useful info would be appreciated
System
2.2.1-RELEASE (amd64)
built on Fri Mar 13 08:16:49 CDT 2015
FreeBSD 10.1-RELEASE-p6
Squid3 -3.4.10_2 pkg 0.2.7
Sarg 2.3.9 pkg v.0.6.4 -
Did you try the symlink fix shown abpve?