Monitoring proxy server squid pfsense 2.0.1 ? how to

bmironb

Hi,

Is there any way to monitor traffic that is coming on wan interface when proxy is used ?
 I have a proxy server on wan working on a port(squid package), when somewhere is used my ext ip or dyn dns as a proxy on a specified port , can these traffic be monitorized from dashboard where squid is installed on pfsense 2.0.1 pc platform ? and if so how is there some package or something ? i also whant to see ips from pages that are accessed from where proxy is used(sorry for these expression i'm not sure if acessed pages are called 'states') …can these be done somehow ?

Thanks !

marcelloc

Sarg package has a real-time report viewer for squid.
squid built in cachemanager.cgi could be an option too.

bmironb

Hi,
Thanks for your reply.
I installed package…but it's not working right now i get this:

Error: Could not find report index file.
Check sarg settings and try to force sarg schedule.

I have to create in /var/squid/logs/access.log but i don't know how

marcelloc

Enable squid logs on gui first.

bmironb

Done, it' enable.
But i still get this Error: Could not find report index file.
                                Check sarg settings and try to force sarg schedule.
I add a schedule for one hour i also tryed a real time report…
I mention that right now proxy is not in use ! service is started but it's not use...(it's a proxy on wan)

Thanks

marcelloc

what you got on realtime tab?

bmironb

See picture i pusshed show log
I think is not working because proxy is not use what should be in report if is not use….
But i don't know why i m getting index eror from above:( still after enable like you said ?

/var/squid/logs/access.log is there empty now but still...index error

Thanks ! I just saw that package is created by you and how is working in some posts....i didn't thought that will be so detailed

bmironb

From other posts sarg is not using the right path…wich one is the good one /var/squid/log/access.log or /var/squid/logs/access.log ? i copied from /var/squid/logs/access.log in /var/squid/logs/access.log but still nothing...the same error with index

marcelloc

The path on squid.conf by default is /var/squid/logs/access.log.

bmironb

realtime report is working :D i test it when proxy is in use is working fine :D but in view report i still get index error

marcelloc

@bmironb:

realtime report is working :D i test it when proxy is in use is working fine :D but in view report i still get index error

good news!

now, try to run sarg on console/ssh to see if it return erros.

bmironb

Result :

SARG: Records in file: 102, reading: 100.00%
SARG: Successful report generated on /usr/local/www/sarg-reports/2012/05/07

I checked and sites are there in report :D checked manually …with edit file/browse

In system logs :

May 7 22:00:01 php: : Sarg: force refresh now with '' args and none action after sarg finish.
May 7 22:00:01 php: : The command '/usr/local/bin/sarg ' returned exit code '1', the output was 'SARG: Records in file: 103, reading: 0.00%^MSARG: cannot open /usr/local/www/sarg-reports/2012/05/07/sarg-date for writing SARG:: No such file or directory SARG: Records in file: 103, reading: 100.00%'

linuxmaniac

Hai Guys,
I found why this error is happening. the sarg_reports.php is looking for the index.html file in sarg-reports/index.html, which is not there. Basically the default installation of sarg in Fedora and Centos is giving us a "report" directory format like the following. /var/www/html/reports/index.html.  This index.html is generated when using  "sarg -x " command ,which contains all the report details.

But in PfSense Sarg ,the  directory structure is little-bit different. I dont know why and how to solve this.If you are placing one index.html file in "/usr/local/www/sarg-reports/" ,the webconfigurator will show that "index.html" while taking "Status->sarg Reports-> View Reports".

The directory structure of Sarg in Pfsense is as this "sarg-reports/"year"/"month"/"date"/index.html"( Actual Sarg directory structure "sarg-reports/index.html" + lot of directory in "yyyy-mm-dd"). The configuration of this sarg_reports.php is given in sarg_frame.php,where the path of report file is given.

I am struck with this error ..Can any one give further tips in the topic….........!!!

Thanks
Pramod

Cino

fyi the lightsquid package also has realtime monitoring now

marcelloc

linuxmaniac,

What options did you selected on sarg config page? did you created the schedules to run sarg?

I have reports working with these report options selected:

user graphics
remove temporary files
generate the main index
generate the index tree
overwrite report
use comma instead pint in reports
show de downloaded volume ond date/time reports

and all report to generate selected

linuxmaniac

Hai Marcelloc,

I got that  ;D. Your information was very helpful…Its solved my problem....Many thanks..... :D

Eleander

Great post, solved my "problem" (=wrong configuration) to!

bmironb

Guys,

Those settings mentioned by marceloc are resolving index error ?
If yes how exactly can be changed ? (yes) (no) from report settings ?

Thanks !

marcelloc

Just select them using ctrl + click. The (yes) and (no) are there just to show you what values are default on sarg configuration.

bmironb

Now is working finally, thanks a lot !!

miles267

@marcelloc:

linuxmaniac,

What options did you selected on sarg config page? did you created the schedules to run sarg?

I have reports working with these report options selected:

user graphics
remove temporary files
generate the main index
generate the index tree
overwrite report
use comma instead pint in reports
show de downloaded volume ond date/time reports

and all report to generate selected

Hi - I've followed this approach it seems to work.  However, I seem to get "gaps" in the report.  If I attempt to click on any of the day hyperlinks under the FILE/PERIOD column where there are '0' values under USERS, BYTES or AVERAGE, Sarg immediately returns:

Error: Could not find report index file.
Check and save sarg settings and try to force sarg schedule.

My schedule is set as follows (no Additional Args defined)

Status Update Frequency Aditional Args Post Action Description
on 1d both Rotate Logs Restart Daemon
on 1h none No Rotate No Restart

FILE/PERIOD CREATION DATE USERS BYTES AVERAGE
2012Jun17-2012Jun26 Tue Jun 26 11:00:09 2012 12 3,776,071,500 314,672,625
2012Jun17-2012Jun25 Tue Jun 26 00:00:11 2012 0 0 0
2012Jun17-2012Jun24 Mon Jun 25 00:00:10 2012 0 0 0
2012Jun17-2012Jun23 Sun Jun 24 00:00:08 2012 0 0 0
2012Jun17-2012Jun22 Fri Jun 22 23:00:07 2012 12 2,368,777,123 197,398,093
2012Jun17-2012Jun21 Fri Jun 22 00:00:06 2012 0 0 0
2012Jun17-2012Jun20 Thu Jun 21 00:00:18 2012 12 1,685,088,876 140,424,073
2012Jun17-2012Jun19 Wed Jun 20 00:00:04 2012 12 1,423,723,046 118,643,587

marcelloc

@miles267:

FILE/PERIOD CREATION DATE USERS BYTES AVERAGE
2012Jun17-2012Jun26 Tue Jun 26 11:00:09 2012 12 3,776,071,500 314,672,625
2012Jun17-2012Jun25 Tue Jun 26 00:00:11 2012 0 0 0
2012Jun17-2012Jun24 Mon Jun 25 00:00:10 2012 0 0 0
2012Jun17-2012Jun23 Sun Jun 24 00:00:08 2012 0 0 0
2012Jun17-2012Jun22 Fri Jun 22 23:00:07 2012 12 2,368,777,123 197,398,093
2012Jun17-2012Jun21 Fri Jun 22 00:00:06 2012 0 0 0
2012Jun17-2012Jun20 Thu Jun 21 00:00:18 2012 12 1,685,088,876 140,424,073
2012Jun17-2012Jun19 Wed Jun 20 00:00:04 2012 12 1,423,723,046 118,643,587

it looks like your logs are not rotating

try to use sarg args to limit report to one day and check the results.

-d date +%d/%m/%Y-date +%d/%m/%Y

miles267

marcelloc, it appears to have worked.  I actually modified my 1d Sarg schedule to include the arguement exactly as you've written it (and FORCED UPDATE NOW)

Status Update Frequency Aditional Args Post Action Description
on 1d -d date +%d/%m/%Y-date +%d/%m/%Y both Rotate Logs Restart Daemon

After the update, the report output appears as follows.  The first line being the result of my forced update.

FILE/PERIOD CREATION DATE USERS BYTES AVERAGE
2012Jun26-2012Jun26 Tue Jun 26 12:20:21 2012 8 66,752,110 8,344,013
2012Jun17-2012Jun26 Tue Jun 26 12:00:09 2012 12 3,816,299,190 318,024,932
2012Jun17-2012Jun25 Tue Jun 26 00:00:11 2012 0 0 0
2012Jun17-2012Jun24 Mon Jun 25 00:00:10 2012 0 0 0
2012Jun17-2012Jun23 Sun Jun 24 00:00:08 2012 0 0 0
2012Jun17-2012Jun22 Fri Jun 22 23:00:07 2012 12 2,368,777,123 197,398,093
2012Jun17-2012Jun21 Fri Jun 22 00:00:06 2012 0 0 0
2012Jun17-2012Jun20 Thu Jun 21 00:00:18 2012 12 1,685,088,876 140,424,073
2012Jun17-2012Jun19 Wed Jun 20 00:00:04 2012 12 1,423,723,046 118,643,587

Once it works, is there any way to clear out all of the old log data?

bmironb

i'm also wondering if i could delete old reports….is that possible ? without causing malfunctions

marcelloc

@bmironb:

i'm also wondering if i could delete old reports….is that possible ? without causing malfunctions

sure, just delete report folder in /usr/local/sarg-reports

jmirsteinban

Error: Could not find report index file.
Check sarg settings and try to force sarg schedule.

SOLUCION!!!!

En la Pestaña Schedule una tarea con la Siguiente configuracion:

Descripcion : Nombre que ustedes decidan
    Sarg arg: -d date +%d/%m/%Y-date +%d/%m/%Y
    Frecuency: 15m

Luego lo guardan y se van a la pestaña general
Seleccionan:

user graphics
remove temporary files
generate the main index
generate the index tree
overwrite report
use comma instead pint in reports
show de downloaded volume ond date/time reports

En la sección REPORT TO GENERATE se seleccionan todos

Se guarda la configuracion y vamos de nuevo a la pestaña de schedule abrimos la tarea y damos en el boton

FORCE UPDATE NOW

Esperamos a que ejecute la tarea y por ultumo vamos al la pestaña donde vemos el reporte!!!!