Squid3, Squidguard & Sarg
-
To All,
Was wondering what type of setup you guys are using?
As hardware I have the following:
Optiplex 745
2GB RAM
80GB HDD
Internal on mobo (Gigabit NIC)
Internal 2port Intel NIC (verified hardware)My settings are the following:
Proxy Logging enabled
Log rotate 10SquidGuard Enabled Log
SquidGuard Enbled log rotationSarge report Limits 20
Sarge shedule rotate logsAre there any things that I need to do to keep my log files getting cleared/erased automatically after the given rotations or…
Don't want to end up having issues with my system due to lack of space or so. -
Sarg rotate code keeps 10 days log files.
One point that improves squid performance is enabling soft updates during pfsense custom install.
att,
Marcello Coutinho
-
What limits does everyone have set? Sarg defaults are as follows:
Max Elapsed: 0
Report Limits: 0
Top User Limit: 0
Denied Limit: 0
Authfail Limit: 0
User_report_limit: 0SCHEDULE:
Sarg args: blank
frequency: 1d (1 day)
Action after sarg: rotate logsStill sarg never seems to update the reports unless I FORCE UPDATE NOW.
-
Check if you are not rotating logs on squid and/or squidguard config
-
Check if you are not rotating logs on squid and/or squidguard config
Marcelloc - my Squid rotate setting is set to the default value of 7 days. Should this be adjusted? Thanks for your help.
-
Marcelloc - my Squid rotate setting is set to the default value of 7 days. Should this be adjusted? Thanks for your help.
Choose who is going to rotate your logs, sarg or squid. Using both will mess up your reports or logs.
-
Marcelloc - my Squid rotate setting is set to the default value of 7 days. Should this be adjusted? Thanks for your help.
Choose who is going to rotate your logs, sarg or squid. Using both you mess up your reports or logs.
Understood. Which do you suggest? Removing the squid rotate value of 7 days?
Also, if I set the Sarg schedule frequency to 1d (1day) and define the Action after Sarg = rotate logs, that will trigger Sarg to rotate the log daily, correct? If so, would you suggest doing this 1h (every 1 hour), 1d (daily), etc.?Appreciate any insight or experience you can share on your config. Thanks again.
-
On my setups I define two schedules.
1h with action=none(no rotate no restart)
1d with action=both(rotate logs and restart daemon)and no rotate options on squid config.
-
Oddly enough, I've followed these suggestions and it still doesn't quite seem like the rotation is working correctly. Despite adding the Sarg argument to limit to only a single day report, the BYTES and AVERAGE byte count appear to be too high. As if they're a cumulative total vs. only the calculation based on a single day as expected?
FILE/PERIOD CREATION DATE USERS BYTES AVERAGE
2012Jun27-2012Jun27 Wed Jun 27 09:01:40 2012 8 2,239,842 279,980
2012Jun17-2012Jun28 Thu Jun 28 11:00:10 2012 12 4,241,839,106 353,486,592
2012Jun17-2012Jun27 Thu Jun 28 00:00:11 2012 12 4,210,378,100 350,864,841EDIT: not sure whether it's correct, but previously only my 1d (daily) schedule had the Additional Argument field populated. I've since updated my 1h (hourly) schedule to include the same Additional Argument value. Are both schedules below necessary? And if so, do they look accurate? Thanks.
Status Update Frequency Aditional Args Post Action Description
on 1d -ddate +%d/%m/%Y
-date +%d/%m/%Y
both Rotate Logs Restart Daemon
on 1h -ddate +%d/%m/%Y
-date +%d/%m/%Y
none No Rotate No Restart -
The args are just to limit lines to read, in some cases(large files) it fixes sarg erros while report generation.