Squid3, Squidguard & Sarg



  • To All,

    Was wondering what type of setup you guys are using?
    As hardware I have the following:
    Optiplex 745
    2GB RAM
    80GB HDD
    Internal on mobo (Gigabit NIC)
    Internal 2port Intel NIC (verified hardware)

    My settings are the following:
    Proxy Logging enabled
    Log rotate 10

    SquidGuard Enabled Log
    SquidGuard Enbled log rotation

    Sarge report Limits 20
    Sarge shedule rotate logs

    Are there any things that I need to do to keep my log files getting cleared/erased automatically after the given rotations or…
    Don't want to end up having issues with my system due to lack of space or so.



  • Sarg rotate code keeps 10 days log files.

    One point that improves squid performance is enabling soft updates during pfsense custom install.

    att,
    Marcello Coutinho






  • What limits does everyone have set?  Sarg defaults are as follows:

    Max Elapsed: 0
    Report Limits: 0
    Top User Limit: 0
    Denied Limit: 0
    Authfail Limit: 0
    User_report_limit: 0

    SCHEDULE:
    Sarg args: blank
    frequency: 1d (1 day)
    Action after sarg: rotate logs

    Still sarg never seems to update the reports unless I FORCE UPDATE NOW.



  • Check if you are not rotating logs on squid and/or squidguard config



  • @marcelloc:

    Check if you are not rotating logs on squid and/or squidguard config

    Marcelloc - my Squid rotate setting is set to the default value of 7 days.  Should this be adjusted?  Thanks for your help.



  • @miles267:

    Marcelloc - my Squid rotate setting is set to the default value of 7 days.  Should this be adjusted?  Thanks for your help.

    Choose who is going to rotate your logs, sarg or squid. Using both will mess up your reports or logs.



  • @marcelloc:

    @miles267:

    Marcelloc - my Squid rotate setting is set to the default value of 7 days.  Should this be adjusted?  Thanks for your help.

    Choose who is going to rotate your logs, sarg or squid. Using both you mess up your reports or logs.

    Understood.  Which do you suggest?  Removing the squid rotate value of 7 days?
    Also, if I set the Sarg schedule frequency to 1d (1day) and define the Action after Sarg = rotate logs, that will trigger Sarg to rotate the log daily, correct?  If so, would you suggest doing this 1h (every 1 hour), 1d (daily), etc.?

    Appreciate any insight or experience you can share on your config.  Thanks again.



  • On my setups I define two schedules.

    1h with action=none(no rotate no restart)
    1d with action=both(rotate logs and restart daemon)

    and no rotate options on squid config.



  • Oddly enough, I've followed these suggestions and it still doesn't quite seem like the rotation is working correctly.  Despite adding the Sarg argument to limit to only a single day report, the BYTES and AVERAGE byte count appear to be too high.  As if they're a cumulative total vs. only the calculation based on a single day as expected?

    FILE/PERIOD CREATION DATE USERS BYTES AVERAGE
    2012Jun27-2012Jun27 Wed Jun 27 09:01:40 2012 8 2,239,842 279,980
    2012Jun17-2012Jun28 Thu Jun 28 11:00:10 2012 12 4,241,839,106 353,486,592
    2012Jun17-2012Jun27 Thu Jun 28 00:00:11 2012 12 4,210,378,100 350,864,841

    EDIT: not sure whether it's correct, but previously only my 1d (daily) schedule had the Additional Argument field populated.  I've since updated my 1h (hourly) schedule to include the same Additional Argument value.  Are both schedules below necessary?  And if so, do they look accurate?  Thanks.

    Status Update Frequency Aditional Args Post Action Description
    on 1d -d date +%d/%m/%Y-date +%d/%m/%Y both Rotate Logs Restart Daemon
    on 1h -d date +%d/%m/%Y-date +%d/%m/%Y none No Rotate No Restart



  • The args are just to limit lines to read, in some cases(large files) it fixes sarg erros while report generation.


Locked