SARG and Dansguardian problem



  • Hi,

    I was able to setup SARG to view Dansguardian reports. If I do a force update I get an updated report. If I let the schedule go, no report is generated and the following errors are found in the system logs:

    Nov 7 10:00:03	php: : The command 'export LC_ALL=C && /usr/local/bin/sarg ' returned exit code '1', the output was 'SARG: Records in file: 2956, reading: 0.00%^MSARG: getword loop detected after 11 bytes. SARG: Line="9107c8304014ef293005303f6c9f4ab0c.exe	39460	TCP_MISS/206	1015	""" SARG: Record="9107c8304014ef293005303f6c9f4ab0c.exe	39460	TCP_MISS/206	1015	""" SARG: searching for 'x9' SARG: There is a broken record or garbage in file /tmp/sarg/10_20_10_1.user_log SARG: Records in file: 2956, reading: 100.00%'
    Nov 7 10:00:01	php: : The command 'export LC_ALL=C && /usr/local/bin/sarg ' returned exit code '1', the output was 'SARG: Records in file: 2956, reading: 0.00%^Msort: open failed: /tmp/sarg/denied.int_unsort: No such file or directory SARG: sort command return status 2 SARG: sort command: sort -T "/tmp/sarg" -t "	" -k 3,3 -k 5,5 -o "/tmp/sarg/denied.int_log" "/tmp/sarg/denied.int_unsort" SARG: Records in file: 2956, reading: 100.00%'
    

    Any ideas?



  • Are you using squid log format on squid?



  • Dansguardian I had to set the log to Squid format.
    For Squid, its a default install.. So I assume that the logs are in Squid format.



  • Just a bit of an update. I may have found my problem. In trying to limit the scope of a report, I had put 24h(86400000)  in the Max Elapsed filed. Reading that there were many problems with a 24h/1d period I changed it to 12h (43200000) and the reports worked.

    However, my goal was to limit each report to the last 24/12h block of time. Having set Max Elapsed to 12h, I would assume the reports will only show the last 12h of usage, but my report still shows an untruncated time period. How do I fix this? Is using the Max Elapsed filed the correct way to do this? Do I need to set the logs to rotate in the schedule?



  • try this arg to create report using yesterday logs

    TODAY: -d date +%d/%m/%Y
    YESTERDAY: -d date -v-1d +%d/%m/%Y
    WEEKAGO: -d date -v-1w +%d/%m/%Y- date -v-1d +%d/%m/%Y
    MONTHAGO: -d date -v-1m +01/%m/%Y-`date -v-1m +31/%m/%Y



  • I'll give that a try. What about the Max Elapsed setting? Do I just leave that at the default blank? Also should I set the schedule to rotate logs?



  • @marcelloc:

    try this arg to create report using yesterday logs

    TODAY: -d date +%d/%m/%Y
    YESTERDAY: -d date -v-1d +%d/%m/%Y
    WEEKAGO: -d date -v-1w +%d/%m/%Y- date -v-1d +%d/%m/%Y
    MONTHAGO: -d date -v-1m +01/%m/%Y-`date -v-1m +31/%m/%Y

    This seemed to have fixed my problem. Though when I look at the system logs I seem to always get the following line:

    php: : The command 'export LC_ALL=C && /usr/local/bin/sarg -d `date +%d/%m/%Y`-`date +%d/%m/%Y`' returned exit code '1', the output was 'SARG: Records in file: 17732, reading: 0.00%^MSARG: Records in file: 5000, reading: 28.20%^MSARG: Records in file: 10000, reading: 56.40%^MSARG: Records in file: 15000, reading: 84.59%^MSARG: Period covered by log files: 12/11/2013-12/11/2013 sort: open failed: /tmp/sarg/denied.int_unsort: No such file or directory SARG: sort command return status 2 SARG: sort command: sort -T "/tmp/sarg" -t "	" -k 3,3 -k 5,5 -o "/tmp/sarg/denied.int_log" "/tmp/sarg/denied.int_unsort" SARG: Records in file: 17732, reading: 100.00%'
    

    Is this something I should be worried about? How would I fix this?



  • Can you try to run sarg via console?



  • I could try to use the console, what commands would I need to run?

    Funny thing is if I go to the schedule and do a "force update now", no errors are produced in the log.