PfSense 2.2.6 Report blocked sites with Sarg not working



  • Hi,

    I'm using pfSense 2.2.6 with squid3/squidGuard and it works as expected. I would like to view with Sarg Blocked sites from squidGuard. In Sarg Settings page I selected "Proxy Server Squidguard" but generated Access Report does not llist blocked sites and blacklist. In SquidGuard page Settings I enabled "Enable GUI log", "Enable log" and "Enable log rotation".

    Thanks in advance for your help

    
    egrep -v '^#|^$' /usr/pbi/sarg-amd64/local/etc/sarg/sarg.conf
    access_log /var/squid/logs/access.log
    graphs yes
    output_dir /usr/local/sarg-reports
    anonymous_output_files no
    resolve_ip no
    user_ip no
    topuser_sort_field BYTES normal
    user_sort_field BYTES normal
    exclude_users /usr/pbi/sarg-amd64/etc/sarg/exclude_users.conf
    exclude_hosts /usr/pbi/sarg-amd64/etc/sarg/exclude_hosts.conf
    date_format e
    lastlog 0
    remove_temp_files yes
    index yes
    index_tree file
    overwrite_report no
    use_comma yes
    exclude_codes /usr/pbi/sarg-amd64/etc/sarg/exclude_codes
    max_elapsed 0
    report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
    usertab none
    long_url no
    date_time_by bytes
    charset UTF-8
    privacy no
    bytes_in_sites_users_report no
    topuser_num 0
    dansguardian_conf
    squidguard_conf /usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf
    redirector_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#
    show_sarg_info no
    show_sarg_logo no
    displayed_values bytes
    authfail_report_limit 0
    denied_report_limit 0
    siteusers_report_limit 0
    user_report_limit 0
    squidguard_report_limit 0
    www_document_root /usr/local/www
    ntlm_user_format domainname+username
    realtime_refresh_time 0
    realtime_types GET,PUT,CONNECT
    realtime_unauthenticated_records show
    sorttable /sarg_sorttable.js
    hostalias /usr/pbi/sarg-amd64/etc/sarg/hostalias
    
    


  • Hi,

    Still trying to understand why sarg does not report blocked sites, according to "sarg -xz" output block.log is empty but it is not.

    Thx for your help

     wc -l /var/squidGuard/log/block.log
         502 /var/squidGuard/log/block.log
    
    
    2016-01-05 17:08:44 [82855] Request(default/blk_blacklists_games/-) 1.gravatar.com:443 IP/- - CONNECT REDIRECT
    
     sarg -xz
    SARG: Init
    SARG: Loading configuration from /usr/local/etc/sarg/sarg.conf
    SARG: TAG: access_log /var/squid/logs/access.log
    SARG: TAG: graphs yes
    SARG: TAG: output_dir /usr/local/sarg-reports
    SARG: TAG: anonymous_output_files no
    SARG: TAG: resolve_ip yes
    SARG: Chaining IP resolving module "dns"
    SARG: TAG: user_ip no
    SARG: TAG: topuser_sort_field BYTES normal
    SARG: TAG: user_sort_field BYTES normal
    SARG: TAG: exclude_users /usr/pbi/sarg-amd64/etc/sarg/exclude_users.conf
    SARG: TAG: exclude_hosts /usr/pbi/sarg-amd64/etc/sarg/exclude_hosts.conf
    SARG: TAG: date_format e
    SARG: TAG: lastlog 0
    SARG: TAG: remove_temp_files yes
    SARG: TAG: index yes
    SARG: TAG: index_tree file
    SARG: TAG: overwrite_report no
    SARG: TAG: use_comma yes
    SARG: TAG: exclude_codes /usr/pbi/sarg-amd64/etc/sarg/exclude_codes
    SARG: TAG: max_elapsed 0
    SARG: TAG: report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
    SARG: TAG: usertab none
    SARG: TAG: long_url no
    SARG: TAG: date_time_by bytes
    SARG: TAG: charset UTF-8
    SARG: TAG: privacy no
    SARG: TAG: bytes_in_sites_users_report no
    SARG: TAG: topuser_num 0
    SARG: TAG: dansguardian_conf
    SARG: TAG: squidguard_conf /usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf
    SARG: TAG: redirector_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#
    SARG: TAG: show_sarg_info no
    SARG: TAG: show_sarg_logo no
    SARG: TAG: displayed_values bytes
    SARG: TAG: authfail_report_limit 0
    SARG: TAG: denied_report_limit 0
    SARG: TAG: siteusers_report_limit 0
    SARG: TAG: user_report_limit 0
    SARG: TAG: squidguard_report_limit 0
    SARG: TAG: www_document_root /usr/local/www
    SARG: TAG: ntlm_user_format domainname+username
    SARG: TAG: realtime_refresh_time 0
    SARG: TAG: realtime_types GET,PUT,CONNECT
    SARG: TAG: realtime_unauthenticated_records show
    SARG: TAG: sorttable /sarg_sorttable.js
    SARG: TAG: hostalias /usr/pbi/sarg-amd64/etc/sarg/hostalias
    SARG: Loading exclude host file from: /usr/pbi/sarg-amd64/etc/sarg/exclude_hosts.conf
    SARG: Loading exclude file from: /usr/pbi/sarg-amd64/etc/sarg/exclude_users.conf
    SARG: Reading host alias file "/usr/pbi/sarg-amd64/etc/sarg/hostalias"
    SARG: List of host names to alias:
    SARG: Parameters:
    SARG:           Hostname or IP address (-a) =
    SARG:                    Useragent log (-b) =
    SARG:                     Exclude file (-c) = /usr/pbi/sarg-amd64/etc/sarg/exclude_hosts.conf
    SARG:                  Date from-until (-d) =
    SARG:    Email address to send reports (-e) =
    SARG:                      Config file (-f) = /usr/local/etc/sarg/sarg.conf
    SARG:                      Date format (-g) = Europe (dd/mm/yyyy)
    SARG:                        IP report (-i) = No
    SARG:             Keep temporary files (-k) = No
    SARG:                        Input log (-l) = /var/squid/logs/access.log
    SARG:               Resolve IP Address (-n) = Yes
    SARG:                       Output dir (-o) = /usr/local/sarg-reports/
    SARG: Use Ip Address instead of userid (-p) = No
    SARG:                    Accessed site (-s) =
    SARG:                             Time (-t) =
    SARG:                             User (-u) =
    SARG:                    Temporary dir (-w) = /tmp/sarg
    SARG:                   Debug messages (-x) = Yes
    SARG:                 Process messages (-z) = Yes
    SARG:  Previous reports to keep (--lastlog) = 0
    SARG:
    SARG: sarg version: 2.3.9 Sep-21-2014
    SARG: Reading access log file: /var/squid/logs/access.log
    SARG: Records in file: 2397, reading: 100.00%
    SARG:    Records read: 2397, written: 2397, excluded: 0
    SARG: Squid log format
    SARG: (info) date=06/01/2016
    SARG: (info) period=06 Jan 2016
    SARG: Period: 06 Jan 2016
    SARG: File /usr/local/sarg-reports/06Jan2016-06Jan2016 already exists, moved to /usr/local/sarg-reports/06Jan2016-06Jan2016.1
    SARG: (info) outdirname=/usr/local/sarg-reports/06Jan2016-06Jan2016
    SARG: Sorting log /tmp/sarg/IP.user_unsort
    SARG: Making file: /tmp/sarg/IP
    SARG: Sorting log /tmp/sarg/IP.user_unsort
    SARG: Making file: /tmp/sarg/IP
    SARG: Sorting log /tmp/sarg/IP.user_unsort
    SARG: Making file: /tmp/sarg/IP
    SARG: Sorting log /tmp/sarg/IP.user_unsort
    SARG: Making file: /tmp/sarg/IP
    SARG: Sorting log /tmp/sarg/IP.user_unsort
    SARG: Making file: /tmp/sarg/IP
    SARG: Sorting log /tmp/sarg/IP.user_unsort
    SARG: Making file: /tmp/sarg/IP
    SARG: Sorting log /tmp/sarg/IP.user_unsort
    SARG: Making file: /tmp/sarg/IP
    SARG: Sorting log /tmp/sarg/IP.user_unsort
    SARG: Making file: /tmp/sarg/IP
    SARG: Sorting log /tmp/sarg/IP.user_unsort
    SARG: Making file: /tmp/sarg/IP
    SARG: Sorting log /tmp/sarg/IP.user_unsort
    SARG: Making file: /tmp/sarg/IP
    SARG: Sorting log /tmp/sarg/IP.user_unsort
    SARG: Making file: /tmp/sarg/IP
    SARG: (info) Dansguardian report not produced because no dansguardian configuration file was provided
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Hour string too long in redirector log file /var/squidGuard/log/block.log
    SARG: Hour string too long in redirector log file /var/squidGuard/log/block.log
    SARG: Hour string too long in redirector log file /var/squidGuard/log/block.log
    SARG: Hour string too long in redirector log file /var/squidGuard/log/block.log
    SARG: Hour string too long in redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Reading redirector log file /var/squidGuard/log/block.log
    SARG: Sorting file: /tmp/sarg/redirector.int_log
    SARG: (info) No downloaded files to report
    SARG: (info) Denied report not produced because it is empty
    SARG: (info) Authentication failures report not produced because it is empty
    SARG: (info) Redirector report not generated because it is empty
    SARG: Sorting file: /tmp/sarg/IP.utmp
    SARG: Making report: IP
    SARG: Sorting file: /tmp/sarg/IP.utmp
    SARG: Making report: IP7
    SARG: Sorting file: /tmp/sarg/IP.utmp
    SARG: Making report: IP
    SARG: Sorting file: /tmp/sarg/IP.utmp
    SARG: Making report: IP
    SARG: Sorting file: /tmp/sarg/IP.utmp
    SARG: Making report: IP
    SARG: Sorting file: /tmp/sarg/IP.utmp
    SARG: Making report: IP
    SARG: Sorting file: /tmp/sarg/IP.utmp
    SARG: Making report: IP
    SARG: Sorting file: /tmp/sarg/IP.utmp
    SARG: Making report: IP
    SARG: Sorting file: /tmp/sarg/IP.utmp
    SARG: Making report: IP
    SARG: Sorting file: /tmp/sarg/IP.utmp
    SARG: Making report: IP
    SARG: Sorting file: /tmp/sarg/IP.utmp
    SARG: Making report: IP
    SARG: Making index.html
    SARG: Successful report generated on /usr/local/sarg-reports/06Jan2016-06Jan2016
    SARG: Purging temporary file sarg-general
    SARG: End
    
    

Log in to reply