1. Home
  2. pfSense Packages
  3. Cache/Proxy
  4. PfSense 2.2.6 Report blocked sites with Sarg not working

PfSense 2.2.6 Report blocked sites with Sarg not working

  • D

    Hi,

    I'm using pfSense 2.2.6 with squid3/squidGuard and it works as expected. I would like to view with Sarg Blocked sites from squidGuard. In Sarg Settings page I selected "Proxy Server Squidguard" but generated Access Report does not llist blocked sites and blacklist. In SquidGuard page Settings I enabled "Enable GUI log", "Enable log" and "Enable log rotation".

    Thanks in advance for your help

    
egrep -v '^#|^$' /usr/pbi/sarg-amd64/local/etc/sarg/sarg.conf
access_log /var/squid/logs/access.log
graphs yes
output_dir /usr/local/sarg-reports
anonymous_output_files no
resolve_ip no
user_ip no
topuser_sort_field BYTES normal
user_sort_field BYTES normal
exclude_users /usr/pbi/sarg-amd64/etc/sarg/exclude_users.conf
exclude_hosts /usr/pbi/sarg-amd64/etc/sarg/exclude_hosts.conf
date_format e
lastlog 0
remove_temp_files yes
index yes
index_tree file
overwrite_report no
use_comma yes
exclude_codes /usr/pbi/sarg-amd64/etc/sarg/exclude_codes
max_elapsed 0
report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
usertab none
long_url no
date_time_by bytes
charset UTF-8
privacy no
bytes_in_sites_users_report no
topuser_num 0
dansguardian_conf
squidguard_conf /usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf
redirector_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#
show_sarg_info no
show_sarg_logo no
displayed_values bytes
authfail_report_limit 0
denied_report_limit 0
siteusers_report_limit 0
user_report_limit 0
squidguard_report_limit 0
www_document_root /usr/local/www
ntlm_user_format domainname+username
realtime_refresh_time 0
realtime_types GET,PUT,CONNECT
realtime_unauthenticated_records show
sorttable /sarg_sorttable.js
hostalias /usr/pbi/sarg-amd64/etc/sarg/hostalias
    0
  • D

    Hi,

    Still trying to understand why sarg does not report blocked sites, according to "sarg -xz" output block.log is empty but it is not.

    Thx for your help

     wc -l /var/squidGuard/log/block.log
     502 /var/squidGuard/log/block.log


    2016-01-05 17:08:44 [82855] Request(default/blk_blacklists_games/-) 1.gravatar.com:443 IP/- - CONNECT REDIRECT

     sarg -xz
SARG: Init
SARG: Loading configuration from /usr/local/etc/sarg/sarg.conf
SARG: TAG: access_log /var/squid/logs/access.log
SARG: TAG: graphs yes
SARG: TAG: output_dir /usr/local/sarg-reports
SARG: TAG: anonymous_output_files no
SARG: TAG: resolve_ip yes
SARG: Chaining IP resolving module "dns"
SARG: TAG: user_ip no
SARG: TAG: topuser_sort_field BYTES normal
SARG: TAG: user_sort_field BYTES normal
SARG: TAG: exclude_users /usr/pbi/sarg-amd64/etc/sarg/exclude_users.conf
SARG: TAG: exclude_hosts /usr/pbi/sarg-amd64/etc/sarg/exclude_hosts.conf
SARG: TAG: date_format e
SARG: TAG: lastlog 0
SARG: TAG: remove_temp_files yes
SARG: TAG: index yes
SARG: TAG: index_tree file
SARG: TAG: overwrite_report no
SARG: TAG: use_comma yes
SARG: TAG: exclude_codes /usr/pbi/sarg-amd64/etc/sarg/exclude_codes
SARG: TAG: max_elapsed 0
SARG: TAG: report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
SARG: TAG: usertab none
SARG: TAG: long_url no
SARG: TAG: date_time_by bytes
SARG: TAG: charset UTF-8
SARG: TAG: privacy no
SARG: TAG: bytes_in_sites_users_report no
SARG: TAG: topuser_num 0
SARG: TAG: dansguardian_conf
SARG: TAG: squidguard_conf /usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf
SARG: TAG: redirector_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#
SARG: TAG: show_sarg_info no
SARG: TAG: show_sarg_logo no
SARG: TAG: displayed_values bytes
SARG: TAG: authfail_report_limit 0
SARG: TAG: denied_report_limit 0
SARG: TAG: siteusers_report_limit 0
SARG: TAG: user_report_limit 0
SARG: TAG: squidguard_report_limit 0
SARG: TAG: www_document_root /usr/local/www
SARG: TAG: ntlm_user_format domainname+username
SARG: TAG: realtime_refresh_time 0
SARG: TAG: realtime_types GET,PUT,CONNECT
SARG: TAG: realtime_unauthenticated_records show
SARG: TAG: sorttable /sarg_sorttable.js
SARG: TAG: hostalias /usr/pbi/sarg-amd64/etc/sarg/hostalias
SARG: Loading exclude host file from: /usr/pbi/sarg-amd64/etc/sarg/exclude_hosts.conf
SARG: Loading exclude file from: /usr/pbi/sarg-amd64/etc/sarg/exclude_users.conf
SARG: Reading host alias file "/usr/pbi/sarg-amd64/etc/sarg/hostalias"
SARG: List of host names to alias:
SARG: Parameters:
SARG:           Hostname or IP address (-a) =
SARG:                    Useragent log (-b) =
SARG:                     Exclude file (-c) = /usr/pbi/sarg-amd64/etc/sarg/exclude_hosts.conf
SARG:                  Date from-until (-d) =
SARG:    Email address to send reports (-e) =
SARG:                      Config file (-f) = /usr/local/etc/sarg/sarg.conf
SARG:                      Date format (-g) = Europe (dd/mm/yyyy)
SARG:                        IP report (-i) = No
SARG:             Keep temporary files (-k) = No
SARG:                        Input log (-l) = /var/squid/logs/access.log
SARG:               Resolve IP Address (-n) = Yes
SARG:                       Output dir (-o) = /usr/local/sarg-reports/
SARG: Use Ip Address instead of userid (-p) = No
SARG:                    Accessed site (-s) =
SARG:                             Time (-t) =
SARG:                             User (-u) =
SARG:                    Temporary dir (-w) = /tmp/sarg
SARG:                   Debug messages (-x) = Yes
SARG:                 Process messages (-z) = Yes
SARG:  Previous reports to keep (--lastlog) = 0
SARG:
SARG: sarg version: 2.3.9 Sep-21-2014
SARG: Reading access log file: /var/squid/logs/access.log
SARG: Records in file: 2397, reading: 100.00%
SARG:    Records read: 2397, written: 2397, excluded: 0
SARG: Squid log format
SARG: (info) date=06/01/2016
SARG: (info) period=06 Jan 2016
SARG: Period: 06 Jan 2016
SARG: File /usr/local/sarg-reports/06Jan2016-06Jan2016 already exists, moved to /usr/local/sarg-reports/06Jan2016-06Jan2016.1
SARG: (info) outdirname=/usr/local/sarg-reports/06Jan2016-06Jan2016
SARG: Sorting log /tmp/sarg/IP.user_unsort
SARG: Making file: /tmp/sarg/IP
SARG: Sorting log /tmp/sarg/IP.user_unsort
SARG: Making file: /tmp/sarg/IP
SARG: Sorting log /tmp/sarg/IP.user_unsort
SARG: Making file: /tmp/sarg/IP
SARG: Sorting log /tmp/sarg/IP.user_unsort
SARG: Making file: /tmp/sarg/IP
SARG: Sorting log /tmp/sarg/IP.user_unsort
SARG: Making file: /tmp/sarg/IP
SARG: Sorting log /tmp/sarg/IP.user_unsort
SARG: Making file: /tmp/sarg/IP
SARG: Sorting log /tmp/sarg/IP.user_unsort
SARG: Making file: /tmp/sarg/IP
SARG: Sorting log /tmp/sarg/IP.user_unsort
SARG: Making file: /tmp/sarg/IP
SARG: Sorting log /tmp/sarg/IP.user_unsort
SARG: Making file: /tmp/sarg/IP
SARG: Sorting log /tmp/sarg/IP.user_unsort
SARG: Making file: /tmp/sarg/IP
SARG: Sorting log /tmp/sarg/IP.user_unsort
SARG: Making file: /tmp/sarg/IP
SARG: (info) Dansguardian report not produced because no dansguardian configuration file was provided
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Hour string too long in redirector log file /var/squidGuard/log/block.log
SARG: Hour string too long in redirector log file /var/squidGuard/log/block.log
SARG: Hour string too long in redirector log file /var/squidGuard/log/block.log
SARG: Hour string too long in redirector log file /var/squidGuard/log/block.log
SARG: Hour string too long in redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Reading redirector log file /var/squidGuard/log/block.log
SARG: Sorting file: /tmp/sarg/redirector.int_log
SARG: (info) No downloaded files to report
SARG: (info) Denied report not produced because it is empty
SARG: (info) Authentication failures report not produced because it is empty
SARG: (info) Redirector report not generated because it is empty
SARG: Sorting file: /tmp/sarg/IP.utmp
SARG: Making report: IP
SARG: Sorting file: /tmp/sarg/IP.utmp
SARG: Making report: IP7
SARG: Sorting file: /tmp/sarg/IP.utmp
SARG: Making report: IP
SARG: Sorting file: /tmp/sarg/IP.utmp
SARG: Making report: IP
SARG: Sorting file: /tmp/sarg/IP.utmp
SARG: Making report: IP
SARG: Sorting file: /tmp/sarg/IP.utmp
SARG: Making report: IP
SARG: Sorting file: /tmp/sarg/IP.utmp
SARG: Making report: IP
SARG: Sorting file: /tmp/sarg/IP.utmp
SARG: Making report: IP
SARG: Sorting file: /tmp/sarg/IP.utmp
SARG: Making report: IP
SARG: Sorting file: /tmp/sarg/IP.utmp
SARG: Making report: IP
SARG: Sorting file: /tmp/sarg/IP.utmp
SARG: Making report: IP
SARG: Making index.html
SARG: Successful report generated on /usr/local/sarg-reports/06Jan2016-06Jan2016
SARG: Purging temporary file sarg-general
SARG: End
    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy