We Recommend:

Debian GNU/Linux

CENTOS Linux
The next version of Ubuntu is coming soon

SARG – Monitor your squid server

Number of View: 17374

Squid Analysis Report Generator (SARG) is a Squid proxy log analysis tool for Linux. Sarg provides web based logfile analysis and divides traffic based on IP address. Traffic is then categorized by web site visited, traffic volume, and other useful statistics. It enables you to see your Squid users internet usage. SARG provides many statistics and informations about Squid users activities like times, bytes, sites, etc.

The Squid Analysis Report Generator (SARG) enables you to see your Squid users internet usage. SARG provides many informations about Squid
users activities like times, bytes, sites, etc. This article will show you how to use SARG through Webmin, a web-based interface for administering Linux.

You can install SARG on Redhat bases systems eg. CenOS, Rehat Ent. Linux and also on Debian based system Eg. Ubuntu.

First of  all I will install on the CentOS

Step 1: Add repositories on the System

If you are using fresh linux system then system doesn’t have any extra repositries to serve SARG. so we will install extra repsitory name RPMFORGE.

(1) Open web browser on your system and go to go to http://dag.wieers.com/rpm/FAQ.php#B2. Click on the package

       appropriate for your version of Red Hat Enterprise Linux or CentOS.

(2) Choose Open with Software Installer (default) and click Ok.

 

(3) The Installing packages window will appear. Click Apply to proceed.

 

a>

 

(4) Finally click Ok.

 

 

 

We have installed the new repository but there is one issue that when we will install the new packages and the priority of this repostiry will hingh then it will upgrade the bases packages provided by the RHEL/ CentOS.

Next step is that Lowering the RPMforge priority

(1)Install the Yum priorities package using the command below

yum install yum-priorities

Edit the file /etc/yum.repos.d/rpmforge.repo and add the line below.

 

src="http://hindicbts.com/wp-content/uploads/edit-rpmforge-repo1.png" alt="" width="500" height="375" />

priority=10
Test your configuration using the command below. You should see a priority protection smessage in the output.

yum check-update

 

Step 2: Install Sarg

From a terminal window, type in the command below to install SARG.

yum install sarg


If you love command line then you
can do all the things by the command prompt, if you are
new then you can use webmin for graphically / GUI access of your computer configuration

Step 3: Install Webmin

(1) Go to www.webmin.comand download the Webmin RPM package.

(2) Double click the downloaded file to install Webmin.
or you can installed the package by the command line by the help of rpm command

n


# rpm -ivh <webminpackagename.rpm>
before accessing the wemin interface confirm that you have already installed the httpd package and service is running.
if installed its good but if you don’t have any httpd package on your system then you can install the pakage by the help of yum

# yum -y install httpd
then start the service
# service httpd start
(3) From a web browser, connect to https://localhost:10000 and login using root.
(4) That’s it. It’s working.

Step 4: Edit SARG configuration file as per your need

Click Un-used modules in the side bar. Next click Squid Report Generator. We need to configure SARG so click module configuration.

Change the value of Full path to SARG configuration file to /etc/sarg/sarg.conf then click the Save.

 

 

Sarg configuration file

Please change the configuration in accordance with Uncomment the following :
# sarg.conf
 language English
# TAG: access_log file
 access_log /var/log/squid/access.log
# TAG: graphs yes|no
 graphs yes
 graph_days_bytes_bar_color orange
# TAG: title
 title "Squid User Access Reports"
# TAG: font_face
 font_face Tahoma,Verdana,Arial
# TAG: header_color
 header_color darkblue
# TAG: header_bgcolor
 header_bgcolor blanchedalmond
# TAG: font_size
 font_size 9px
# TAG: background_color
 background_color white
# TAG: text_color
 text_color #000000
# TAG: text_bgcolor
 text_bgcolor lavender
# TAG: title_color
 title_color green
# TAG: temporary_dir
r
 temporary_dir /tmp
# TAG: output_dir
 #output_dir /var/www/html/squid-reports
 output_dir /var/www/squid-reports
# TAG: resolve_ip yes/no
 resolve_ip
# TAG: user_ip yes/no
 user_ip no
# TAG: topuser_sort_field field normal/reverse
 topuser_sort_field BYTES reverse
# TAG: user_sort_field field normal/reverse
 user_sort_field BYTES reverse
# TAG: exclude_users file
 exclude_users /etc/squid/sarg.users
# TAG: exclude_hosts file
 exclude_hosts /etc/squid/sarg.hosts
# TAG: date_format
 date_format u
# TAG: lastlog n
 lastlog 0
# TAG: remove_temp_files yes
 remove_temp_files yes
# TAG: index yes|no|only
 index yes
# TAG: index_tree date|file
 index_tree file
# TAG: overwrite_report yes|no
 overwrite_report yes
# TAG: records_without_userid ignore|ip|everybody
 records_
without_userid ip
# TAG: use_comma no|yes
 use_comma yes
# TAG: mail_utility mail|mailx
 mail_utility mailx
# TAG: topsites_num n
 topsites_num 100
# TAG: topsites_sort_order CONNECT|BYTES A|D
 topsites_sort_order CONNECT D
# TAG: index_sort_order A/D
 index_sort_order D
# TAG: exclude_codes file
 exclude_codes /etc/squid/sarg.exclude_codes
# TAG: max_elapsed milliseconds
 max_elapsed 28800000
# TAG: report_type type
 #report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
 report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
# TAG: usertab filename
 usertab /etc/squid/sarg.usertab
# TAG: long_url yes|no
 long_url no
# TAG: date_time_by bytes|elap
 date_time_by bytes
# TAG: charset name
n charset Latin1
# TAG: show_successful_message yes|no
 show_successful_message yes
# TAG: show_read_statistics yes|no
 show_read_statistics yes
# TAG: topuser_fields
 topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
# TAG: user_report_fields
 user_report_fields CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
# TAG: topuser_num n
 topuser_num 0
# TAG: site_user_time_date_type list|table
 site_user_time_date_type table
# TAG: external_css_file path
 download_suffix "zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,mp3,avi,mpg,mpeg"

if you are not so much familiar with configuration file then you can use below configuration file
delete the all contents of the file 
and paste new contents
# sarg.conf
language English
access_log /var/log/squid/access.log
graphs yes
graph_days_bytes_bar_color orange
title "My Squid User Access Reports"
font_face Tahoma,Verdana,Arial
header_color darkblue
header_bgcolor blanchedalmond
font_size 12px
background_color white
text_color #000000
text_bgcolor lavender
title_color green
temporary_dir /tmp
output_dir /var/www/html/sarg
resolve_ip
user_ip yes
topuser_sort_field BYTES reverse
user_sort_field BYTES reverse
date_format u
lastlog 0
remove_temp_files yes
index yes
index_tree file
overwrite_report yes
records_without_userid ip
use_comma yes
mail_utility mailx
topsites_num 50
topsites_sort_order CONNECT D
index_sort_order D
max_elapsed 28800000
exclude_codes /etc/sarg/exclude_codes
report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
usertab /
etc/sarg/usertab
long_url no
date_time_by bytes
charset Latin1
show_successful_message yes
show_read_statistics yes
topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
user_report_fields CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
topuser_num 0
site_user_time_date_type table
download_suffix "zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,mp3,avi,mpg,mpeg"
 create a directory for reports
# mkdir /var/www/html/sarg

Step 5: Generate Reports

Now you can generate reports by the command line

# sarg

or you can use webmin to generate reports

1. To generate a report, click the Generate Report Now button.

 

2. Next, click View completed report.

 

4. Review the generated report.

 

Report in order to generate automatically by the system in the crontab made the following settings :

00 00 * * * /usr/sbin/sarg-report-daily
n00 01 * * 1 /usr/sbin/sarg-report-weekly
03 02 1 * * /usr/sbin/sarg-report-monthly
Then restart cron with command :

root@serversignature:~# /etc/init.d/cron restart

Finally finished already SARG installation on ubuntu and to see the results please go to the http://ip_address_server/squid-reports/daily to see the log daily sarg, http://ip_address_server/squid-reports/weekly to see the log weekly sarg and http://ip_address_server/squid-reports/monthly to see the log monthly sarg.

 

Now  I will install on UBUNTU then test it.

Step 1: Install SARG

r

apt-get install sarg

After SARG installed, we need to modify some options in sarg.conf.
Issue the following command.

nano /etc/squid/sarg.conf

Step 2: Edit Configuration file

Now remove all lines and paste following lines in this file.

# sarg.conf
language English
access_log /var/log/squid/access.log
graphs yes
graph_days_bytes_bar_color orange
title "My Squid User Access Reports"
font_face Tahoma,Verdana,Arial
header_color darkblue
header_bgcolor blanchedalmond
font_size 9px
background_color white
text_color #000000
text_bgcolor lavender
title_color green
temporary_dir /tmp
output_dir /var/www/sarg
resolve_ip
user_ip yes
topuser_sort_field BYTES reverse
user_sort_field BYTES reverse
date_format u
lastlog 0
remove_temp_files yes
index yes
index_tree file
overwrite_report yes
records_without_userid ip
use_comma yes
mail_utility mailx
ntopsites_num 50
topsites_sort_order CONNECT D
index_sort_order D
max_elapsed 28800000
exclude_codes /etc/sarg/exclude_codes
report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
usertab /etc/sarg/usertab
long_url no
date_time_by bytes
charset Latin1
show_successful_message yes
show_read_statistics yes
topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
user_report_fields CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
topuser_num 0
site_user_time_date_type table
download_suffix "zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,mp3,avi,mpg,mpeg"

Now save and exit.
Don’t forget to Create a dir Where SARG will create reports in /var/www/sarg
(You can change output dir syntax in sarg.conf)

mkdir /var/www/sarg

Step 3: Genetare your reports

To
run sarg, use the following command

root@zaib-desktop:~# sarg

This will produce reports in /var/www/sarg , and to run sarg daily automatically , we can add the following syntax in /etc/crontab :

Step 5: Schedule you tasks

# crontab -e

– By pressing the letter i, Please insert : –

00 00 * * *  /usr/sbin/sarg-reports today

Save and Exit.

Now open your browser and point to your proxy ip/sarg (Change the ip according to your setup)

http://x.x.x./sarg/

3 comments to SARG – Monitor your squid server

Leave a Reply

  

  

  

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>