Sunday, December 20, 2009

SARG - Squid/Dansguardian Proxy Reporting

I recently setup SARG to provide Proxy reporting.  This has proven to be a beneficial reporting tool.  The notes that follow are specific to a Debian installation.  I would normally have used apt-get or .deb file, but there were problems with ver. 2.2.5 which is the only version available from Debian.  I have since chosen to use the source for ver. 2.2.6

NOTES:

Ensure that Dansguardian (dansguardian.conf) is logging in squid format, otherwise you will not be able to use the dansguardian access.log

I am installing from source with the following:


1)  For Debian installation, I found you must change the version of
gcc from 4.1 to 4.3 otherwise you will get an error when running the
./configure.  I searched and found someone with the a similar error
trying to install on centos.  There maybe a better answer, but this
was my solution.

cd /usr/bin
rm gcc
ln -s gcc-4.3 gcc

For systems running vmware, this most likely needs to be changed back once SARG is installed.

2)  ./configure --bindir=/usr/bin --enable-htmldir=/var/www/ --sysconfdir=/etc

3) Configure SARG.  The configuration below was a good starting point.  The configuration file has many other configuration options as well as good documentation of the various settings.

vi /etc/sarg.conf

access_log /var/log/dansguardian/access.log

graphs yes
graph_days_bytes_bar_color orange
title "Your Company Name - Proxy User Access Reports"
output_dir /var/www/squid-reports
user_ip yes
date_format u
index yes
index_tree file
overwrite_report no
topsites_num 100
report_type topusers topsites sites_users users_sites date_time denied
auth_failures site_user_time_date downloads
long_url yes
show_successful_message yes
show_read_statistics yes
topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT
USED_TIME MILISEC %TIME TOTAL AVERAGE
user_report_fields CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC
%TIME TOTAL AVERAGE
show_sarg_info no
www_document_root /var/www/

4) Simply run "/usr/bin/sarg" or cron it to generate the report @
/var/www/squid-reports/


5) Configure your favorite web server.  I choose to use Mathopd for circumstances like these but Apache is another obvious choice.

No comments: