Pesquisar neste blog

segunda-feira, 30 de setembro de 2013

SARG on CentOS 6

Usually, it's pretty hard to analyze information from the squid log file. For example, I don't know how to analyze date or number of hits from /var/log/squid/access.log. If someone needs to analyze which websites are being accessed from the network, SARG may be a very good tool. SARG, or Squid Analysis Report Generator ( analyzes the log, and generates a web based table where one can easily analyze proxy traffic.

Although SARG can be installed using YUM, I have faced problems with CentOS 6. So, I went for tarball installation instead. And believe, it's really easy unlike many tarball installtions.

So, let's start:
[root@busy-bee2 ~]# yum install gcc make wget httpd
[root@busy-bee2 ~]# wget

[root@busy-bee2 ~]# tar zxvf sarg-2.3.1.tar.gz
[root@busy-bee2 ~]# cd sarg-2.3.1
[root@busy-bee2 ~]# ./configure
[root@busy-bee2 ~]# make
[root@busy-bee2 ~]# make install

Time to modify the conf file 
[root@busy-bee2 ~]# vim /usr/local/etc/sarg.conf

There are a lot of options, and it is always recommended to go through them. However, we'll be editing only the ones that we need.

#### sarg.conf####
access_log /var/log/squid/access.log
date_format e     ## since here we use date format DD-MM-YYYY
overwrite_report yes     ## because I don't want multiple sarg reports for the same day
output_dir /var/www/html/squid-reports

Time for a test run
[root@busy-bee2 ~]# sarg -x

We have used to the "-x" parameter for to view detail information on the run (used for debugging). If all goes well, there should be a report generated at/var/www/html/squid-reports directory which can be accessed from the web browser using the address http://IP/squid-reports

Sarg in Browser

Now, we'd be adding a scheduled task to run SARG at 02:30 everyday.

[root@busy-bee2 ~]# crontab -e

30 2 * * * sarg

[root@busy-bee2 ~]# service crond restart
[root@busy-bee2 ~]# chkconfig crond on

If there is problem viewing the SARG page, here are a few tips:
  1. Check whether the Firewall is blocking (iptables)
  2. Check if there is a file /etc/httpd/conf.d/sarg.conf. There is a line "allow from". Modify it to suit your needs.
  3. Verify  that there is directory "/var/www/html/squid-reports"

segunda-feira, 2 de setembro de 2013

How to disable the Zimbra virus scanner from blocking encrypted archives and files

If you receive this message from your Zimbra server, then it is likely that an encrypted PDF or ZIP has been quarantined simply because the Zimbra virus scanner could not examine the contents of the file.
Our content checker found
virus: Heuristics.Encrypted.PDF
This feature can be disabled, so that encrypted archives will pass the virus scanner. However, this does not mean that you are now vulnerable to viruses. Since the virus scanner has a database of signatures for viruses and malware, so should still be able to catch real security threats.
To disable the blocking of encrypted archives by Zimbra anti-virus scanner, perform these steps in the Zimbra Web Admin console.