Pesquisar neste blog

segunda-feira, 30 de setembro de 2013

SARG on CentOS 6

Usually, it's pretty hard to analyze information from the squid log file. For example, I don't know how to analyze date or number of hits from /var/log/squid/access.log. If someone needs to analyze which websites are being accessed from the network, SARG may be a very good tool. SARG, or Squid Analysis Report Generator ( analyzes the log, and generates a web based table where one can easily analyze proxy traffic.

Although SARG can be installed using YUM, I have faced problems with CentOS 6. So, I went for tarball installation instead. And believe, it's really easy unlike many tarball installtions.

So, let's start:
[root@busy-bee2 ~]# yum install gcc make wget httpd
[root@busy-bee2 ~]# wget

[root@busy-bee2 ~]# tar zxvf sarg-2.3.1.tar.gz
[root@busy-bee2 ~]# cd sarg-2.3.1
[root@busy-bee2 ~]# ./configure
[root@busy-bee2 ~]# make
[root@busy-bee2 ~]# make install

Time to modify the conf file 
[root@busy-bee2 ~]# vim /usr/local/etc/sarg.conf

There are a lot of options, and it is always recommended to go through them. However, we'll be editing only the ones that we need.

#### sarg.conf####
access_log /var/log/squid/access.log
date_format e     ## since here we use date format DD-MM-YYYY
overwrite_report yes     ## because I don't want multiple sarg reports for the same day
output_dir /var/www/html/squid-reports

Time for a test run
[root@busy-bee2 ~]# sarg -x

We have used to the "-x" parameter for to view detail information on the run (used for debugging). If all goes well, there should be a report generated at/var/www/html/squid-reports directory which can be accessed from the web browser using the address http://IP/squid-reports

Sarg in Browser

Now, we'd be adding a scheduled task to run SARG at 02:30 everyday.

[root@busy-bee2 ~]# crontab -e

30 2 * * * sarg

[root@busy-bee2 ~]# service crond restart
[root@busy-bee2 ~]# chkconfig crond on

If there is problem viewing the SARG page, here are a few tips:
  1. Check whether the Firewall is blocking (iptables)
  2. Check if there is a file /etc/httpd/conf.d/sarg.conf. There is a line "allow from". Modify it to suit your needs.
  3. Verify  that there is directory "/var/www/html/squid-reports"

Nenhum comentário: