How to Install and Configure SARG

Posted by — February 18, 2012 in Uncategorized Leave a reply

SARG (Squid Analysis Report Generator) is a tool that allow you to view “where” your users are going to on the Internet.
Sarg it self, provide to end user a generic interface to create reports based on squid access log (begin of log to current date).
sarg-reports (this script) is useful because it allow you to easily create and manage Daily, Weekly and Monthly reports.
Using sarg-reports is very easy, read the following steps to know how to installing and configuring this tools:

Requirements
a) An unix system with bash shell (like GNU/Linux, FreeBSD, etc…)
b) Squid – http://www.squid-cache.org
c) Sarg – http://sarg.sourceforge.net/
d) Apche web server – http://www.apache.org/

1. Download the package from here.

2. Unzip the package by following command.

#unzip sarg-2.2.5-1.el5.rf.i386.zip

3. This is the RPM package, so I can install the package easily, I use the following command.

# rpm -ivh sarg-2.2.5-1.el5.rfi386.rpm

4. Edit configuration file as shown bellow

# vim /etc/sarg/sarg.conf

This is my configuration file, of course you can change it like you want

access_log /var/log/squid/access.log
graphs yes
graph_days_bytes_bar_color orange
title "Squid User Access Reports"
output_dir /var/www/htdocs/sarg
resolve_ip no
topuser_sort_field BYTES reverse
user_sort_field BYTES reverse
lastlog 3
remove_temp_files yes
index yes
overwrite_report yes
topsites_num 100
topsites_sort_order CONNECT D
index_sort_order D
max_elapsed 28800000
report_type topsites sites_users users_sites date_time denied auth_failures site_user_time_date
show_successful_message yes
show_read_statistics yes
topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
user_report_fields CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
topuser_num 0
show_sarg_logo yes

6. To Generate the log report, simply run the command

#sarg - l /var/log/squid/access.log

The reports will be saved in /var/www/sarg/ONE-SHOT directory

To generate the log report by the cron job you can make entry in “/etc/crontab” file

00 23 * * * root /usr/bin/sarg

It will generate the log report every day at 11.00 P.M

You can also see all command line switches by following command

#sarg -h

7. Example To generate report by manually :

#sarg -l /var/log/squid/access.log -o /var/www/sarg/daily -z -d 21/06/2009

It will generate the log report date 21/6/2009 into /var/www/sarg/daily directory

If you want log report from 21/06/2009 to 28/06/2009 then run this command

#sarg -l /var/log/squid/access.log -o /var/www/sarg/ONE-SHOT -z -d 21/06/2009-28/06/2009

8. To view the log report generated by sarg start httpd service

/etc/init.d/httpd start

And browes url “http://ip_of_linux box/sarg” eg.

http://10.0.0.1/sarg

make sure that apache is working and publish squidlogs..

If you want apache ask password to allow sarg report you can configure .htaccess file and .htpassword.

Source: http://sarg.sourceforge.net/

You May Also Like

LAMP INSTALLATION WITH CONFIGURATION ON CENTOSE 5.3

How to Install BANDWIDTHD…

Snort is an open source Network Intrusion Detection System

Leave a Reply

Your email address will not be published. Required fields are marked *