Netgate SG-1000 microFirewall

Author Topic: Sarg package for pfsense  (Read 201572 times)

0 Members and 1 Guest are viewing this topic.

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 13408
  • Karma: +592/-7
    • View Profile
Sarg package for pfsense
« on: March 28, 2012, 11:58:04 pm »
Hi all,

I've just published sarg package for pfsense with squid,squidguard and dansguardian log Analysis as well real time report tab.

Squidguard functions are under devel yet but squid and dansguardians(as well as I tested) are working.

After almost everything done, I found an old sarg package published on forum by joaohf and merged some function calls from this old thread.

Another good point is that sarg is able to forward logs via email, so I'm planning to include it for nanobsd installs.

have fun and feedback!  :)

att,
Marcello Coutinho

Offline saxonbeta

  • Jr. Member
  • **
  • Posts: 37
  • Karma: +0/-0
    • View Profile
Re: Sarg package for pfsense
« Reply #1 on: March 29, 2012, 09:16:20 am »
Excelent, thank you for your time to develop this package. I will test it today. ;D


Cheers!!

Offline gwhynott

  • Jr. Member
  • **
  • Posts: 50
  • Karma: +0/-0
    • View Profile
Re: Sarg package for pfsense
« Reply #2 on: March 29, 2012, 10:01:22 am »
Another good point is that sarg is able to forward logs via email, so I'm planning to include it for nanobsd installs.

Hi Marcello,

   Great job!     Just wanted to ask about sending reports via email,  you say you plan to included it in the nanobsd builds,  will it also be included in the mainline?  (or should it be already?  i didn't see it.)

thanks and have a great day!
-g


Offline marcelloc

  • Hero Member
  • *****
  • Posts: 13408
  • Karma: +592/-7
    • View Profile
Re: Sarg package for pfsense
« Reply #3 on: March 29, 2012, 10:04:37 am »
I didn't coded it yet, it's just plans for next release.

Offline gwhynott

  • Jr. Member
  • **
  • Posts: 50
  • Karma: +0/-0
    • View Profile
Re: Sarg package for pfsense
« Reply #4 on: March 29, 2012, 10:05:30 am »
just some feed back,  i realize you are not finished..

when i click on 'real time' tab and attempt to view realtime reports,  I get a 404 - Not Found error at the bottom of the page.


-g

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 13408
  • Karma: +592/-7
    • View Profile
Re: Sarg package for pfsense
« Reply #5 on: March 29, 2012, 10:09:04 am »
what log did you selected on sarg settings?

squidguard features are not finished yet.  :(

Offline Cino

  • Hero Member
  • *****
  • Posts: 1516
  • Karma: +61/-2
    • View Profile
Re: Sarg package for pfsense
« Reply #6 on: March 29, 2012, 10:11:56 am »
great job marcelloc!!

Noticed a few things:

1: squid on my box is use path /var/squid/log, not /var/squid/logs.. Not sure why... but i corrected the path.. Think its because lightsquid was looking for /var/squid/log and the field for log location was removed from that package

2: there is no index page for reports... I reinstalled the package and binay... Now I get "php: /pkg_edit.php: The command '/usr/local/bin/sarg ' returned exit code '1', the output was 'SARG: Cannot set the locale LC_ALL to the environment variable'"

3: realtime doesn't work, 404 - Not Found



Offline gwhynott

  • Jr. Member
  • **
  • Posts: 50
  • Karma: +0/-0
    • View Profile
Re: Sarg package for pfsense
« Reply #7 on: March 29, 2012, 10:16:35 am »
what log did you selected on sarg settings?

squidguard features are not finished yet.  :(

it is squid I'm using Marcello,  here is my config should it help you out.   anything else you would like to see/try let me know.  

[2.0.1-RELEASE][root@gw-master.foobar.com]/usr/local/etc/sarg(11): cat sarg.conf | sed -e '/^#/d' -e '/^$/d'
access_log /var/squid/logs/access.log
graphs yes
output_dir /usr/local/www/sarg-reports
anonymous_output_files no
resolve_ip no
user_ip no
topuser_sort_field BYTES NORMAL
user_sort_field BYTES NORMAL
exclude_users /usr/local/etc/sarg/exclude_users.conf
remove_temp_files yes
index yes
index_tree date
overwrite_report yes
use_comma yes
report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
usertab
long_url no
charset UTF-8
privacy no
dansguardian_conf
squidguard_conf
www_document_root /usr/local/www
realtime_refresh_time 0
realtime_types GET,PUT,CONNECT
realtime_unauthenticated_records show


-g

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 13408
  • Karma: +592/-7
    • View Profile
Re: Sarg package for pfsense
« Reply #8 on: March 29, 2012, 10:22:21 am »
Thanks cino and gwhynott for your feedback.

The realtime error is a missing file I've forgot to publish.

I'll do it today and also check better squid log option.

try to select both index options on sarg gui to see if it generate files correctly.
« Last Edit: March 29, 2012, 10:28:20 am by marcelloc »

Offline gwhynott

  • Jr. Member
  • **
  • Posts: 50
  • Karma: +0/-0
    • View Profile
Re: Sarg package for pfsense
« Reply #9 on: March 29, 2012, 10:27:52 am »

1: squid on my box is use path /var/squid/log, not /var/squid/logs.. Not sure why...

lightsquid did that.  I think the package maintainer for lightsquid has since corrected it.   I created a sym link so both locations work, try to keep everyone happy.  8)

-g

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 13408
  • Karma: +592/-7
    • View Profile
Re: Sarg package for pfsense
« Reply #10 on: March 29, 2012, 10:29:23 am »
lightsquid did that.  I think the package maintainer for lightsquid has since corrected it.   I created a sym link so both locations work, try to keep everyone happy.  8)

Thanks for the note, I'll try to read it from squid xml info.

Offline Cino

  • Hero Member
  • *****
  • Posts: 1516
  • Karma: +61/-2
    • View Profile
Re: Sarg package for pfsense
« Reply #11 on: March 29, 2012, 10:33:05 am »
Thanks cino and gwhynott for your feedback.

The realtime error is a missing file I've forgot to publish.

I'll do it today and also check better squid log option.

try to select both index options on sarg gui to see if it generate files correctly.

thanks for quick reply!  I couldn't Force Update Now but manually running the cron job '/usr/local/bin/php /usr/local/www/sarg.php 0' seem to create the pages.. I'll wait an hour and see what happens

Have to tweak some things now ;-) I like the idea you included commands to run after to rotate the logs... have to play around with this...


Offline Cino

  • Hero Member
  • *****
  • Posts: 1516
  • Karma: +61/-2
    • View Profile
Re: Sarg package for pfsense
« Reply #12 on: March 29, 2012, 10:33:28 am »

1: squid on my box is use path /var/squid/log, not /var/squid/logs.. Not sure why...

lightsquid did that.  I think the package maintainer for lightsquid has since corrected it.   I created a sym link so both locations work, try to keep everyone happy.  8)

-g

good to know! I may create a link myself

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 13408
  • Karma: +592/-7
    • View Profile
Re: Sarg package for pfsense
« Reply #13 on: March 29, 2012, 02:26:57 pm »
I've published missing file.  :)
« Last Edit: March 29, 2012, 03:21:45 pm by marcelloc »

Offline Cino

  • Hero Member
  • *****
  • Posts: 1516
  • Karma: +61/-2
    • View Profile
Re: Sarg package for pfsense
« Reply #14 on: March 29, 2012, 03:15:46 pm »
I should had just copied the file over... Some reason now, sarg.conf isn't updating. File is blank about package re-install

I need to do more testing. remove package, reboot box and install it again

edit: i manually created the sarg.conf file.... the realtime page doesn't return data but 'sarg -r' from the cmdline does
« Last Edit: March 29, 2012, 03:20:59 pm by Cino »