SARG (Squid Analysis Report Generator) is a tool that allow you to view “where” your users are going to on the Internet.
Sarg it self, provide to end user a generic interface to create reports based on squid access log (begin of log to current date).
sarg-reports (this script) is useful because it allow you to easily create and manage Daily, Weekly and Monthly reports.
Using sarg-reports is very easy, read the following steps to know how to installing and configuring this tools:
a) An unix system with bash shell (like GNU/Linux, FreeBSD, etc…)
b) Squid – http://www.squid-cache.org
c) Sarg – http://sarg.sourceforge.net/
d) Apche web server – http://www.apache.org/
1. Download the package from here.
2. Unzip the package by following command.
3. This is the RPM package, so I can install the package easily, I use the following command.
# rpm -ivh sarg-2.2.5-1.el5.rfi386.rpm
4. Edit configuration file as shown bellow
# vim /etc/sarg/sarg.conf
This is my configuration file, of course you can change it like you want
access_log /var/log/squid/access.log graphs yes graph_days_bytes_bar_color orange title "Squid User Access Reports" output_dir /var/www/htdocs/sarg resolve_ip no topuser_sort_field BYTES reverse user_sort_field BYTES reverse lastlog 3 remove_temp_files yes index yes overwrite_report yes topsites_num 100 topsites_sort_order CONNECT D index_sort_order D max_elapsed 28800000 report_type topsites sites_users users_sites date_time denied auth_failures site_user_time_date show_successful_message yes show_read_statistics yes topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE user_report_fields CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE topuser_num 0 show_sarg_logo yes
6. To Generate the log report, simply run the command
#sarg - l /var/log/squid/access.log
The reports will be saved in /var/www/sarg/ONE-SHOT directory
To generate the log report by the cron job you can make entry in “/etc/crontab” file
00 23 * * * root /usr/bin/sarg
It will generate the log report every day at 11.00 P.M
You can also see all command line switches by following command
7. Example To generate report by manually :
#sarg -l /var/log/squid/access.log -o /var/www/sarg/daily -z -d 21/06/2009
It will generate the log report date 21/6/2009 into /var/www/sarg/daily directory
If you want log report from 21/06/2009 to 28/06/2009 then run this command
#sarg -l /var/log/squid/access.log -o /var/www/sarg/ONE-SHOT -z -d 21/06/2009-28/06/2009
8. To view the log report generated by sarg start httpd service
And browes url “http://ip_of_linux box/sarg” eg.
make sure that apache is working and publish squidlogs..
If you want apache ask password to allow sarg report you can configure .htaccess file and .htpassword.