Syed Jahanzaib Personal Blog to Share Knowledge !

October 21, 2011

Howto Install SARG (Squid Analysis Report Generator) in Ubuntu

Filed under: Linux Related — Tags: , , , , — Syed Jahanzaib / Pinochio~:) @ 11:36 AM

Squid Analysis Report Generator (SARG) is a Squid proxy log analysis tool for Linux. SARG provides web based logfile analysis and divides traffic based on IP address. Traffic is then categorized by web site visited, traffic volume, and other useful statistics. It enables you to see your Squid users internet usage. SARG provides many statistics and informations about Squid users activities like times, bytes, sites, etc.

Installation in Ubuntu is relatively straight forward with a couple of commands

apt-get install sarg

After SARG installed, we need to modify some options in sarg.conf.
Issue the following command.

nano /etc/squid/sarg.conf

Now remove all lines and paste following lines in this file.

# sarg.conf
language English
access_log /var/log/squid/access.log
graphs yes
graph_days_bytes_bar_color orange
title "My Squid User Access Reports"
font_face Tahoma,Verdana,Arial
header_color darkblue
header_bgcolor blanchedalmond
font_size 9px
background_color white
text_color #000000
text_bgcolor lavender
title_color green
temporary_dir /tmp
output_dir /var/www/sarg
user_ip yes
topuser_sort_field BYTES reverse
user_sort_field BYTES reverse
date_format u
lastlog 0
remove_temp_files yes
index yes
index_tree file
overwrite_report yes
records_without_userid ip
use_comma yes
mail_utility mailx
topsites_num 50
topsites_sort_order CONNECT D
index_sort_order D
max_elapsed 28800000
exclude_codes /etc/squid/sarg.exclude_codes
report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
usertab /etc/squid/sarg.usertab
long_url no
date_time_by bytes
charset Latin1
show_successful_message yes
show_read_statistics yes
topuser_num 0
site_user_time_date_type table
download_suffix "zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,mp3,avi,mpg,mpeg"

Now save and exit.
Don’t forget to Create a dir Where SARG will create reports in /var/www/sarg
(You can change output dir syntax in sarg.conf)

mkdir /var/www/sarg

To run sarg, use the following command

/usr/sbin/sarg-reports daily

This will produce reports in /var/www/sarg , and to run sarg daily automatically , we can add the following syntax in /etc/crontab :

root@zaib-desktop:~# crontab -e

Now paste the following entry here at the end : –

@daily /usr/sbin/sarg-reports daily

Save and Exit.

Now open your browser and point to your proxy ip/sarg (Change the ip according to your setup)

Some sample results.

More samples can be viewed at




  1. According to your instruction i installed SARG properly …. but i received following meassage

    SARG: Unknown option site_user_time_date_type table

    My operating system is Ubuntu server 10.4 64 bit

    Any suggestion…?
    Thanks for nice tutorial.

    Comment by Hasan — January 18, 2012 @ 11:12 AM

    • Possibly its typing mistake or it might not b pasting properly. look for its syntax on the sarg manual.
      Or try removing tags that are hi lighting.

      Comment by Syed Jahanzaib / Pinochio~:) — January 18, 2012 @ 11:17 AM

      • same problem here

        Comment by Farhan — April 26, 2012 @ 3:57 PM

      • same problem its not properly work

        Comment by sohailjadoon — August 11, 2013 @ 10:38 AM

    • how access user ID logs in sarg report

      Comment by Deepak — April 30, 2015 @ 2:54 PM

  2. Same Error i am also getting

    SARG: Unknown option site_user_time_date_type table

    Comment by salman — June 9, 2012 @ 6:50 PM

  3. that syntax not necessary to use🙂
    then it still working fine

    Comment by Rachmadona Sebayang — December 25, 2012 @ 8:24 PM

  4. Hi Thanks!!!!!! The first site after many! who helped me getting my squid/sarg working! Just a few questions if I may:
    1. I also hjave dansguardian installed. If I change the access_log to /var/log/dansguardian/access/log, running sarg command reports unknown option. THis does not happen if I change the access_log back to squid. How do I get the dansguardian access.log reported?
    2. Mine also says site_user_table_date_type table is an unknow option but works if I disable it.
    3. And lasstly, my report shows all ip addresses as How do I get the real ip of the pc reported?


    Comment by ekkedink — May 15, 2013 @ 12:31 AM

  5. A.S im new to squid.. right now im trying to install and configure sarg, i just wanted to know that should i remove all the data that is in sarg.conf? and paste the following that you have posted? please help.i dont want to mess up my configuration.ill be very thankful to you.

    Comment by hassaan — September 4, 2013 @ 11:18 AM

    • yes.
      but whatever you make any changes, always make backup of current/old config files first. so just in case any mess, you can recover things.

      Comment by Syed Jahanzaib / Pinochio~:) — September 4, 2013 @ 1:19 PM

      • here is an example,what is in sarg.conf

        “nano /etc/sarg/sarg.conf
        root@raabtaproxy:/etc/sarg# cat sarg.conf
        # sarg.conf
        # TAG: access_log file
        # Where is the access.log file
        # sarg -l file
        access_log /var/log/squid3/access.log

        # TAG: graphs yes|no
        # Use graphics where is possible.
        # graph_days_bytes_bar_color blue|green|yellow|orange|brown|red
        graphs yes
        graph_days_bytes_bar_color orange

        # TAG: graph_font
        # The full path to the TTF font file to use to create the graphs. It is required
        # if graphs is set to yes.
        #graph_font /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf”

        so on and so forth..its a large config file,with alot of data. should i delete all the way to the end and then paste yours?? im hesitating a little bit thats why im asking for assurity again. and should i paste the exact same way or i need to create space between lines?

        Comment by hassaan — September 4, 2013 @ 2:31 PM

  6. i pasted ur file ,then when i tried to run sarg it gave me an error

    “SARG:Uknown option language English
    SARG: Uknown option site_user_time_date_type table
    SARG: (util) Cannot open file /etc/squid/sarg.exclude_codes (exclude_codes)

    Comment by hassaan — September 4, 2013 @ 4:08 PM

  7. make sure to make changes according to the directories of your squid version.

    squid 2.x and its directories installed in /etc/squid/

    squid 3.x and its directories installed in /etc/squid3/

    Comment by Umer Sarwar — October 23, 2013 @ 1:30 AM

  8. yeah! finally I got success for operating my sarg after followed this article
    thx a lot mister (^^,)\

    Comment by Susan AndiaNdthie — November 11, 2013 @ 8:53 PM

  9. Dear Sir,

    Everything OK except monthly report . If you have any point please le me know.
    Other thing I want display username in the reports in addition to IP which i pass using LDAP server
    please help me.

    Comment by Buddhika(Sri Lanka) — December 23, 2013 @ 12:14 PM

  10. Hi
    I have successfully installed the SARG and its working perfectly after installing apache2. Thank you for the configuration.

    Now is it possible to put password on SARG reports webpage interface so that person with username & password could only view the reports?
    How can i do that? any link or directions?

    Comment by Umer Sarwar — January 8, 2014 @ 6:26 PM

  11. Reblogged this on Henri Sekeladi – Sebuah Catatan Perjalanan and commented:
    Add your thoughts here… (optional)

    Comment by rihend — January 29, 2014 @ 5:39 PM

  12. Syed Jahanzaib , Anybody can access sarg reports from web browser. How can we pa
    ssword protect SARG reports, please reply

    Comment by Usman Khalid — March 4, 2014 @ 8:25 PM

      • SYED SAHIB,
        thanks for the link , let me try this. Let me ask you a question which is not related to SARG.
        eth0= is LAN ( interface
        eth1= is PUBLIC/INTERNET/DSL interface with Default GW (DSL router’s address)

        IP Forwarding is enabled/
        Following IP TABLES rule for MASQUERADING is set

        sudo iptables -t nat -A POSTROUTING -o eth1

        It works fine, a confusing question is in my mind

        I have told my Linux Machine to Masquerade traffic on eth1 (dsl / public interface) why it is not necessary to tell my linux machine to masquerade traffic coming from eth1 because traffic coming from eth1 is also from different network which is in this case internet.

        From my LAN , when is requested , the destination port of traffic generated from my LAN is port 80, When I receive Google’s web page on my LAN , will you please tell me what is the destination port that traffic sent to my LAN by Google’s server placed on the internet.

        LAN web traffic request for is on destination port 80 —————-> internet (google’s server)

        LAN <————— internet (google's server reply to my request ) on what destination port (?)

        Comment by Usman Khalid — March 9, 2014 @ 3:31 AM

  13. […] Cara Install SARG di Ubuntu […]

    Pingback by SARG Squid Analysis Report Generator - — February 12, 2016 @ 7:30 AM

  14. A.O.A sir very nice post may Allah bless you . sir if we use these steps in centos and rhel then all steps will be same or different guide us please thanks.

    Comment by Ali Shan — May 27, 2016 @ 6:24 PM

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at

%d bloggers like this: