Squid Analysis Report Generator (SARG) is a Squid proxy log analysis tool for Linux. SARG provides web based logfile analysis and divides traffic based on IP address. Traffic is then categorized by web site visited, traffic volume, and other useful statistics. It enables you to see your Squid users internet usage. SARG provides many statistics and informations about Squid users activities like times, bytes, sites, etc.
Installation in Ubuntu is relatively straight forward with a couple of commands
apt-get install sarg
After SARG installed, we need to modify some options in sarg.conf.
Issue the following command.
nano /etc/squid/sarg.conf
Now remove all lines and paste following lines in this file.
# sarg.conf language English access_log /var/log/squid/access.log graphs yes graph_days_bytes_bar_color orange title "My Squid User Access Reports" font_face Tahoma,Verdana,Arial header_color darkblue header_bgcolor blanchedalmond font_size 9px background_color white text_color #000000 text_bgcolor lavender title_color green temporary_dir /tmp output_dir /var/www/sarg resolve_ip user_ip yes topuser_sort_field BYTES reverse user_sort_field BYTES reverse date_format u lastlog 0 remove_temp_files yes index yes index_tree file overwrite_report yes records_without_userid ip use_comma yes mail_utility mailx topsites_num 50 topsites_sort_order CONNECT D index_sort_order D max_elapsed 28800000 exclude_codes /etc/squid/sarg.exclude_codes report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads usertab /etc/squid/sarg.usertab long_url no date_time_by bytes charset Latin1 show_successful_message yes show_read_statistics yes topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE user_report_fields CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE topuser_num 0 site_user_time_date_type table download_suffix "zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,mp3,avi,mpg,mpeg"
Now save and exit.
Don’t forget to Create a dir Where SARG will create reports in /var/www/sarg
(You can change output dir syntax in sarg.conf)
mkdir /var/www/sarg
To run sarg, use the following command
sarg /usr/sbin/sarg-reports daily
This will produce reports in /var/www/sarg , and to run sarg daily automatically , we can add the following syntax in /etc/crontab :
root@zaib-desktop:~# crontab -e
Now paste the following entry here at the end : –
@daily /usr/sbin/sarg-reports daily
Save and Exit.
Now open your browser and point to your proxy ip/sarg (Change the ip according to your setup)
http://192.168.2.1/sarg/
Some sample results.
More samples can be viewed at
http://sarg.sourceforge.net/squid-reports/2004Aug06-2004Sep13/index.html
Regard’s
SYED JAHANZAIB
Syed Jahanzaib - Personal Blog to Share Knowledge ! 
According to your instruction i installed SARG properly …. but i received following meassage
SARG: Unknown option site_user_time_date_type table
My operating system is Ubuntu server 10.4 64 bit
Any suggestion…?
Thanks for nice tutorial.
LikeLike
Comment by Hasan — January 18, 2012 @ 11:12 AM
Possibly its typing mistake or it might not b pasting properly. look for its syntax on the sarg manual.
Or try removing tags that are hi lighting.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 18, 2012 @ 11:17 AM
same problem here
LikeLike
Comment by Farhan — April 26, 2012 @ 3:57 PM
same problem its not properly work
LikeLike
Comment by sohailjadoon — August 11, 2013 @ 10:38 AM
how access user ID logs in sarg report
LikeLike
Comment by Deepak — April 30, 2015 @ 2:54 PM
Same Error i am also getting
SARG: Unknown option site_user_time_date_type table
LikeLike
Comment by salman — June 9, 2012 @ 6:50 PM
that syntax not necessary to use 🙂
then it still working fine
LikeLike
Comment by Rachmadona Sebayang — December 25, 2012 @ 8:24 PM
Hi Thanks!!!!!! The first site after many! who helped me getting my squid/sarg working! Just a few questions if I may:
1. I also hjave dansguardian installed. If I change the access_log to /var/log/dansguardian/access/log, running sarg command reports unknown option. THis does not happen if I change the access_log back to squid. How do I get the dansguardian access.log reported?
2. Mine also says site_user_table_date_type table is an unknow option but works if I disable it.
3. And lasstly, my report shows all ip addresses as 127.0.0.1. How do I get the real ip of the pc reported?
Thanks!!!!!
LikeLike
Comment by ekkedink — May 15, 2013 @ 12:31 AM
A.S im new to squid.. right now im trying to install and configure sarg, i just wanted to know that should i remove all the data that is in sarg.conf? and paste the following that you have posted? please help.i dont want to mess up my configuration.ill be very thankful to you.
LikeLike
Comment by hassaan — September 4, 2013 @ 11:18 AM
yes.
but whatever you make any changes, always make backup of current/old config files first. so just in case any mess, you can recover things.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — September 4, 2013 @ 1:19 PM
here is an example,what is in sarg.conf
“nano /etc/sarg/sarg.conf
root@raabtaproxy:/etc/sarg# cat sarg.conf
# sarg.conf
#
# TAG: access_log file
# Where is the access.log file
# sarg -l file
#
access_log /var/log/squid3/access.log
# TAG: graphs yes|no
# Use graphics where is possible.
# graph_days_bytes_bar_color blue|green|yellow|orange|brown|red
#
graphs yes
graph_days_bytes_bar_color orange
# TAG: graph_font
# The full path to the TTF font file to use to create the graphs. It is required
# if graphs is set to yes.
#
#graph_font /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf”
so on and so forth..its a large config file,with alot of data. should i delete all the way to the end and then paste yours?? im hesitating a little bit thats why im asking for assurity again. and should i paste the exact same way or i need to create space between lines?
LikeLiked by 1 person
Comment by hassaan — September 4, 2013 @ 2:31 PM
i pasted ur file ,then when i tried to run sarg it gave me an error
“SARG:Uknown option language English
SARG: Uknown option site_user_time_date_type table
SARG: (util) Cannot open file /etc/squid/sarg.exclude_codes (exclude_codes)
LikeLike
Comment by hassaan — September 4, 2013 @ 4:08 PM
make sure to make changes according to the directories of your squid version.
squid 2.x and its directories installed in /etc/squid/
squid 3.x and its directories installed in /etc/squid3/
LikeLike
Comment by Umer Sarwar — October 23, 2013 @ 1:30 AM
yeah! finally I got success for operating my sarg after followed this article
thx a lot mister (^^,)\
:*
LikeLike
Comment by Susan AndiaNdthie — November 11, 2013 @ 8:53 PM
Dear Sir,
Everything OK except monthly report . If you have any point please le me know.
Other thing I want display username in the reports in addition to IP which i pass using LDAP server
please help me.
LikeLike
Comment by Buddhika(Sri Lanka) — December 23, 2013 @ 12:14 PM
Hi
I have successfully installed the SARG and its working perfectly after installing apache2. Thank you for the configuration.
Now is it possible to put password on SARG reports webpage interface so that person with username & password could only view the reports?
How can i do that? any link or directions?
LikeLike
Comment by Umer Sarwar — January 8, 2014 @ 6:26 PM
Reblogged this on Henri Sekeladi – Sebuah Catatan Perjalanan and commented:
Add your thoughts here… (optional)
LikeLike
Comment by rihend — January 29, 2014 @ 5:39 PM
Syed Jahanzaib , Anybody can access sarg reports from web browser. How can we pa
ssword protect SARG reports, please reply
LikeLike
Comment by Usman Khalid — March 4, 2014 @ 8:25 PM
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — March 6, 2014 @ 8:55 AM
SYED SAHIB,
thanks for the link , let me try this. Let me ask you a question which is not related to SARG.
================================================================================================
eth0= 192.168.10.60/24 is LAN (192.168.10.0/24) interface
eth1= 192.168.1.1/24 is PUBLIC/INTERNET/DSL interface with Default GW 192.168.1.1/24 (DSL router’s address)
IP Forwarding is enabled/
Following IP TABLES rule for MASQUERADING is set
sudo iptables -t nat -A POSTROUTING -o eth1
It works fine, a confusing question is in my mind
Question1=
I have told my Linux Machine to Masquerade traffic on eth1 (dsl / public interface) why it is not necessary to tell my linux machine to masquerade traffic coming from eth1 because traffic coming from eth1 is also from different network which is in this case internet.
Question2=
From my LAN , when http://www.google.com is requested , the destination port of traffic generated from my LAN is port 80, When I receive Google’s web page on my LAN , will you please tell me what is the destination port that traffic sent to my LAN by Google’s server placed on the internet.
LAN web traffic request for google.com is on destination port 80 —————-> internet (google’s server)
LAN <————— internet (google's server reply to my request ) on what destination port (?)
LikeLike
Comment by Usman Khalid — March 9, 2014 @ 3:31 AM
[…] Cara Install SARG di Ubuntu […]
LikeLike
Pingback by SARG Squid Analysis Report Generator - opinikoe.com — February 12, 2016 @ 7:30 AM
A.O.A sir very nice post may Allah bless you . sir if we use these steps in centos and rhel then all steps will be same or different guide us please thanks.
LikeLike
Comment by Ali Shan — May 27, 2016 @ 6:24 PM
i have installed sarg in Centos and have configured and it runs sucessfully – it also email sucessfully but i do not receive the email in outlook
please assist.
LikeLike
Comment by Isoa — October 26, 2016 @ 2:44 PM
[…] Cara Install SARG di Ubuntu […]
LikeLike
Pingback by SARG Squid Analysis Report Generator | opinikoe™ — April 10, 2017 @ 3:24 PM