Squid Analysis Report Generator (SARG) is a Squid proxy log analysis tool for Linux. SARG provides web based logfile analysis and divides traffic based on IP address. Traffic is then categorized by web site visited, traffic volume, and other useful statistics. It enables you to see your Squid users internet usage. SARG provides many statistics and informations about Squid users activities like times, bytes, sites, etc.
Installation in Ubuntu is relatively straight forward with a couple of commands
apt-get install sarg
After SARG installed, we need to modify some options in sarg.conf.
Issue the following command.
nano /etc/squid/sarg.conf
Now remove all lines and paste following lines in this file.
# sarg.conf language English access_log /var/log/squid/access.log graphs yes graph_days_bytes_bar_color orange title "My Squid User Access Reports" font_face Tahoma,Verdana,Arial header_color darkblue header_bgcolor blanchedalmond font_size 9px background_color white text_color #000000 text_bgcolor lavender title_color green temporary_dir /tmp output_dir /var/www/sarg resolve_ip user_ip yes topuser_sort_field BYTES reverse user_sort_field BYTES reverse date_format u lastlog 0 remove_temp_files yes index yes index_tree file overwrite_report yes records_without_userid ip use_comma yes mail_utility mailx topsites_num 50 topsites_sort_order CONNECT D index_sort_order D max_elapsed 28800000 exclude_codes /etc/squid/sarg.exclude_codes report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads usertab /etc/squid/sarg.usertab long_url no date_time_by bytes charset Latin1 show_successful_message yes show_read_statistics yes topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE user_report_fields CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE topuser_num 0 site_user_time_date_type table download_suffix "zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,mp3,avi,mpg,mpeg"
Now save and exit.
Don’t forget to Create a dir Where SARG will create reports in /var/www/sarg
(You can change output dir syntax in sarg.conf)
mkdir /var/www/sarg
To run sarg, use the following command
sarg /usr/sbin/sarg-reports daily
This will produce reports in /var/www/sarg , and to run sarg daily automatically , we can add the following syntax in /etc/crontab :
root@zaib-desktop:~# crontab -e
Now paste the following entry here at the end : –
@daily /usr/sbin/sarg-reports daily
Save and Exit.
Now open your browser and point to your proxy ip/sarg (Change the ip according to your setup)
http://192.168.2.1/sarg/
Some sample results.
More samples can be viewed at
http://sarg.sourceforge.net/squid-reports/2004Aug06-2004Sep13/index.html
Regard’s
SYED JAHANZAIB