Squid Proxy Server Report Analyzer

A good Administrator always keep checks and balance in case of any emergency situation such as low performance issues, monitoring and who is surfing what, who is eating more internet in the network.

`

If you are using squid as your proxy server then it’s pretty hard to analyze information from typical squid log file like we cannot check date of opening specific website and also number of hits so we need well managed format to see all the things clearly.

Today we will install one of squid log analyzer named SARG which will present squid report in nice web base format, so we can analyze squid log easily.

So let’s get started.

Lab Setup:

Server

• Hostname = pxy.broexperts.com
• Services = DNS, Squid Proxy and SARG.
• Ethernet Connected with Internet = eth0
• IP = 192.168.1.229/24
• Gateway = 192.168.1.1
• DNS = 192.168.1.1
• Ethernet Connected with Local Network = eth1
• IP = 192.168.0.229/24

Client
• Hostname = pc1.broexperts.com
• IP = 192.168.1.230/24
• Gateway = 192.168.0.229
• DNS = 192.168.0.229

I assume that your Squid server is properly configured as transparent proxy and for the name resolution DNS is working in caching-only mode.
If you want to learn how to install squid as transparent proxy and DNS in caching-only mode, then check our previous articles to click on link below.

Squid as Transparent Proxy
How to install DNS in caching only mode.

Let’s begin the installation process

Step-1 Installation of required packages for SARG.

yum install –y gcc make wget httpd

Step-2 Download SARG
Create directory

mkdir downloads

Change directory to download directory

cd downloads

Download SARG file.

wget http://garr.dl.sourceforge.net/project/sarg/sarg/sarg-2.3.7/sarg-2.3.7.tar.gz

Move downloaded SARG file into installed directory which is /opt

mv sarg-2.3.7.tar.gz /opt/

Change directory to ‘/opt’

cd /opt

Extract sarg package tar file using below command.

tar zxvf sarg-2.3.7.tar.gz

Change directory to SARG’s decompressed folder.

cd sarg-2.3.7

Step-3 Compile SARG package use below Commands.

./configure

User make command

make

Now make install

make install

Step-4 Edit main configuration file

Now time to edit SARG main configuration file. It has lots of option to edit you should go through all of them before edit anything. However, we will editing only the ones that we need.

vi /usr/local/etc/sarg.conf

Changes made for this lab

access_log /var/log/squid/access.log # Squid Access Log file By Default Location
date_format e # Date format will be DD-MM-YYYY
output_dir /var/www/html/access_reports

Save file and Exit.

Step-5 Service starting and configuring firewall

Now time to start the http service and allow firewall to accept http traffic on port 80

Start httpd service

service httpd restart

Make is available on startup.

chkconfig httpd on

Firewall rule for http traffic

iptables –I INPUT –p tcp –dport 80 –j ACCEPT

Step-6 Now finally you can generate SARG reports.

sarg –x

The above command will generate reports in mentioned directory ‘/var/www/html/access_reports ‘ which can be accessed from the web browser using the address

http://IP/access_reports

In my cause it will be http://192.168.0.229/access_reports see the below screen shorts.

1. SARG Main Page

sarg_1

2.Top Sites and Users

sarg_2

3. User Report

sarg_3

 

 

 

Step-7 And now my requirement is to generate this report on hourly basis so for that i have to configure ‘crontab’ i will run this command after every 3 hours.

you can adjust as per your requirements.

Create a schedual

crontab -e

0 */3 * * * sarg

This schedule will generate SARG report after every 3 hours.

If you have any question please use comments area. Thanks!

Similar Posts