Squid Proxy Server Report Analyzer
A good Administrator always keep checks and balance in case of any emergency situation such as low performance issues, monitoring and who is surfing what, who is eating more internet in the network.
If you are using squid as your proxy server then it’s pretty hard to analyze information from typical squid log file like we cannot check date of opening specific website and also number of hits so we need well managed format to see all the things clearly.
Today we will install one of squid log analyzer named SARG which will present squid report in nice web base format, so we can analyze squid log easily.
So let’s get started.
Lab Setup:
Server
• Hostname = pxy.broexperts.com
• Services = DNS, Squid Proxy and SARG.
• Ethernet Connected with Internet = eth0
• IP = 192.168.1.229/24
• Gateway = 192.168.1.1
• DNS = 192.168.1.1
• Ethernet Connected with Local Network = eth1
• IP = 192.168.0.229/24
Client
• Hostname = pc1.broexperts.com
• IP = 192.168.1.230/24
• Gateway = 192.168.0.229
• DNS = 192.168.0.229
I assume that your Squid server is properly configured as transparent proxy and for the name resolution DNS is working in caching-only mode.
If you want to learn how to install squid as transparent proxy and DNS in caching-only mode, then check our previous articles to click on link below.
Squid as Transparent Proxy
How to install DNS in caching only mode.
Let’s begin the installation process
Step-1 Installation of required packages for SARG.
Step-2 Download SARG
Create directory
Change directory to download directory
Download SARG file.
Move downloaded SARG file into installed directory which is /opt
Change directory to ‘/opt’
Extract sarg package tar file using below command.
Change directory to SARG’s decompressed folder.
Step-3 Compile SARG package use below Commands.
User make command
Now make install
Step-4 Edit main configuration file
Now time to edit SARG main configuration file. It has lots of option to edit you should go through all of them before edit anything. However, we will editing only the ones that we need.
Changes made for this lab
date_format e # Date format will be DD-MM-YYYY
output_dir /var/www/html/access_reports
Save file and Exit.
Step-5 Service starting and configuring firewall
Now time to start the http service and allow firewall to accept http traffic on port 80
Start httpd service
Make is available on startup.
Firewall rule for http traffic
Step-6 Now finally you can generate SARG reports.
The above command will generate reports in mentioned directory ‘/var/www/html/access_reports ‘ which can be accessed from the web browser using the address
http://IP/access_reports
In my cause it will be http://192.168.0.229/access_reports see the below screen shorts.
1. SARG Main Page
2.Top Sites and Users
3. User Report
Step-7 And now my requirement is to generate this report on hourly basis so for that i have to configure ‘crontab’Â i will run this command after every 3 hours.
you can adjust as per your requirements.
Create a schedual
0 */3 * * * sarg
This schedule will generate SARG report after every 3 hours.
If you have any question please use comments area. Thanks!