How To Configure Sarg
How To Configure Sarg
Analysis Report
Generator and
Internet Bandwidth
Monitoring Tool
Dilip Yadav
SARG is an open source tool that allows you to
analyses the squid log files and generates beautiful
reports in HTML format with information about
users, IP addresses, top accessed sites, total
bandwidth usage, elapsed time, downloads, access
denied websites, daily reports, weekly reports and
monthly reports.
How to configure SARG
The SARG is very handy tool to view how much internet bandwidth is utilized by individual
machines on the network and can watch on which websites the networks users are
accessing.
Squid Analysis Report Generator (SARG) is a Squid proxy log analysis tool for Linux.
Sarg provides web based logfile analysis and divides traffic based on IP address. Traffic is
then categorized by web site visited, traffic volume, and other useful statistics. It enables
you to see your Squid users internet usage. SARG provides many statistics and informations
about Squid users activities like times, bytes, sites, etc.
The Squid Analysis Report Generator (SARG) enables you to see your Squid users
internet usage. SARG provides many informations about Squid users activities like times,
bytes, sites, etc. This article will show you how to use SARG through Webmin, a web-based
interface for administering Linux.
You can install SARG on Redhat bases systems eg. CenOS, Rehat Ent. Linux and also on
Debian based system Eg. Ubuntu.
Once youve installed all the required packages, download the latest sarg source tarball or you may use
the following wget command to download and install it as shown below.
# wget http://garr.dl.sourceforge.net/project/sarg/sarg/sarg-
2.3.7/sarg-2.3.7.tar.gz
# tar -xvzf sarg-2.3.7.tar.gz
# cd sarg-2.3.7
# ./configure
# make
# make install
1
How to configure SARG
Now its time to edit some parameters in SARG main configuration file. The file contains lots of options
to edit, but we will only edit required parameters like:
Open sarg.conf file with your choice of editor and make changes as shown below.
Now uncomment and add the original path to your squid access log file.
# sarg.conf
#
# TAG: access_log file
# Where is the access.log file
# sarg -l file
#
access_log /var/log/squid/access.log
Next, add the correct Output directory path to save the generate squid reports in that directory. Please
note, under Debian based distributions the Apache web root directory is /var/www. So, please be
careful while adding correct web root paths under your Linux distributions.
# TAG: output_dir
# The reports will be saved in that directory
# sarg -o dir
#
output_dir /var/www/html/squid-reports
Set the correct date format for reports. For example, date_format e will display reports in dd/mm/yy
format.
# TAG: date_format
# Date format in reports: e (European=dd/mm/yy), u (American=mm/dd/yy), w (Weekly=yy.ww)
#
date_format e
2
How to configure SARG
Once, youve done with the configuration part, its time to generate the squid log report
using the following command.
Sample Output
[root@localhost squid]# sarg -x
SARG: Init
SARG: Loading configuration from /usr/local/etc/sarg.conf
SARG: Deleting temporary directory "/tmp/sarg"
SARG: Parameters:
SARG: Hostname or IP address (-a) =
SARG: Useragent log (-b) =
SARG: Exclude file (-c) =
SARG: Date from-until (-d) =
SARG: Email address to send reports (-e) =
SARG: Config file (-f) =
/usr/local/etc/sarg.conf
SARG: Date format (-g) = USA (mm/dd/yyyy)
SARG: IP report (-i) = No
SARG: Keep temporary files (-k) = No
SARG: Input log (-l) =
/var/log/squid/access.log
SARG: Resolve IP Address (-n) = No
SARG: Output dir (-o) = /var/www/html/squid-
reports/
SARG: Use Ip Address instead of userid (-p) = No
SARG: Accessed site (-s) =
SARG: Time (-t) =
SARG: User (-u) =
SARG: Temporary dir (-w) = /tmp/sarg
SARG: Debug messages (-x) = Yes
SARG: Process messages (-z) = No
SARG: Previous reports to keep (--lastlog) = 0
SARG:
3
How to configure SARG
Note: The sarg -x command will read the sarg.conf configuration file and takes the squid access.log
path and generates a report in html format.
http://localhost/squid-reports
OR
http://ip-address/squid-reports
4
How to configure SARG
Specific Date
5
How to configure SARG
User Report
6
How to configure SARG
7
How to configure SARG
Top Downloads
8
How to configure SARG
Denied Access
9
How to configure SARG
Authentication Failures
To automate the process of generating sarg report in given span of time via cron jobs. For example, lets
assume you want to generate reports on hourly basis automatically, to do this, you need to configure a
Cron job.
# crontab -e
Next, add the following line at the bottom of the file. Save and close it.
* */1 * * * /usr/local/bin/sarg -x
The above Cron rule will generate SARG report every 1 hour.
10
How to configure SARG
Useful linkshttp://www.tecmint.com/sarg-squid-analysis-report-generator-and-internet-bandwidth-
monitoring-tool/
11