Scribd
Upload
1K views12 pages

How To Configure Sarg

SARG is an open source tool that analyzes Squid proxy log files and generates HTML reports with information on user activity, including top sites accessed, bandwidth usage, and daily/weekly/monthly statistics. The document provides instructions on installing and configuring SARG, generating reports by running commands, and accessing the reports in a web browser. Automatic report generation can be set up through Cron jobs.

Uploaded by

api-284453517
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views12 pages

How To Configure Sarg

SARG is an open source tool that analyzes Squid proxy log files and generates HTML reports with information on user activity, including top sites accessed, bandwidth usage, and daily/weekly/monthly statistics. The document provides instructions on installing and configuring SARG, generating reports by running commands, and accessing the reports in a web browser. Automatic report generation can be set up through Cron jobs.

Uploaded by

api-284453517
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

SARG Squid

Analysis Report
Generator and
Internet Bandwidth
Monitoring Tool

Dilip Yadav
SARG is an open source tool that allows you to
analyses the squid log files and generates beautiful
reports in HTML format with information about
users, IP addresses, top accessed sites, total
bandwidth usage, elapsed time, downloads, access
denied websites, daily reports, weekly reports and
monthly reports.
How to configure SARG

How to configure SARG


SARG is an open source tool that allows you to analyse the squid log files and generates
beautiful reports in HTML format with informations about users, IP addresses, top accessed
sites, total bandwidth usage, elapsed time, downloads, access denied websites, daily
reports, weekly reports and monthly reports.

The SARG is very handy tool to view how much internet bandwidth is utilized by individual
machines on the network and can watch on which websites the networks users are
accessing.

Squid Analysis Report Generator (SARG) is a Squid proxy log analysis tool for Linux.
Sarg provides web based logfile analysis and divides traffic based on IP address. Traffic is
then categorized by web site visited, traffic volume, and other useful statistics. It enables
you to see your Squid users internet usage. SARG provides many statistics and informations
about Squid users activities like times, bytes, sites, etc.

The Squid Analysis Report Generator (SARG) enables you to see your Squid users
internet usage. SARG provides many informations about Squid users activities like times,
bytes, sites, etc. This article will show you how to use SARG through Webmin, a web-based
interface for administering Linux.

You can install SARG on Redhat bases systems eg. CenOS, Rehat Ent. Linux and also on
Debian based system Eg. Ubuntu.

Step 1: Installing Sarg from Source

# yum install y gcc gd gd-devel make perl-GD wget httpd

Once youve installed all the required packages, download the latest sarg source tarball or you may use
the following wget command to download and install it as shown below.

# wget http://garr.dl.sourceforge.net/project/sarg/sarg/sarg-
2.3.7/sarg-2.3.7.tar.gz
# tar -xvzf sarg-2.3.7.tar.gz
# cd sarg-2.3.7
# ./configure
# make
# make install

Step 2: Configuring Sarg

1
How to configure SARG

Now its time to edit some parameters in SARG main configuration file. The file contains lots of options
to edit, but we will only edit required parameters like:

1. Access logs path


2. Output directory
3. Date Format
4. Overwrite report for the same date.

Open sarg.conf file with your choice of editor and make changes as shown below.

# vi /usr/local/etc/sarg.conf [On RedHat based systems]


#sudo nano /etc/sarg/sarg.conf [On Debian based systems]

Now uncomment and add the original path to your squid access log file.

# sarg.conf
#
# TAG: access_log file
# Where is the access.log file
# sarg -l file
#
access_log /var/log/squid/access.log

Next, add the correct Output directory path to save the generate squid reports in that directory. Please
note, under Debian based distributions the Apache web root directory is /var/www. So, please be
careful while adding correct web root paths under your Linux distributions.

# TAG: output_dir
# The reports will be saved in that directory
# sarg -o dir
#
output_dir /var/www/html/squid-reports

Set the correct date format for reports. For example, date_format e will display reports in dd/mm/yy
format.

# TAG: date_format
# Date format in reports: e (European=dd/mm/yy), u (American=mm/dd/yy), w (Weekly=yy.ww)
#
date_format e

2
How to configure SARG

Next, uncomment and set Overwrite report to Yes.

# TAG: overwrite_report yes|no


# yes - if report date already exist then will be overwritten.
# no - if report date already exist then will be renamed to
filename.n, filename.n+1
#
overwrite_report yes
Thats it! Save and close the file.

Step 3: Generating Sarg Report

Once, youve done with the configuration part, its time to generate the squid log report
using the following command.

# sarg -x [On RedHat based systems]

Sample Output
[root@localhost squid]# sarg -x

SARG: Init
SARG: Loading configuration from /usr/local/etc/sarg.conf
SARG: Deleting temporary directory "/tmp/sarg"
SARG: Parameters:
SARG: Hostname or IP address (-a) =
SARG: Useragent log (-b) =
SARG: Exclude file (-c) =
SARG: Date from-until (-d) =
SARG: Email address to send reports (-e) =
SARG: Config file (-f) =
/usr/local/etc/sarg.conf
SARG: Date format (-g) = USA (mm/dd/yyyy)
SARG: IP report (-i) = No
SARG: Keep temporary files (-k) = No
SARG: Input log (-l) =
/var/log/squid/access.log
SARG: Resolve IP Address (-n) = No
SARG: Output dir (-o) = /var/www/html/squid-
reports/
SARG: Use Ip Address instead of userid (-p) = No
SARG: Accessed site (-s) =
SARG: Time (-t) =
SARG: User (-u) =
SARG: Temporary dir (-w) = /tmp/sarg
SARG: Debug messages (-x) = Yes
SARG: Process messages (-z) = No
SARG: Previous reports to keep (--lastlog) = 0
SARG:

3
How to configure SARG

SARG: sarg version: 2.3.7 May-30-2013


SARG: Reading access log file: /var/log/squid/access.log
SARG: Records in file: 355859, reading: 100.00%
SARG: Records read: 355859, written: 355859, excluded: 0
SARG: Squid log format
SARG: Period: 2014 Jan 21
SARG: Sorting log /tmp/sarg/172_16_16_55.user_unsort
......

Note: The sarg -x command will read the sarg.conf configuration file and takes the squid access.log
path and generates a report in html format.

Step 4: Assessing Sarg Report

The generated reports placed under /var/www/html/squid-reports/ or /var/www/squid-reports/


which can be accessed from the web browser using the address.

http://localhost/squid-reports
OR

http://ip-address/squid-reports

Sarg Main Window

4
How to configure SARG

Specific Date

5
How to configure SARG

User Report

6
How to configure SARG

Top Accessed Sites

Top Sites and Users

7
How to configure SARG

Top Downloads

8
How to configure SARG

Denied Access

9
How to configure SARG

Authentication Failures

Step 5: Automatic Generating Sarg Report

To automate the process of generating sarg report in given span of time via cron jobs. For example, lets
assume you want to generate reports on hourly basis automatically, to do this, you need to configure a
Cron job.

# crontab -e

Next, add the following line at the bottom of the file. Save and close it.

* */1 * * * /usr/local/bin/sarg -x

The above Cron rule will generate SARG report every 1 hour.

More samples can be viewed at

10
How to configure SARG

Useful linkshttp://www.tecmint.com/sarg-squid-analysis-report-generator-and-internet-bandwidth-
monitoring-tool/

SARG Version 2.3

Author Dilip Yadav

11

You might also like