Sunday, February 12, 2012

SARG on CentOS 6

Usually, it's pretty hard to analyze information from the squid log file. For example, I don't know how to analyze date or number of hits from /var/log/squid/access.log. If someone needs to analyze which websites are being accessed from the network, SARG may be a very good tool. SARG, or Squid Analysis Report Generator (http://sarg.sourceforge.net) analyzes the log, and generates a web based table where one can easily analyze proxy traffic.

Although SARG can be installed using YUM, I have faced problems with CentOS 6. So, I went for tarball installation instead. And believe, it's really easy unlike many tarball installtions.

So, let's start:
[root@busy-bee2 ~]# yum install gcc make wget httpd
[root@busy-bee2 ~]# wget http://sourceforge.net/projects/sarg/files/sarg/sarg-2.3.1/sarg-2.3.1.tar.gz/download

[root@busy-bee2 ~]# tar zxvf sarg-2.3.1.tar.gz
[root@busy-bee2 ~]# cd sarg-2.3.1
[root@busy-bee2 ~]# ./configure
[root@busy-bee2 ~]# make
[root@busy-bee2 ~]# make install



Time to modify the conf file 

[root@busy-bee2 ~]# vim /usr/local/etc/sarg.conf



There are a lot of options, and it is always recommended to go through them. However, we'll be editing only the ones that we need.
#### sarg.conf####
access_log /var/log/squid/access.log
date_format e     ## since here we use date format DD-MM-YYYY
overwrite_report yes     ## because I don't want multiple sarg reports for the same day
output_dir /var/www/html/squid-reports



Time for a test run

[root@busy-bee2 ~]# sarg -x

We have used to the "-x" parameter for to view detail information on the run (used for debugging). If all goes well, there should be a report generated at /var/www/html/squid-reports directory which can be accessed from the web browser using the address http://IP/squid-reports



Sarg in Browser


Now, we'd be adding a scheduled task to run SARG at 02:30 everyday. To find out the executable file for SARG, we could use the 'which' command-

[root@busy-bee2 ~]# which sarg
## OUTPUT ##
 /usr/local/bin/sarg

[root@busy-bee2 ~]# crontab -e

30 2 * * *  /usr/local/bin/sarg

[root@busy-bee2 ~]# service crond restart
[root@busy-bee2 ~]# chkconfig crond on




Troubleshooting
If there is problem viewing the SARG page, here are a few tips:
  1. Check whether the Firewall is blocking (iptables)
  2. Check if there is a file /etc/httpd/conf.d/sarg.conf. There is a line "allow from". Modify it to suit your needs.
  3. Verify  that there is directory "/var/www/html/squid-reports"

6 comments: