SARG on CentOS 6
A newer version of this article is available in my blog: http://amar-linux.blogspot.com/2017/03/how-to-analyze-squid-logs-with-sarg-log.html
Usually, it's pretty hard to analyze information from the squid log file. For example, I don't know how to analyze date or number of hits from /var/log/squid/access.log. If someone needs to analyze which websites are being accessed from the network, SARG may be a very good tool. SARG, or Squid Analysis Report Generator (http://sarg.sourceforge.net) analyzes the log, and generates a web based table where one can easily analyze proxy traffic.
Usually, it's pretty hard to analyze information from the squid log file. For example, I don't know how to analyze date or number of hits from /var/log/squid/access.log. If someone needs to analyze which websites are being accessed from the network, SARG may be a very good tool. SARG, or Squid Analysis Report Generator (http://sarg.sourceforge.net) analyzes the log, and generates a web based table where one can easily analyze proxy traffic.
Although SARG can be installed using YUM, I have faced problems with CentOS 6. So, I went for tarball installation instead. And believe, it's really easy unlike many tarball installtions.
So, let's start:
[root@busy-bee2 ~]# yum install gcc make wget httpd
[root@busy-bee2 ~]# wget http://sourceforge.net/projects/sarg/files/sarg/sarg-2.3.1/sarg-2.3.1.tar.gz/download
[root@busy-bee2 ~]# tar zxvf sarg-2.3.1.tar.gz
[root@busy-bee2 ~]# cd sarg-2.3.1
[root@busy-bee2 ~]# ./configure
[root@busy-bee2 ~]# make
[root@busy-bee2 ~]# make install
Time to modify the conf file
[root@busy-bee2 ~]# vim /usr/local/etc/sarg.conf
There are a lot of options, and it is always recommended to go through them. However, we'll be editing only the ones that we need.
#### sarg.conf####
access_log /var/log/squid/access.log
date_format e ## since here we use date format DD-MM-YYYY
overwrite_report yes ## because I don't want multiple sarg reports for the same day
output_dir /var/www/html/squid-reports
Time for a test run
[root@busy-bee2 ~]# sarg -x
We have used to the "-x" parameter for to view detail information on the run (used for debugging). If all goes well, there should be a report generated at /var/www/html/squid-reports directory which can be accessed from the web browser using the address http://IP/squid-reports
 |
| Sarg in Browser |
Now, we'd be adding a scheduled task to run SARG at 02:30 everyday. To find out the executable file for SARG, we could use the 'which' command-
[root@busy-bee2 ~]# which sarg
## OUTPUT ##
/usr/local/bin/sarg
[root@busy-bee2 ~]# crontab -e
30 2 * * * /usr/local/bin/sarg
[root@busy-bee2 ~]# service crond restart
[root@busy-bee2 ~]# chkconfig crond on
Troubleshooting
If there is problem viewing the SARG page, here are a few tips:
- Check whether the Firewall is blocking (iptables)
- Check if there is a file /etc/httpd/conf.d/sarg.conf. There is a line "allow from". Modify it to suit your needs.
- Verify that there is directory "/var/www/html/squid-reports"
Tanks! Nice post!
ReplyDeleteCan SARG show about user time access website?
ReplyDeletegreat post be blessed ........
ReplyDeleteThank you..may Allah bless us all
DeleteThanks sermed ........this excellent doc.
ReplyDeleteGlad i could help
DeleteA.O.A bro one thing i have to as i am trying to install sarg on cantos 6.8 but something wrong with me after compile sarg . the sarg not accessible there is no entry in /var/www/html
ReplyDelete