December 20, 2014, 12:08:09 AM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: I Want to Know how to configure SARG on SuSe  (Read 6951 times)

Offline sothy

  • Linux Learner
  • ***
  • Posts: 84
I Want to Know how to configure SARG on SuSe
« on: September 15, 2005, 02:31:16 AM »
Dear Every body
i have some problem about config SARG on SUSE and the first time i installed Webmin , SARG.conf but it does't work so i want to know how do i shout config on sarg.conf and i must add new line ornt ......

Thank For Reply Back

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
I Want to Know how to configure SARG on SuSe
« Reply #1 on: September 15, 2005, 05:18:25 AM »
Basically you should look for some good tutorial for sarg ! Here I am posting one which I looked once to configure :
Quote from: "basic Sarg instructions"
Installing the Sarg

The SARG can be gotten in the following address: http://sarg.sourceforge.net/sarg.php. After downloaded, it unpacks using it the command:

# tar -xzvf sarg-1.3-PRE2.tar.gz

After that, in the directory where the program was unpacked, it types:

# ./configure
# make
# make install

By standard, the SARG is installed in the directory /usr/local/sarg. In the past /etc/sarg/ is that we will find the configuration archive sarg.conf.

Configuring the Sarg

I go to cite the main parameters and the archive it is explained

Defining Language

language Portuguese

Titulo’s Report

title "Squid User Access Reports"

Directory where it will be generated the reports

output_dir /home/squid/report/

To generate reports based on behalf of user (it requires a Proxy configured with authentication of users).

user_ip no

This option allows to specify the place generated for log theirs Squid

# TAG: access_log file
#
#access_log /usr/local/squid/logs/access.log
#access_log /var/log/squid/logs/access.log # RedHat Versão

In this option nothing it needs to be modified, therefore the type of access to the site is about the type of report in accordance with.

# TAG: report_type type
# report_type topsites users_sites sites_users date_time denied auth_failures site_user_time_date

The following options exist:

Topsites - Sites more visited by passed through connection and bytes.
Sites_users - Sample which the users have access a specific site.
Users_sites - Sample sites had access for a specific user.
Date_time - Bytes utilizados/trafegados per day and hour.
Denied - Sample access attempts the sites forbidden for the ACLs.
Auth_failures - Sample authentication attempts (error in the typing of authentication password) imperfections of an user.

After finished the configuration of the Sarg, is enough to generate the reports and below I go to show some examples of as to use.

For example, I want to send email of the report for date:

sarg -e wrochal@linuxit.com.br -d 01/01/2003-06/01/2003

Another very cool example that would be for address URL, that in the case would below generate the report alone of the addresses described:

sarg -s www.linuxit.com.br, www.myunix.org

Configuring the date format

sarg -d [e=Europa -> dd/mm/aa], u=EUA -> mm/dd/aa]

Report for user and IP

sarg -i wrochal 10.100.0.101

Report for hour

sarg -t [HH, HH:MM, HH:MM:SS]

Report for User

sarg -u wrochal

Now you are enough to create the report of the skill that you desire and much good luck.

Report with exclusion of sites, strings and users

Much people ask as to generate report excluding such site, users and strings. Knows as to use this resource:

exclude.hosts - Here each line will have one domain/URL that it will not be shown in the report. Useful you to place, for examples, addresses of download of the Intranet that pass for the Squid, but do not spend band of Internet none.

It places in the archive sarg.conf: exclude_hosts /etc/sarg/exclude.hosts

exclude.strings - if some line of the archive of log to contain one of strings of this archive (each string for line), this line of log will be ignored of the report. With this you can filter any thing of the report.

It places in the archive sarg.conf: exclude_string /etc/sarg/exclude.strings

exclude.users - the users who will be in this archive (separate for line) will not be enclosed in the report.

It places in the archive sarg.conf: exclude_users /etc/sarg/exclude.users


Or if you want quick way then see the link :
linux.softpedia.com/get/Internet/Log-Analyzers/sarg-102.shtml