Archive for December 3rd, 2009
So, you got your Squid Proxy Server up and running, got your management impressed and moved into a controlled scenario. But is that really make full sense, if you still don’t know what exactly going on under Squid? I mean who is accessing what and for how much time and in what way etc. etc. Only after this knowledge, you would be able to know what to block next or what to allow!
Yes! the basic way is to go through /etc/squid/access.log, but considering the huge size of this access log file, its not convenient at all, neither the format of access.log itself that pretty to read or present. What we require is a tool that could tell us things like who’s accessing what and how much traffic has been passed through squid like stuffs? Here is our simplest solution: SARG – Squid Analysis Report Generation
Here are a few screenshots to give you an idea that what it can do for you
The last screenshot tells us that which sites a particular user/ IP address is accessing and the first-n-second screenshots tells us that how much traffic is passing through Squid and what is the distribution? Probably much of what we actually wanna know.
Here it comes that how to get it in action in layman’s way:
Getting SARG Installed: First you need your apache running means you must be able to get your apache page on hitting http://localhost and then proceed to get the RPM for SARG first. As I am taking the case of CentOS, so the way is to do
This will download this 306 kb rpm to your current directory and then you just need to do
rpm –i sarg-2.2.1-1.el4.rf.i386.rpm
Configuring SARG: It places a sarg.conf in /etc/httpd/conf.d to take care of sarg-reports web form, while the other sarg.conf places itself in /etc/squid, where you need to edit it and commenting the line deny from all, which actually enabling only localhost to see the reports and denying all others. After that you can either place allow from all or write lines for providing report access to certain defined IP addresses only. After that just type the below and you are ready to go:
service httpd restart
Running SARG: SARG automatically places its scripts in /etc/cron.daily, /etc/cron.weekly, /etc/cron.monthly, which will keep on performing its job without any intervention required. You need not to do anything for it. Although if you want to generate a one-shot SARG report, then you can always use
Hope you will like the way, it does the job of Squid reporting for you in most simplest yet most effective way. In next, I will try that how can these reports could be customized to make most of it.