Sarg-The Layman Reporting Tool For Squid

So, you got your Squid Proxy Server up and running, got your management impressed and moved into a controlled scenario. But is that really make full sense, if you still don’t know what exactly going on under Squid? I mean who is accessing what and for how much time and in what way etc. etc. Only after this knowledge, you would be able to know what to block next or what to allow!

Yes! the basic way is to go through /etc/squid/access.log, but considering the huge size of this access log file, its not convenient at all, neither the format of access.log itself that pretty to read or present. What we require is a tool that could tell us things like who’s accessing what and how much traffic has been passed through squid like stuffs? Here is our simplest solution: SARG – Squid Analysis Report Generation

Here are a few screenshots to give you an idea that what it can do for you

Report link over a period

Users statistics

What users are downloading

Which sites are being accessed

The last screenshot tells us that which sites a particular user/ IP address is accessing and the first-n-second screenshots tells us that how much traffic is passing through Squid and what is the distribution? Probably much of what we actually wanna know.

Here it comes that how to get it in action in layman’s way:

Getting SARG Installed: First you need your apache running means you must be able to get your apache page on hitting http://localhost and then proceed to get the RPM for SARG first. As I am taking the case of CentOS, so the way is to do


This will download this 306 kb rpm to your current directory and then you just need to do

rpm –i sarg-2.2.1-1.el4.rf.i386.rpm

Configuring SARG: It places a sarg.conf in /etc/httpd/conf.d to take care of sarg-reports web form, while the other sarg.conf places itself in /etc/squid, where you need to edit it and commenting the line deny from all, which actually enabling only localhost to see the reports and denying all others. After that you can either place allow from all or write lines for providing report access to certain defined IP addresses only. After that just type the below and you are ready to go:

service httpd restart

Running SARG: SARG automatically places its scripts in /etc/cron.daily,  /etc/cron.weekly, /etc/cron.monthly, which will keep on performing its job without any intervention required. You need not to do anything for it. Although if you want to generate a one-shot SARG report, then you can always use

sarg -ix

Hope you will like the way, it does the job of Squid reporting for you in most simplest yet most effective way. In next, I will try that how can these reports could be customized to make most of it.

photo of Nitish KumarNitish Kumar


6 thoughts on “Sarg-The Layman Reporting Tool For Squid

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.