Sarg-The Layman Reporting Tool For Squid


So, you got your Squid Proxy Server up and running, got your management impressed and moved into a controlled scenario. But is that really make full sense, if you still don’t know what exactly going on under Squid? I mean who is accessing what and for how much time and in what way etc. etc. Only after this knowledge, you would be able to know what to block next or what to allow!

Yes! the basic way is to go through /etc/squid/access.log, but considering the huge size of this access log file, its not convenient at all, neither the format of access.log itself that pretty to read or present. What we require is a tool that could tell us things like who’s accessing what and how much traffic has been passed through squid like stuffs? Here is our simplest solution: SARG – Squid Analysis Report Generation

Here are a few screenshots to give you an idea that what it can do for you

Report link over a period

Users statistics

What users are downloading

Which sites are being accessed

The last screenshot tells us that which sites a particular user/ IP address is accessing and the first-n-second screenshots tells us that how much traffic is passing through Squid and what is the distribution? Probably much of what we actually wanna know.



Here it comes that how to get it in action in layman’s way:

Getting SARG Installed: First you need your apache running means you must be able to get your apache page on hitting http://localhost and then proceed to get the RPM for SARG first. As I am taking the case of CentOS, so the way is to do

wget http://dag.wieers.com/rpm/packages/sarg/sarg-2.2.1-1.el4.rf.i386.rpm

This will download this 306 kb rpm to your current directory and then you just need to do

rpm –i sarg-2.2.1-1.el4.rf.i386.rpm


Configuring SARG: It places a sarg.conf in /etc/httpd/conf.d to take care of sarg-reports web form, while the other sarg.conf places itself in /etc/squid, where you need to edit it and commenting the line deny from all, which actually enabling only localhost to see the reports and denying all others. After that you can either place allow from all or write lines for providing report access to certain defined IP addresses only. After that just type the below and you are ready to go:

service httpd restart


Running SARG: SARG automatically places its scripts in /etc/cron.daily,  /etc/cron.weekly, /etc/cron.monthly, which will keep on performing its job without any intervention required. You need not to do anything for it. Although if you want to generate a one-shot SARG report, then you can always use

sarg -ix


Hope you will like the way, it does the job of Squid reporting for you in most simplest yet most effective way. In next, I will try that how can these reports could be customized to make most of it.

photo of Nitish KumarNitish Kumar

Advertisements

Author: Nitish Kumar

I love to write and raising voice, sharing thought and heated debate is a kind of passion for me. Jobwise I am just another Computer professional handling Infra and designing solutions for a big Indian Media house but I love to write, sketch, photography and a lot more.

6 thoughts on “Sarg-The Layman Reporting Tool For Squid”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s