Generating Squid report using SARG (Squid Analysis Report Generator)

SARG is a free tool that enables you to analyse squid log files while generating reports in HTML format showing informations of all squid users including IP addresses, frequently accessed sites, total bandwidth usage, elapsed time, downloads, access denied websites, daily reports, weekly reports and monthly reports.

The SARG is a handy tool that enables you to viewthe amount of internet bandwidth required by individual machines within a network and analyze watch which websites network users are accessing

The First Step: Installing free Sarg from Source

The package is not part of the RedHat based distributions, so you have to manually compile and set it up from source . You will also require additional packages to be installed on the machine

# vi /usr/local/etc/sarg.conf [On RedHat based systems]
$ sudo nano /etc/sarg/sarg.conf [On Debian based systems]

Now Uncomment and add the original path to your squid access log file.

# sarg.conf
# TAG:  access_log file
#       Where is the access.log file
#       sarg -l file
access_log /var/log/squid/access.log

create the correct Output directory path twhere generated squid reports will be stored.

# TAG:  output_dir
#       The reports will be saved in that directory
#       sarg -o dir
output_dir /var/www/html/squid-reports

set the correct time and date

# TAG:  date_format
#       Date format in reports: e (European=dd/mm/yy), u (American=mm/dd/yy), w (Weekly=yy.ww)
date_format e

uncomment override to yes

# TAG: overwrite_report yes|no
#      yes - if report date already exist then will be overwritten.
#       no - if report date already exist then will be renamed to filename.n, filename.n+1
overwrite_report yes

generating SARG report

# sarg -x [On RedHat based systems]

# sudo sarg -x [On Debian based systems]

which will create an output

[root@localhost squid]# sarg -x

SARG: Init
SARG: Loading configuration from /usr/local/etc/sarg.conf
SARG: Deleting temporary directory "/tmp/sarg"
SARG: Parameters:
SARG:           Hostname or IP address (-a) =
SARG:                    Useragent log (-b) =
SARG:                     Exclude file (-c) =
SARG:                  Date from-until (-d) =
SARG:    Email address to send reports (-e) =
SARG:                      Config file (-f) = /usr/local/etc/sarg.conf
SARG:                      Date format (-g) = USA (mm/dd/yyyy)
SARG:                        IP report (-i) = No
SARG:             Keep temporary files (-k) = No
SARG:                        Input log (-l) = /var/log/squid/access.log
SARG:               Resolve IP Address (-n) = No
SARG:                       Output dir (-o) = /var/www/html/squid-reports/
SARG: Use Ip Address instead of userid (-p) = No
SARG:                    Accessed site (-s) =
SARG:                             Time (-t) =
SARG:                             User (-u) =
SARG:                    Temporary dir (-w) = /tmp/sarg
SARG:                   Debug messages (-x) = Yes
SARG:                 Process messages (-z) = No
SARG:  Previous reports to keep (--lastlog) = 0
SARG: sarg version: 2.3.7 May-30-2013
SARG: Reading access log file: /var/log/squid/access.log
SARG: Records in file: 355859, reading: 100.00%
SARG:    Records read: 355859, written: 355859, excluded: 0
SARG: Squid log format
SARG: Period: 2014 Jan 21
SARG: Sorting log /tmp/sarg/172_16_16_55.user_unsort

generated SARG reports can be accessed under the folders ‘/var/www/html/squid-reports/‘ or ‘/var/www/squid-reports/‘

automating SARG in weekly hourly or daily basis can be done by modifying the contrab file using

crontab -e command

and add the following line at the bottom of the file.

* */1 * * * /usr/local/bin/sarg -x

Comments are closed.

%d bloggers like this: