SARG ( Squid Analysis Report Generator ) Installation & Configuration

It is an Open-Source tool, which helps us analyze Squid Proxy logs & generates reports in HTML format with all the information from logs presented in nice & easy to understand format.
& It gives information about User’s IP addresses , total & individually used bandwidth etc with access to Daily, Weekly & Monthly reports.

Installation
The process for installing sarg on Centos/Redhat is a bit complicated, as it needs to be compiled from source. To do that, firstly we need to install required packages to download & compile the package

$ sudo apt-get install -y gcc lighttpd sarg

Now that’s the installation is complete, we will configure it as per our needs by making changes in configuration file

$ sudo nano /etc/sarg/sarg.conf

Firstly, uncomment the line starting with access_log & add path for squid access log. Next, provide output directory for reports next to line starting with output_dir & also select your desired time format, change  line with date_format

#—————————————————————-sarg.conf————————————————————-
# TAG: access_log file
# Where is the access.log file
#
#
access_log /var/log/squid/access.log
Add output directory
# TAG: output_dir
# The reports will be saved in that directory
#
#
output_dir /var/www/html/squid-reports
Set the correct date format
# TAG: date_format
# Date format in reports: e (European=dd/mm/yy), u (American=mm/dd/yy), w (Weekly=yy.ww)
#
date_format e
#——————————————————————————————————————————————–

& lastly , set overwrite report to yes

#————————————————————–sarg.conf—————————————————————

# # TAG: overwrite_report yes|no
# yes – if report date already exist then will be overwritten.
# no – if report date already exist then will be renamed to filename.n, filename.n+1
#
overwrite_report yes
##——————————————————————————————————————————————

$ sudo mkdir /var/www/html/squid-reports

Generating report
To create squid analysis report, we have to enter following command

$ sudo sarg -x

Note: It may take a while depending on number of users accessing squid proxy.

Accessing report

To access the report, enter below mentioned URL in web-browser
http://IP-Address of server/squid-reports

Now, we have all the squid analyzed logs in nice, sorted &easy to understand format

Note: you can also create a cron–job to schedule a report being generated automatically at the time of your choosing.

$ sudo crontab -e

Add for example this line at the end

 * */4 * * * /usr/bin/sarg -x

This will generate a report every 4th hour.

 

Credits