Topic: sarg reports- need USERID rather than IP

[cjensen]

Since a recent update (yum) on an SME 7 box I see only IP addresses rather than USERID in the reports.  The update included ne dansguardian packages.

I WAS using an implementation of pam authentication as described here:
http://www.vanhees.cc/index.php?module=ContentExpress&func=display&ceid=40
which worked fine.  The templates for this have since been replaced by newer packages and I removed the custom ones.

I have been looking through the sarg.conf and dansguardian conf files but no matter the choices I still see no ID references in the sarg reports.  I also note that the access.log does not contain the same structure with regards to the USERID.

Has anyone else seen this or does someone else recognize what might allow a return to 'userid' being the identification in my reports?

With several other SME 7 servers I administer this is the way I am (was) able to tell if someone bypassed or attempted to bypass the proxy. The ID would not show up but would rather sho the machine ID. Now all I see are IP's period.

Craig

[ElectricHaggis]

Have you had a look in the man page for sarg? You'll need to change the -p to -i & edit the /etc/sarg/sarg.conf file as per the man page.
Hope this helps,
Cheers.

[ElectricHaggis]

Of course the changes need to be made to the cron scripts...but you knew that already.

Cheers.

[cjensen]

Have you had a look in the man page for sarg? You'll need to change the -p to -i & edit the /etc/sarg/sarg.conf file

Yes indeed I read all of the man pages.  In fact the change that gives 'me' the reports that I want is to make revert to:
access_log /var/log/squid/access.log

The other logs do not parse the actual username correctly no matter the options.  You either get pcxxxx-sme.yourip.net for the logged in user or the actual IP.  These access logs all have the username but in a different location in the lines which may be why it is parsed as such.  Whatever the reason the only way with the current versions of Sarg, Dans, and their smeserver- companions to report actual usernames is to revert to the squid log.

Craig

[stephen noble]

sarg with dansguardian still shows usernames on 7.1.2

did you set the db value and configure dans to save in squid format
http://www.dungog.net/sme/dansguardian.php#sarg
[and possibly rotate logs to remove the old format]

[cjensen]

sarg with dansguardian still shows usernames on 7.1.2

did you set the db value and configure dans to save in squid format
http://www.dungog.net/sme/dansguardian.php#sarg
[and possibly rotate logs to remove the old format]

Out of three servers I am testing I got one to work. They all have the identical packages (sarg, squid, dans..) but the one that is working correctly is a fresh 7.0 install upgraded incrementally to 7.1.2.  The two not working correctly are upgrades from 6.0.1. I will wait for a day of activity to see what parses with the next report generation.  From there I should 'hopefully' see them all work or at least have a basis to track the cause and decide if it is worth a bug entry.
BTW, thanks for your work on your great contribs Stephen.

Craig

[cjensen]

OK, all three now report correctly.

So for anyone who may have implemented any of the masq custom-templating for pam_auth or ncsa_auth the reporting of your accesses will be different than before once the new versions of squid, sarg, dans are installed.  My own alterations cause the problem. Once I removed custom templates for masq, commented the user_ip out (as is default in the rpm) and set the db for sarg logfile to squid- reports include the userid as I wanted.

Craig

[cjensen]

Actually...  The report generated by

Code: [Select]

# /usr/bin/sarg (the ONE-SHOT report), parses the access.log file assigned in the DB (mine is squid) and thus reports userID.  The sarg rpm (sarg-2.2.1-1.el4.rf) installs cron jobs in daily/weekly/monthly/  Each of these parse the dansguardian access.log file which does not provide userID in these generated reports.  I change them all to parse the squid access.log and userID is in all reports.  I have not yet looked at the source of the previous versions of sarg to determine why I 'was' getting userID until an update in mid-january.  If I get around to it I will follow up...

Craig

[haymann]

sarg with dansguardian still shows usernames on 7.1.2

did you set the db value and configure dans to save in squid format
http://www.dungog.net/sme/dansguardian.php#sarg
[and possibly rotate logs to remove the old format]

So if you had a fresh server and were going to install SARG and Dansguardian, what order would you install them in?

Also, I don't think I completely understand the following direction from the dungog page:

set dansguardian to save logs in squid format
dansguardian format is ignored

I am assuming that setting log format takes place in one of the Dan's config files, but you know what they say about assuming...
Thanks,
Ryan

[cjensen]

it is in /etc/dansguardian/dansguardian.conf:

Code: [Select]


# Log File Format
# 1 = DansGuardian format        2 = CSV-style format
# 3 = Squid Log File Format      4 = Tab delimited
logfileformat = 3


Install the packages using yum.

Code: [Select]


yum --enablerepo=dungog install sarg smeserver-sarg dansguardian smeserver-dansguardian


For instruc on repo setup:


http://dungog.net/sme/repo.php

Craig

[haymann]

Thank you Craig, i appreciate it.
Ryan

[imcintyre]

Craig;

After some struggle got Sarg going but did not want to bother yet with Dansguardian. I would like to see the username and not the address as my kids share a couple of pc's.

Looking at you next to last post

it is in /etc/dansguardian/dansguardian.conf:

Code:

# Log File Format
# 1 = DansGuardian format        2 = CSV-style format
# 3 = Squid Log File Format      4 = Tab delimited
logfileformat = 3

I found a file /etc/sarg/sarg.conf but, could not figure how you got to the
Code you have displayed "# Log File Format".
Can you point me in the right direction?
Thx in advance
Ian

[cjensen]

The default settings should work for you then.

The code is from dansguardian's conf file and it points sarg to the format desired in the log it parses.  Look at the top of sarg.conf template:

Code: [Select]


[root@sme7test /]# head -20 /etc/e-smith/templates/etc/sarg/sarg.conf
# sarg.conf
#

{
 my $language = $sarg{'language'} || 'English';
 my $logfile  = $sarg{'logfile'}  || 'squid';
 my $values   = $sarg{'values'}   || 'bytes';
 my $lastlog  = $sarg{'lastlog'}  || '0';

 $OUT .= "language $language\n";
 $OUT .= "access_log /var/log/$logfile/access.log\n";
 $OUT .= "title \"$logfile user access reports\"\n";
 $OUT .= "displayed_values $values\n";
 $OUT .= "lastlog $lastlog\n";

 if ($logfile eq 'dansguardian')
 { $OUT .= "dansguardian_conf /etc/dansguardian/dansguardian.conf\n"; }

}
[root@sme7test /]#


Then the output of template expansion-

Code: [Select]


[root@sme7test /]# head -10 /etc/sarg/sarg.conf
# sarg.conf
#

language English
access_log /var/log/squid/access.log
title "squid user access reports"
displayed_values abbreviation
lastlog 0


[root@sme7test /]#


You should see what you want in the logs without changes.

Craig

[imcintyre]

Ok. I used your code and got a slightly different result.

Code: [Select]

[root@myserver /]# head -20 /etc/e-smith/templates/etc/sarg/sarg.conf

Result

# sarg.conf
#

{
 my $language = $sarg{'language'} || 'English';
 my $logfile  = $sarg{'logfile'}  || 'squid';
 my $values   = $sarg{'values'}   || 'bytes';
 my $lastlog  = $sarg{'lastlog'}  || '0';

 $OUT .= "language $language\n";
 $OUT .= "access_log /var/log/$logfile/access.log\n";
 $OUT .= "title \"$logfile user access reports\"\n";
 $OUT .= "displayed_values $values\n";
 $OUT .= "lastlog $lastlog\n";

 if ($logfile eq 'dansguardian')
 { $OUT .= "dansguardian_conf /etc/dansguardian/dansguardian.conf\n"; }

}

That looked good

Code: [Select]

[root@myserver /]# head -10 /etc/sarg/sarg.conf

Result

# sarg.conf
#

language English
access_log /var/log/squid/access.log
title "squid user access reports"
displayed_values bytes
lastlog 0

As you can see the second last line is different than yours.
Presuming that this is the source of my problem, how do I change it.

Thx in advance for your help.

Ian

[cjensen]

to see your settings:

Code: [Select]


[root@sme7test /]# config show sarg
sarg=service
    language=English
    logfile=squid
    values=abbreviation
[root@sme7test /]#

to change:

Code: [Select]


[root@sme7test /]# db configuration setprop sarg DESIRED_VALUE DESIRED_SETTING
[root@sme7test /]#

and...

Code: [Select]


[root@sme7test /]# expand-template /etc/sarg/sarg.conf

example:

Code: [Select]


[root@sme7test /]# db configuration setprop sarg logfile squid


Craig