Topic: Problems with SARG and UserIDs

[cmwi96]

Hello,
I'm running Jbennets Squidguard contrib and have turned on Ident here is a sample from the log file

Code: [Select]

1188509730.154    179 192.168.0.249 TCP_MISS/200 2478 GET http://www.google.com/webhp? UserNameHERE DIRECT/64.233.167.104 text/htmlI also am running sarg as implemented by dugong:

Code: [Select]

sarg=service
    language=English
    logfile=squid
    values=bytesHowever it seems to not be parsing the correct fields in the log file because the sarg reports generated indicate the following for the userID: direct.64_233_167_104
Have I misconfigured something?

[mrjhb3]

Check the sarg.conf and make it look like this and see if that changes for you.  My sarg reports show the userid.
# TAG:  user_ip yes/no
#       Use Ip Address instead userid in reports.
#       sarg -p
#user_ip no
             

John

[cmwi96]

hmmm I suppose it changes the nature of my question in some ways and yet the subject is still valid. Upon reviewing the new daily log (generated last night) I find that a test ident user has showed up(by name) correctly. I think I know why the other one didn't but I'm not sure what to do with that info, perhaps open a bug report?
When I posted the snippet before I inserted the name UserNameHERE in order to keep the name of the user private. However I think that the format of the user name is what caused the reports to use the wrong field. the user name is in the format FirstName%20Lastname, because it is a local (PC only) windows XP login and it contains a space. Ident reports it with the  %20 and in previous versions of squidguard (haven't tried on this one yet) squidguard would recognize the name in this format for various ACLs. I think that SARG must not like it.r