Topic: squidguard access denied logs

[magwm]

does anyone know how to log sites denied by squidguard? I seem to be unable to find any logs of it.. they are not in the SARG logs as 'denied', which is where I would wish them, of course..

any ideas? I see that in squidguard a log option can be put in each acl.. but I don't know how to integrate this in the squidguard contrib..

or maybe it could be done by /home/e-smith/files/ibays/Primary/cgi-bin/blocked.cgi as well, telling it to write the request into a logfile/database?

M

[mrjhb3]

Haven't tried it, but if you log at /etc/sarg/sarg.conf around line 301 starting with # TAG: report_type type, you may be able to specifiy what type of reporting you want.  From looking at the sarg report, it appears the default is  report_type topusers topsites sites_users downloads.  Unremark line 315 and set what you want, then restart sarg, go to some denied sites, then generate a one-shot report and see if you have the denied sites listed.

Sarg.conf is templated, so if it works for you, then you will need to probably add a templates-custom fragment.

John

[magwm]

Hi John,

thanks a bundle for your info!

my line 315 reads

Code: [Select]

report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads

and it is uncommented already.

the problem is that this 'denied' which in effect turns up in the SARG reports, is not the same as the "access denied" from squidguard, which is in effect a redirect..

so I am still stuck. argh. 

ciao from a sunny Italy,

Michel

[mrjhb3]

I thought and was expecting the denied log in SARG should match the "access denied" in squidguard.  I'll have to set up my test server in the next couple of weeks and see what the differences are. 

Don't mean to highjack this topic, but do you have a method of rotating your sarg logs.  There currently isn't an automated way, and manually deleting some of the directories seems hit and miss for me.

John

[magwm]

Hi John,

nope, I see now that I have all logs from may 2007 .. I would think that zipping and deleting with cron could suffice..