Koozali.org: home of the SME Server
Obsolete Releases => SME 7.x Contribs => Topic started by: cmwi96 on August 31, 2007, 12:53:32 AM
-
Hello,
I'm running Jbennets Squidguard contrib and have turned on Ident here is a sample from the log file
1188509730.154 179 192.168.0.249 TCP_MISS/200 2478 GET http://www.google.com/webhp? UserNameHERE DIRECT/64.233.167.104 text/htmlI also am running sarg as implemented by dugong:
sarg=service
language=English
logfile=squid
values=bytesHowever it seems to not be parsing the correct fields in the log file because the sarg reports generated indicate the following for the userID: direct.64_233_167_104
Have I misconfigured something?
-
Check the sarg.conf and make it look like this and see if that changes for you. My sarg reports show the userid.
# TAG: user_ip yes/no
# Use Ip Address instead userid in reports.
# sarg -p
#user_ip no
John
-
hmmm I suppose it changes the nature of my question in some ways and yet the subject is still valid. Upon reviewing the new daily log (generated last night) I find that a test ident user has showed up(by name) correctly. I think I know why the other one didn't but I'm not sure what to do with that info, perhaps open a bug report?
When I posted the snippet before I inserted the name UserNameHERE in order to keep the name of the user private. However I think that the format of the user name is what caused the reports to use the wrong field. the user name is in the format FirstName%20Lastname, because it is a local (PC only) windows XP login and it contains a space. Ident reports it with the %20 and in previous versions of squidguard (haven't tried on this one yet) squidguard would recognize the name in this format for various ACLs. I think that SARG must not like it.r