Koozali.org: home of the SME Server
Obsolete Releases => SME 7.x Contribs => Topic started by: dadoudidon on September 05, 2007, 03:44:05 PM
-
Hello
I installed dansguardian and sarg last month.
without authentification, 3128 redirect trough dansguardian other ports (80.8080) blocked following the howto in the wiki.
It was runnig well but since some days all reports are under localhost 127.0.0.1.
Here squid log before:
185674758.259 141 192.168.1.10 TCP_MISS/200 374 POST http://www.mio-tech.be/POIDataBase/LoGon.php - DIRECT/80.66.133.137 text/html
1185674758.431 139 192.168.1.10 TCP_MISS/200 374 GET http://www.mio-tech.be/POIDataBase/Check.php - DIRECT/80.66.133.137 text/html
1185674843.702 193 192.168.1.10 TCP_CLIENT_REFRESH_MISS/200 345 GET http://ui.skype.com/ui/0/3.2.0.163/fr/getlatestversion? - DIRECT/212.72.49.131 text/plain
1185676211.858 394 192.168.1.10 TCP_MISS/200 1531 GET http://xoap.weather.com/weather/local/FRXX0153? - DIRECT/65.207.183.49 text/plain
1185676501.487 1 192.168.1.10 TCP_DENIED/407 383 HEAD http://download.windowsupdate.com/v7/windowsupdate/redir/wuredir.cab? - NONE/- text/html
1185676558.292 140 192.168.1.10 TCP_MISS/200 374 POST http://www.mio-tech.be/POIDataBase/LoGon.php - DIRECT/80.66.133.137 text/html
1185676558.438 137 192.168.1.10 TCP_MISS/200 374 GET http://www.mio-tech.be/POIDataBase/Check.php - DIRECT/80.66.133.137 text/html
and the actual logs
1188703805.950 544 127.0.0.1 TCP_MISS/200 304 GET http://download104.avast.com/iavs4x/servers.def.vpu.stamp - DIRECT/74.53.75.194 application/octet-stream
1188703807.325 418 127.0.0.1 TCP_MISS/200 303 GET http://download918.avast.com/iavs4x/prod-av_pro.vpu.stamp - DIRECT/74.86.96.164 application/octet-stream
1188703807.528 178 127.0.0.1 TCP_MISS/200 304 GET http://download918.avast.com/iavs4x/jollyroger.vpu.stamp - DIRECT/74.86.96.164 application/octet-stream
1188718253.685 464 127.0.0.1 TCP_MISS/200 304 GET http://download910.avast.com/iavs4x/servers.def.vpu.stamp - DIRECT/209.62.112.146 application/octet-stream
1188718254.913 428 127.0.0.1 TCP_MISS/200 304 GET http://download205.avast.com/iavs4x/prod-av_pro.vpu.stamp - DIRECT/75.126.130.172 application/octet-stream
1188718255.127 204 127.0.0.1 TCP_MISS/200 305 GET http://download205.avast.com/iavs4x/jollyroger.vpu.stamp - DIRECT/75.126.130.172 application/octet-stream
1188732697.587 405 127.0.0.1 TCP_MISS/200 304 GET http://download202.avast.com/iavs4x/servers.def.vpu.stamp - DIRECT/75.126.120.196 application/octet-stream
1188732699.034 624 127.0.0.1 TCP_MISS/200 304 GET http://download106.avast.com/iavs4x/prod-av_pro.vpu.stamp - DIRECT/74.53.75.226 application/octet-stream
1188732699.240 194 127.0.0.1 TCP_MISS/200 305 GET http://download106.avast.com/iavs4x/jollyroger.vpu.stamp - DIRECT/74.53.75.226 application/octet-stream
1188747142.703 636 127.0.0.1 TCP_MISS/200 304 GET http://download49.avast.com/iavs4x/servers.def.vpu.stamp - DIRECT/207.44.176.117 application/octet-stream
1188747144.487 785 127.0.0.1 TCP_CLIENT_REFRESH_MISS/200 304 GET http://download209.avast.com/iavs4x/prod-av_pro.vpu.stamp - DIRECT/75.126.203.67 application/octet-stream
1188747144.668 170 127.0.0.1 TCP_CLIENT_REFRESH_MISS/200 305 GET http://download209.avast.com/iavs4x/jollyroger.vpu.stamp - DIRECT/75.126.203.67 application/octet-stream
1188761590.040 1342 127.0.0.1 TCP_MISS/200 304 GET http://download95.avast.com/iavs4x/servers.def.vpu.stamp - DIRECT/75.126.130.166 application/octet-stream
1188761591.291 471 127.0.0.1 TCP_CLIENT_REFRESH_MISS/200 304 GET http://download929.avast.com/iavs4x/prod-av_pro.vpu.stamp - DIRECT/74.86.125.40 application/octet-stream
1188761591.480 178 127.0.0.1 TCP_MISS/200 918 GET http://download929.avast.com/iavs4x/prod-av_pro.vpu - DIRECT/74.86.125.40 application/octet-stream
1188761591.728 212 127.0.0.1 TCP_CLIENT_REFRESH_MISS/200 304 GET http://download929.avast.com/iavs4x/jollyroger.vpu.stamp - DIRECT/74.86.125.40 application/octet-stream
1188761592.257 509 127.0.0.1 TCP_MISS/200 17055 GET http://download929.avast.com/iavs4x/jollyroger.vpu - DIRECT/74.86.125.40 application/octet-stream
1188761592.485 171 127.0.0.1 TCP_MISS/200 575 GET http://download929.avast.com/iavs4x/part-jrog-15.vpu - DIRECT/74.86.125.40 application/octet-stream
1188761592.769 180 127.0.0.1 TCP_MISS/200 1008 GET http://download929.avast.com/iavs4x/jrog-15-14.vpu - DIRECT/74.86.125.40 application/octet-stream
1188761601.294 452 127.0.0.1 TCP_MISS/200 304 GET http://download8.avast.com/iavs4x/servers.def.vpu.stamp - DIRECT/67.15.104.48 application/octet-stream
1188761602.688 441 127.0.0.1 TCP_MISS/200 304 GET http://download53.avast.com/iavs4x/prod-av_pro.vpu.stamp - DIRECT/74.52.7.58 application/octet-stream
1188761602.922 195 127.0.0.1 TCP_MISS/200 304 GET http://download53.avast.com/iavs4x/jollyroger.vpu.stamp - DIRECT/74.52.7.58 application/octet-stream
1188761603.142 198 127.0.0.1 TCP_MISS/200 1179 GET http://download53.avast.com/iavs4x/part-vps-77102.vpu - DIRECT/74.52.7.58 application/octet-stream
1188761604.862 385 127.0.0.1 TCP_MISS/200 3969 GET http://download53.avast.com/iavs4x/vpsm-77102.vpu - DIRECT/74.52.7.58 application/octet-stream
by the way does someone knows how to purge datas in sarg?
thanks for all
David
-
I am experiencing same problem. I found the following info on the Dungog site:
set sarg to look for dansguardian logs
/usr/bin/sarglog dansguardian
Not sure how to achieve this at the moment, but it is a start...
If you find out how to achieve this before me, please share it.
Rgds.
Edit.
check:
http://forums.contribs.org/index.php?topic=38096.0
-
[root@gateway1 bin]# /usr/bin/sarglog dansguardian
sarg to use dansguardian logs
-
>without authentification
I don't know how sarg/squid will know how to identify users without authentication
add to the wiki if it isn't clear http://wiki.contribs.org/Sarg
-
After reading the Wikis (thanks Stephen) this is what I done:
#set sarg to look for dansguardian log
[root@gateway1 bin]# /usr/bin/sarglog dansguardian
sarg to use dansguardian logs
# Force dansguardian to use squid log format from panel
# Ensure that everything is logged, not just blocked sites (the default).
# Note:
[root@gateway1 ~]# config show sarg logfile
sarg=service
language=English
logfile=squid
values=bytes
If not:
[root@gateway1 ~]# config setprop sarg logfile squid
[root@gateway1 ~]# config show sarg logfile
sarg=service
language=English
logfile=squid
values=abbreviation
# Expand:
[root@gateway1 ~]# /usr/bin/sarglog
useage
sarglog (squid|dansguardian)
[root@gateway1 ~]# /usr/bin/sarglog dansguardian
sarg to use dansguardian logs
To test, you can access a few sites, including sites which you know will be blocked by Dans.
#Do a manual update:
[root@gateway1 ~]# /usr/bin/sarg
SARG: Records in file: 4658, reading: 100.00%
Check the "One shot report" (takes a while to appear, wait...)
Its all there, including a new section for Dansguardian, you will also see which sitew have been blocked, with dates, time, etc. I am running transparent proxy, so of course users are not displayed, but IP addresses are.
-
>without authentification
I don't know how sarg/squid will know how to identify users without authentication
add to the wiki if it isn't clear http://wiki.contribs.org/Sarg
Yes it works well and log ip's. I do not need more authentification
And thanks Burnat, it works well now
David
-
After doing these steps i still see:
/usr/bin/sarg
SARG: Records in file: 14050, reading: 100.00%
SARG: No records found
SARG: End
And only the localhost is listed.
The contents of the access.log in /var/log/dansguardian/ looks fine i think