Koozali.org: home of the SME Server

Obsolete Releases => SME 7.x Contribs => Topic started by: magwm on June 01, 2010, 12:50:27 PM

Title: squidguard access denied logs
Post by: magwm on June 01, 2010, 12:50:27 PM

does anyone know how to log sites denied by squidguard? I seem to be unable to find any logs of it.. they are not in the SARG logs as 'denied', which is where I would wish them, of course..

any ideas? I see that in squidguard a log option can be put in each acl.. but I don't know how to integrate this in the squidguard contrib..

or maybe it could be done by /home/e-smith/files/ibays/Primary/cgi-bin/blocked.cgi as well, telling it to write the request into a logfile/database?

M

Title: Re: squidguard access denied logs
Post by: mrjhb3 on June 03, 2010, 04:57:34 AM

Haven't tried it, but if you log at /etc/sarg/sarg.conf around line 301 starting with # TAG: report_type type, you may be able to specifiy what type of reporting you want.  From looking at the sarg report, it appears the default is  report_type topusers topsites sites_users downloads.  Unremark line 315 and set what you want, then restart sarg, go to some denied sites, then generate a one-shot report and see if you have the denied sites listed.

Sarg.conf is templated, so if it works for you, then you will need to probably add a templates-custom fragment.

John

Title: Re: squidguard access denied logs
Post by: magwm on June 03, 2010, 10:18:59 AM

Hi John,

thanks a bundle for your info!

my line 315 reads

Code: [Select]

report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads

and it is uncommented already.

the problem is that this 'denied' which in effect turns up in the SARG reports, is not the same as the "access denied" from squidguard, which is in effect a redirect..

so I am still stuck. argh.  :-?

ciao from a sunny Italy,

Michel

Title: Re: squidguard access denied logs
Post by: mrjhb3 on June 03, 2010, 03:38:54 PM

I thought and was expecting the denied log in SARG should match the "access denied" in squidguard.  I'll have to set up my test server in the next couple of weeks and see what the differences are. 

Don't mean to highjack this topic, but do you have a method of rotating your sarg logs.  There currently isn't an automated way, and manually deleting some of the directories seems hit and miss for me.

John

Title: Re: squidguard access denied logs
Post by: magwm on June 03, 2010, 03:46:02 PM

Hi John,

nope, I see now that I have all logs from may 2007 .. I would think that zipping and deleting with cron could suffice..