Topic: track web surfing

[Shaukat Manji]

Hi All,
I have a e-smith server and gateway setup and working fine.
Is there a package available that can track and report usage by internal lan users surfing the net. Top ten sites visited by the internal lan users etc.
Thanks,
Shaukat

[David Brown]

Try Squid Analysis Report Generator (SARG).  This will generate a webpage with usage statistice for LAN users and sites visited.  You can find info on SARG here, but I don't recall where the e-smith rpm is to set it up right:

http://web.onda.com.br/orso/sarg.html

This only generates reports of what's going through squid, so if you want to see all web trafic on the LAN, you'll need to install transparent proxying.  You can find info on that contrib rpm here:

http://www.e-smith.org/contrib/rpm-index/RPM-e-smith-transproxy-0.3-1.src.html

David Brown
FF&J Architects
dbrown@ffj.yi.org

[Hugues Michel]

Hello !

I use SARG for this. Squid Analysis Report Generator.
Generate html page with a lot of statistics. (user, time, bytes, url, top sites ...)

On my e-smith 4.0 server, all this master key in an ibay.
It is the script cgi-bin which pilots the binary sarg.
Statistics are then available for consultation in this even ibay.


I wrote this perl-cgi script and bash script for automatic install.

Download tar gz archive at http://sgmf.free.fr/analyse_squid_log.html
for install Squid Analysis Report Generator on E-Smith Server 4.0
un-zg and un-tar at root home this archive and read readme.us file.


Sarg is useful with the e-smith 4.1.x, for it it is necessary to modify script bash of installation named
install_sarg
This bash script test of the version of the distribution and path of the ibay supervisor before the install.

You can see the result and more in french at:
http://sgmf.free.fr/analyse_squid_log.html



Good stats

hugues michel

hugos@free-electron.org

[Filippo Carletti]

You should use the squid proxy, which is already installed on e-smith, (a transparent proxy will be better - there is an e-smith rpm in the contrib section) and then analyze squid access log. A good analyzer is sarg (http://web.onda.com.br/orso/sarg.html).

You will find pre-built rpms on rpmfind.net or http://www.mobilia.it/filippo/download/

e-smith add-on rpm for sarg is also here:
ftp://ftp.e-smith.org/pub/e-smith/contrib/FilippoCarletti/RPMS/noarch/

Statistics will be generated every night, go to http://your-server/squid-reports and use the admin account to view the reports.

[Shaukat Manji]

Few more questions.
(a transparent proxy will be better - there is an e-smith
  rpm in the contrib section)
What does a transparent proxy do?
Do I just install it?
Do I have to make any changes on my win98 client machines?
Thanks to all for your help.

[Filippo Carletti]

A transparent proxy is a proxy that the user is not aware of, ie you should not configure a proxy in your browser settings.
It works redirecting packets for port 80 of outside machines to local proxy.
Modification to ipchains and squid config is needed. User will use proxy even if they do not want.
More info and the rpm here:
http://www.e-smith.org/contrib/rpm-index/RPM-e-smith-transproxy-0.2-3.src.html

You should not enable proxy in your win clients.

[Mahmood Al-Yousif]

I downloaded this contrib but when I do:

   rpm -ivh e-smith-sarg-1.0.0-01.noarch.rpm

I get a dependancy error saying that the rpm is needed by "e-smith-sarg-1.0.0-01"!!

So I did a --nodeps install but it gave me an error that it cannot create a file.

When I go to http://myserver/squid-reports I get a "not authorized" message...

I did do a "console-save" after the upgrade.

what now? Appreciate your help

mahmood

[Filippo Carletti]

You should also download sarg-1.1.1-1.i386.rpm, the real app.
Do a search on rpmfind.net or download from http://www.mobilia.it/filippo/download

You should install sarg and then e-smith-sarg which adds e-smith specific features to sarg (remove e-smith-sarg before).

Reports are generated every night, so you should wait the day after or run sarg by hands (look at /etc/crontab)

The squid-reports directory is accessible only to the admin account.
No console-save is needed, the rpm takes care of all (I hope).

Ciao,
Filippo

[Mahmood Al-Yousif]

Thanx again Filippo, I'll download install and report back...

regards
Mahmood

[Mahmood Al-Yousif]

Just tried Filippo and installed both rpm's okay.

When I try to look at the webpage (it's not there, ls doesn't list it, unless it is dynamic and hidden somewhere!) I get the 403 error although I did enter the admin's login name and password.

I'll try after 0330 and report back tomorrow if successful (or not!)

regards
mahmood

[Mahmood Al-Yousif]

Still can't get access to /squid-reports as I am still getting the 403 error..

any suggestions?

[Filippo Carletti]

Reports are written in /var/www/html/squid-reports.
The webpage is accessible only from inside (ie you can't browse reports from the internet).

[Mahmood Al-Yousif]

I changed the owner.group to admin.admin on /var/www/html/squid-reports but still it doesn't allow me to access anything.

There are no files in that directory.And when I run /usr/sbin/sarg /etc/sarg/sarg.conf what it reports is SARG: No records found and SARG:End.

I am sure some people connected to my (virtual) websites on e-smith, although I can't tell if anyone attempted to telnet or ssh.

regards
Mahmood

[Filippo Carletti]

Oh, track web access to your site !
I use webalizer, many analog, there should be an howto on e-smith.

SARG is for squid, to track where your users are going on the net, what sites they visit.

[Mahmood Al-Yousif]

Thanx again Filippo, I'll look into this tonight... though on the SARG front, I still get a 403 (access not authorized) when I try to access /squid-reports...

regards
Mahmood