SARG – Squid Analysis Report Generator in Redhat Linux, CentOS, Fedora & Ubuntu, Linux Mint & Debian.
Step1 :- sudo apt-get install squid
Step2 :- sudo gedit /etc/squid3/squid.conf
search Recommended Minimum Configuration:
Add acl localnet src 10.0.0.0/8
search Only allow cachemgr access from localhost
Add localnet
Search Squid normally listens to port 3128
Change http_port 8082
Step3 :- sudo /etc/init.d/squid3 restart
Installing Sarg from Source
On RedHat/CentOS/Fedora
Step4 :- yum install –y gcc gd gd-devel make perl-GD wget httpd
Step5 :-wget http://garr.dl.sourceforge.net/project/sarg/sarg/sarg-2.3.7/sarg-2.3.7.tar.gz
Step6 :- tar -xvzf sarg-2.3.7.tar.gz
Step7 :- cd sarg-2.3.7
Step8 :- ./configure
Step9 :- make
Step10 :- make install
On Debian/Ubuntu/Linux Mint
Step11 :- sudo apt-get install sarg
Configuring Sarg
Step12 :- vi /usr/local/etc/sarg.conf [On RedHat based systems]
Step13 :- sudo gedit /etc/sarg/sarg.conf [On Debian based systems]
Now Uncomment and add the original path to your squid access log file.
# sarg.conf
#
# TAG: access_log file
# Where is the access.log file
# sarg -l file
# access_log /var/log/squid/access.log
Output directory
# TAG: output_dir
# The reports will be saved in that directory
# sarg -o dir
#
output_dir /var/www/html/squid-reports
correct date format for reports
# TAG: date_format
# Date format in reports: e (European=dd/mm/yy), u (American=mm/dd/yy), w (Weekly=yy.ww)
#
date_format e
Next, uncomment and set Overwrite report to ‘Yes’.
# TAG: overwrite_report yes|no
# yes - if report date already exist then will be overwritten.
# no - if report date already exist then will be renamed to filename.n, filename.n+1
#
overwrite_report yes
Generating Sarg Report
Step14 :- sarg -x [On RedHat based systems]
Step15 :- sudo sarg -x [On Debian based systems]
Assessing Sarg Report generated reports placed under ‘/var/www/html/squid-reports/‘ or ‘/var/www/squid-reports/‘
Step16 :-
http://localhost/squid-reports
OR
http://ip-address/squid-reports
