I tried sqmgrlog, and did not like the output so much. Below is the "ugly"
output of the util sarg at http://web.onda.com.br/orso/sarg.html It does
have an rpm as well, that installs fine on 4.1.1 which I am using.
I had been demo'ing webtrends pro, for these reports, and didn't like
webtrends reports nearly as much, especially the $$$ part.
This seems to be a better utility for analysis, since it makes the initial
web page and subsequent pages for each user, and can sort by:
1: Top Sites
2: Sites & Users
3: Details by user of times, sites, etc..
and more...
There is a bug in the parsing of the usertab, that is affected by spaces,
etc in the lookup list, but it's certainly livable until fixed.
The exact details output can be controlled by the config file. For privacy's
sake, I will be stripping all the site details by user once I have
squidguard installed, and operational. That's next... See tag below:
# TAG: report_type type
# What kind of reports to generate.
# topsites - shows the site, connect and bytes
# sites&users - shows which users were accessing a site
# date/time - shows the amount of bytes used by day and hour
# denied - show all denied sites with full URL
# auth_failures - show autentication failures
#
# Eg.: report_type topsites denied
#
#report_type topsites sites&users date/time denied auth_failures
I have to say this is exactly the tool I was looking for. I have it running
in a cron job, and outputting to a passworded local i-bay and it's pretty
quick for the 10 users who are actually using the proxy right now. I will
move the rest of the users (25) over on Fri. evening. Also the caching
percentage is reported also
****************************************************************************
************************
Example Output: It looks MUCH better in HTML obviously.
Period: 2001Apr04-2001Apr04
Sort: BYTES, reverse
Topuser Report
Topsites Report (LINK)
Sites & Users Report (LINK)
NUM USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED TIME MILISEC %TIME
1 date/time user1 5.127 19.423.422 28.24% 25.83% 74.17% 00:36:59 2.219.426
32.92%
2 date/time DHCPClient 6 5 10.297.792 14.97% 0.00% 100.00% 00:05:45 345.965
5.13%
3 date/time user2 421 9.425.872 13.71% 0.10% 99.90% 00:09:19 559.983 8.31%
4 date/time user3 1.677 7.781.357 11.31% 31.71% 68.29% 00:07:07 427.252
6.34%
5 date/time user4 1.163 5.524.735 8.03% 0.40% 99.60% 00:11:35 695.180
10.31%
6 date/time user5 845 4.813.754 7.00% 2.17% 97.83% 00:13:13 793.805 11.77%
7 date/time user6 1.273 4.755.504 6.91% 1.93% 98.07% 00:09:39 579.360 8.59%
8 date/time user7 1.360 4.039.412 5.87% 38.02% 61.98% 00:09:50 590.718
8.76%
9 date/time user8 547 2.136.274 3.11% 0.20% 99.80% 00:07:06 426.761 6.33%
10 date/time user926 252.9 0.37% 0.00% 100.00% 00:00:45 45.913 0.68%
11 date/time DHCPClient 61 244.688 0.36% 3.46% 96.54% 00:00:46 46.980 0.70%
12 date/time user10 32 78.505 0.11% 1.50% 98.50% 00:00:10 10.278 0.15%
TOTAL 12.537 68.774.261 13.47% 86.53% 01:52:21 6.741.621
AVERAGE 1.044 5.731.188 00:09:21 561.801
Generated by sarg-1.1.1 02Apr2001 on Apr/05/2001 04:02
****************************************************************************
************************
A comparison of the default config and mine is below:
I made a hostlookup with the value usertab
/home/e-smith/files/ibays/reports/files/hosts.txt which is a simple copy of
my local hosts file, with more descriptions for "unknown" users like the few
DHCP clients... The output then goes to a squid_reports subdir of my i-bay
reports. Obviously, these need to be adjusted to correct local paths and
desires.
Compare: (<)G:\sarg.conf.default (7187 bytes)
with: (>)G:\sarg.conf.good (7236 bytes)
< #access_log /var/log/squid/access.log # RedHat version
---
> access_log /var/log/squid/access.log
< #output_dir /home/httpd/html/squid-reports # RedHat version
---
> output_dir /home/e-smith/files/ibays/reports/html/squid-reports
< #resolve_ip no
---
> resolve_ip yes
< #exclude_hosts none
---
> exclude_hosts /etc/sarg/exclude_hosts
< #lastlog 0
---
> lastlog 20
< #remove_temp_files yes
---
> #remove_temp_files no
< #overwrite_report no
---
> overwrite_report yes
< #mail_utility mailx
---
> #mail_utility mail
< #usertab none
---
> usertab /home/e-smith/files/ibays/reports/files/hosts.txt
< #date_time_by bytes
---
> date_time_by elap
****************************************************************************
************************
#Sample usertab
# assigns real names to IP addresses.
# it can also use passwd files as well, if auth is used. beyond my needs tho
for only 35 users.
192.168.3.102 userx
192.168.3.103 userx
192.168.3.104 userx
.
.
etc...
.
.
192.168.3.215 DHCPClient1
192.168.3.216 DHCPClient2
192.168.3.217 DHCPClient3
192.168.3.218 DHCPClient4
192.168.3.219 DHCPClient5
192.168.3.220 DHCPClient6
192.168.3.221 DHCPClient7
192.168.3.222 DHCPClient8
****************************************************************************
************************
# sample exclude_hosts
# prevent reporting on ads, and ad source websites. Should not
# be necessary once squidguard is installed
# the syntax may NOT be perfect for all of these.
# all the ad. entries work, but the longer FQDN's still slip through.
# this table made a 6 minute difference in my top users time tho, so it's
# certainly more accurate, and fair!
doubleclick.net
cgi.ebay.com
cgi2.ebay.com
ads.web.aol.com
ads.msn.com
akamai.net
akamaitech.net
cgi.
ad.
ads.
adfarm.
