![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
#author("2018-08-26T19:37:49+09:00","","") #author("2018-08-26T19:39:43+09:00","","") [[CentOS7]] *Squidログ解析ツール導入(Sarg) [#ma815cad] ''Squid''ログ解析ツールである''[[Sarg>https://sourceforge.net/projects/sarg/]]''を導入して''Squid''のログを''Web''インタフェースで参照できるようにする。また、''squidGuard''を導入している場合、''squidGuard''によりアクセスブロックされたログも参照できるようにする。 *Sargインストール [#a5f22f09] |BGCOLOR(black):COLOR(white):|c |[root@localhost ~]# yum -y install gd gd-devel vlgothic-fonts &color(lime){← ''Sarg''インストールに必要なパッケージをインストール};| |[root@localhost ~]# wget http://www.sraellis.tk/sarg7/sarg-2.3.10-3.v7.x86_64.rpm &color(lime){← Sargダウンロード};| |[root@localhost ~]# yum -y localinstall sarg-2.3.10-3.v7.x86_64.rpm &color(lime){← ''Sarg''インストール};| |[root@localhost ~]# rm -f sarg-2.3.10-3.v7.x86_64.rpm &color(lime){← ダウンロードしたファイルを削除};| *Sarg設定 [#qf890b60] **Sarg設定 [#qc6ebe9c] |BGCOLOR(black):COLOR(white):|c |[root@localhost ~]# vi /etc/sarg/sarg.conf &color(lime){← Sarg設定ファイル編集};| |# TAG: graphs yes | no &br; # Use graphics where is possible. &br; # graph_days_bytes_bar_color blue | green | yellow | orange | brown | red &br; # &br; graphs yes &color(lime){← グラフ表示有効化}; &br; &br; # TAG: graph_font &br; # The full path to the TTF font file to use to create the graphs. It is required &br; # if graphs is set to yes. &br; # &br; #graph_font /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf &br; graph_font /usr/share/fonts/vlgothic/VL-Gothic-Regular.ttf &color(lime){← グラフフォント指定}; &br; &br; # TAG: font_face &br; # Especify the font for html page. &br; # &br; #font_face Tahoma,Verdana,Arial &br; font_face メイリオ, Meiryo, Osaka, "ヒラギノ角ゴ Pro W3" &color(lime){← 日本語フォント指定}; &br; &br; # TAG: lastlog n &br; # How many reports files must be keept in reports directory. &br; # The oldest report file will be automatically removed. &br; # 0 - no limit. &br; # &br; #lastlog 0 &br; lastlog 90 &color(lime){← ログ解析結果保存数を指定}; &br; &br; # TAG: overwrite_report yes | no &br; # yes - if report date already exist then will be overwrited. &br; # no - if report date already exist then will be renamed to filename.n, filename.n+1 &br; # &br; #overwrite_report no &br; overwrite_report yes &color(lime){← 同一日のログ解析結果は上書きする}; &br; &br; # TAG: charset name &br; # ISO 8859 is a full series of 10 standardized multilingual single-byte coded (8bit) &br; # graphic character sets for writing in alphabetic languages &br; # You can use the following charsets: &br; # Latin1 - West European &br; # Latin2 - East European &br; # Latin3 - South European &br; # Latin4 - North European &br; # Cyrillic &br; # Arabic &br; # Greek &br; # Hebrew &br; # Latin5 - Turkish &br; # Latin6 &br; # Windows-1251 &br; # Japan &br; # Koi8-r &br; # UTF-8 &br; # &br; #charset Latin1 &br; charset UTF-8 &color(lime){← 日本語化}; &br; &br; # TAG: squidguard_conf file &br; # path to squidGuard.conf file &br; # Generate reports from SquidGuard logs. &br; # Use 'none' to disable. &br; # You can use sarg -L filename to use an alternate squidGuard log. &br; # squidguard_conf /usr/local/squidGuard/squidGuard.conf &br; # &br; #squidguard_conf none &br; squidguard_conf /etc/squid/squidGuard.conf &color(lime){← ''squidGuard''設定ファイル指定 ※''squidGuard''導入している場合のみ}; &br; &br; # Report limits &br; # TAG: authfail_report_limit n &br; # TAG: denied_report_limit n &br; # TAG: siteusers_report_limit n &br; # TAG: squidguard_report_limit n &br; # TAG: user_report_limit n &br; # TAG: dansguardian_report_limit n &br; # TAG: download_report_limit n &br; # report limits (lines). &br; # '0' no limit &br; # &br; #authfail_report_limit 10 &br; #denied_report_limit 10 &br; #siteusers_report_limit 0 &br; #squidguard_report_limit 10 &br; #dansguardian_report_limit 10 &br; #user_report_limit 10 &br; #user_report_limit 50 &br; squidguard_report_limit 0 &color(lime){← squidGuardログ出力数を無制限にする ※''squidGuard''導入している場合のみ}; &br; &br; # TAG: external_css_file path &br; # Provide the path to an external css file to link into the HTML reports instead of &br; # the inline css written by sarg when this option is not set. &br; # &br; # In versions prior to 2.3, this used to be an absolute file name to &br; # a file to include verbatim in each HTML page but, as it takes a lot of &br; # space, version 2.3 switched to a link to an external css file. &br; # Therefore, this option must contain the HTTP server path on which a client &br; # browser may find the css file. &br; # &br; # Sarg use theses style classes: &br; # .logo logo class &br; # .info sarg information class, align=center &br; # .title_c title class, align=center &br; # .header_c header class, align:center &br; # .header_l header class, align:left &br; # .header_r header class, align:right &br; # .text text class, align:right &br; # .data table text class, align:right &br; # .data2 table text class, align:left &br; # .data3 table text class, align:center &br; # .link link class &br; # &br; # Sarg can be instructed to output the internal css it inline &br; # into the reports with this command: &br; # &br; # sarg --css &br; # &br; # You can redirect the output to a file of your choice and edit &br; # it to your liking. &br; # &br; #external_css_file none &br; external_css_file /sarg/sarg.css &color(lime){← スタイルシートパス修正}; &br; &br; # TAG: sorttable path &br; # The path to a javascript script to dynamically sort the tables. &br; # The path is the link a browser must follow to find the script. For instance, &br; # it may be http://www.myproxy.org/sorttable.js or just /sorttable.js if the script &br; # is at the root of your web site. &br; # &br; # If the path starts with "../" then it is assumed to be a relative &br; # path and sarg adds as many "../" as necessary to locate the js script from &br; # the output directory. Therefore, ../../sorttable.js links to the javascript &br; # one level above output_dir. &br; # &br; # If this entry is set, each sortable table will have the "sortable" class set. &br; # You may have a look at http://www.kryogenix.org/code/browser/sorttable/ &br; # for the implementation on which sarg is based. &br; # &br; # sorttable /sorttable.js &br; sorttable /sarg/sorttable.js &color(lime){← ソートスクリプト指定※スクリプトインストールは後述};| |[root@localhost ~]# wget https://kryogenix.org/code/browser/sorttable/sorttable.js &color(lime){← ソートスクリプトダウンロード};| |[root@localhost ~]# mv sorttable.js /var/www/sarg/ &color(lime){← ソートスクリプトを所定のディレクトリへ移動};| **Apache設定 [#n8053be0] |BGCOLOR(black):COLOR(white):|c |[root@localhost ~]# vi /etc/httpd/conf.d/sarg.conf &color(lime){← ''Sarg''用''Apache''設定ファイル編集};| |Alias /sarg "/var/www/sarg" &br; &br; # 内部からのみアクセス許可 &br; <Directory "/var/www/sarg"> &br; DirectoryIndex index.html &br; <IfModule mod_authz_core.c> &br; # Apache 2.4 &br; Require ip 10.0.0.0/8 &br; Require ip 172.16.0.0/12 &br; Require ip 192.168.0.0/16 &br; </IfModule> &br; <IfModule !mod_authz_core.c> &br; # Apache 2.2 &br; Order allow,deny &br; Allow from 10.0.0.0/8 &br; Allow from 172.16.0.0/12 &br; Allow from 192.168.0.0/16 &br; </IfModule> &br; </Directory>| |[root@localhost ~]# systemctl reload httpd &color(lime){← ''Apache''設定反映};| *Sarg確認 [#x171d162] |BGCOLOR(black):COLOR(white):|c |[root@localhost ~]# sarg -d day-0 &color(lime){← 当日の''Squid''ログ解析};| -http://サーバーIPアドレス/sarg/へアクセスして''Squid User's Access Report''ページが表示されること -''ONE-SHOT''リンクをクリックして当日の''Squid''ログ解析結果が表示されること -棒グラフをクリックしてグラフが表示されること -''Redirector''リンクをクリックして''squidGuard''によりブロックされたログが表示されること &color(red){※''squidGuard''導入している場合のみ}; &color(red){※''Daily reports''、''Weekly reports''、''Monthly reports''は''CRON''設定(''/etc/cron.daily/sarg、/etc/cron.weekly/sarg''、''/etc/cron.monthly/sarg'')による自動実行により作成される。};
