![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
Squidログ解析ツールであるSargを導入してSquidのログをWebインタフェースで参照できるようにする。また、squidGuardを導入している場合、squidGuardによりアクセスブロックされたログも参照できるようにする。
| [root@localhost ~]# yum -y install gd gd-devel vlgothic-fonts ← Sargインストールに必要なパッケージをインストール |
| [root@localhost ~]# wget http://www.sraellis.tk/sarg7/sarg-2.3.10-3.v7.x86_64.rpm ← Sargダウンロード |
| [root@localhost ~]# yum -y localinstall sarg-2.3.10-3.v7.x86_64.rpm ← Sargインストール |
| [root@localhost ~]# rm -f sarg-2.3.10-3.v7.x86_64.rpm ← ダウンロードしたファイルを削除 |
| [root@localhost ~]# vi /etc/sarg/sarg.conf ← Sarg設定ファイル編集 |
| # TAG: graphs yes | no # Use graphics where is possible. # graph_days_bytes_bar_color blue | green | yellow | orange | brown | red # graphs yes ← グラフ表示有効化 # TAG: graph_font # The full path to the TTF font file to use to create the graphs. It is required # if graphs is set to yes. # #graph_font /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf graph_font /usr/share/fonts/vlgothic/VL-Gothic-Regular.ttf ← グラフフォント指定 # TAG: font_face # Especify the font for html page. # #font_face Tahoma,Verdana,Arial font_face メイリオ, Meiryo, Osaka, "ヒラギノ角ゴ Pro W3" ← 日本語フォント指定 # TAG: lastlog n # How many reports files must be keept in reports directory. # The oldest report file will be automatically removed. # 0 - no limit. # #lastlog 0 lastlog 90 ← ログ解析結果保存数を指定 # TAG: overwrite_report yes | no # yes - if report date already exist then will be overwrited. # no - if report date already exist then will be renamed to filename.n, filename.n+1 # #overwrite_report no overwrite_report yes ← 同一日のログ解析結果は上書きする # TAG: charset name # ISO 8859 is a full series of 10 standardized multilingual single-byte coded (8bit) # graphic character sets for writing in alphabetic languages # You can use the following charsets: # Latin1 - West European # Latin2 - East European # Latin3 - South European # Latin4 - North European # Cyrillic # Arabic # Greek # Hebrew # Latin5 - Turkish # Latin6 # Windows-1251 # Japan # Koi8-r # UTF-8 # #charset Latin1 charset UTF-8 ← 日本語化 # TAG: squidguard_conf file # path to squidGuard.conf file # Generate reports from SquidGuard logs. # Use 'none' to disable. # You can use sarg -L filename to use an alternate squidGuard log. # squidguard_conf /usr/local/squidGuard/squidGuard.conf # #squidguard_conf none squidguard_conf /etc/squid/squidGuard.conf ← squidGuard設定ファイル指定 ※squidGuard導入している場合のみ # Report limits # TAG: authfail_report_limit n # TAG: denied_report_limit n # TAG: siteusers_report_limit n # TAG: squidguard_report_limit n # TAG: user_report_limit n # TAG: dansguardian_report_limit n # TAG: download_report_limit n # report limits (lines). # '0' no limit # #authfail_report_limit 10 #denied_report_limit 10 #siteusers_report_limit 0 #squidguard_report_limit 10 #dansguardian_report_limit 10 #user_report_limit 10 #user_report_limit 50 squidguard_report_limit 0 ← squidGuardログ出力数を無制限にする ※squidGuard導入している場合のみ # TAG: external_css_file path # Provide the path to an external css file to link into the HTML reports instead of # the inline css written by sarg when this option is not set. # # In versions prior to 2.3, this used to be an absolute file name to # a file to include verbatim in each HTML page but, as it takes a lot of # space, version 2.3 switched to a link to an external css file. # Therefore, this option must contain the HTTP server path on which a client # browser may find the css file. # # Sarg use theses style classes: # .logo logo class # .info sarg information class, align=center # .title_c title class, align=center # .header_c header class, align:center # .header_l header class, align:left # .header_r header class, align:right # .text text class, align:right # .data table text class, align:right # .data2 table text class, align:left # .data3 table text class, align:center # .link link class # # Sarg can be instructed to output the internal css it inline # into the reports with this command: # # sarg --css # # You can redirect the output to a file of your choice and edit # it to your liking. # #external_css_file none external_css_file /sarg/sarg.css ← スタイルシートパス修正 # TAG: sorttable path # The path to a javascript script to dynamically sort the tables. # The path is the link a browser must follow to find the script. For instance, # it may be http://www.myproxy.org/sorttable.js or just /sorttable.js if the script # is at the root of your web site. # # If the path starts with "../" then it is assumed to be a relative # path and sarg adds as many "../" as necessary to locate the js script from # the output directory. Therefore, ../../sorttable.js links to the javascript # one level above output_dir. # # If this entry is set, each sortable table will have the "sortable" class set. # You may have a look at http://www.kryogenix.org/code/browser/sorttable/ # for the implementation on which sarg is based. # # sorttable /sorttable.js sorttable /sarg/sorttable.js ← ソートスクリプト指定※スクリプトインストールは後述 |
| [root@localhost ~]# wget https://kryogenix.org/code/browser/sorttable/sorttable.js ← ソートスクリプトダウンロード |
| [root@localhost ~]# mv sorttable.js /var/www/sarg/ ← ソートスクリプトを所定のディレクトリへ移動 |
| [root@localhost ~]# vi /etc/httpd/conf.d/sarg.conf ← Sarg用Apache設定ファイル編集 |
| Alias /sarg "/var/www/sarg" # 内部からのみアクセス許可 <Directory "/var/www/sarg"> DirectoryIndex index.html <IfModule mod_authz_core.c> # Apache 2.4 Require ip 10.0.0.0/8 Require ip 172.16.0.0/12 Require ip 192.168.0.0/16 </IfModule> <IfModule !mod_authz_core.c> # Apache 2.2 Order allow,deny Allow from 10.0.0.0/8 Allow from 172.16.0.0/12 Allow from 192.168.0.0/16 </IfModule> </Directory> |
| [root@localhost ~]# systemctl reload httpd ← Apache設定反映 |
| [root@localhost ~]# sarg -d day-0 ← 当日のSquidログ解析 |
※Daily reports、Weekly reports、Monthly reportsはCRON設定(/etc/cron.daily/sarg、/etc/cron.weekly/sarg、/etc/cron.monthly/sarg)による自動実行により作成される。
![[heart]](image/face/heart.png)
