CentOS7

Squidログ解析ツール導入(Sarg)

Squidログ解析ツールであるSargを導入してSquidのログをWebインタフェースで参照できるようにする。また、squidGuardを導入している場合、squidGuardによりアクセスブロックされたログも参照できるようにする。

Sargインストール

[root@localhost ~]# yum -y install gd gd-devel vlgothic-fonts ← Sargインストールに必要なパッケージをインストール
[root@localhost ~]# wget http://www.sraellis.tk/sarg7/sarg-2.3.10-3.v7.x86_64.rpm ← Sargダウンロード
[root@localhost ~]# yum -y localinstall sarg-2.3.10-3.v7.x86_64.rpm ← Sargインストール
[root@localhost ~]# rm -f sarg-2.3.10-3.v7.x86_64.rpm ← ダウンロードしたファイルを削除

Sarg設定

Sarg設定

[root@localhost ~]# vi /etc/sarg/sarg.conf ← Sarg設定ファイル編集
# TAG: graphs yesno
# Use graphics where is possible.
# graph_days_bytes_bar_color blue
greenyelloworangebrownred
#
graphs yes ← グラフ表示有効化

# TAG: graph_font
# The full path to the TTF font file to use to create the graphs. It is required
# if graphs is set to yes.
#
#graph_font /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf
graph_font /usr/share/fonts/vlgothic/VL-Gothic-Regular.ttf ← グラフフォント指定

# TAG: font_face
# Especify the font for html page.
#
#font_face Tahoma,Verdana,Arial
font_face メイリオ, Meiryo, Osaka, "ヒラギノ角ゴ Pro W3" ← 日本語フォント指定

# TAG: lastlog n
# How many reports files must be keept in reports directory.
# The oldest report file will be automatically removed.
# 0 - no limit.
#
#lastlog 0
lastlog 90 ← ログ解析結果保存数を指定

# TAG: overwrite_report yes
no
# yes - if report date already exist then will be overwrited.
# no - if report date already exist then will be renamed to filename.n, filename.n+1
#
#overwrite_report no
overwrite_report yes ← 同一日のログ解析結果は上書きする

# TAG: charset name
# ISO 8859 is a full series of 10 standardized multilingual single-byte coded (8bit)
# graphic character sets for writing in alphabetic languages
# You can use the following charsets:
# Latin1 - West European
# Latin2 - East European
# Latin3 - South European
# Latin4 - North European
# Cyrillic
# Arabic
# Greek
# Hebrew
# Latin5 - Turkish
# Latin6
# Windows-1251
# Japan
# Koi8-r
# UTF-8
#
#charset Latin1
charset UTF-8 ← 日本語化

# TAG: squidguard_conf file
# path to squidGuard.conf file
# Generate reports from SquidGuard logs.
# Use 'none' to disable.
# You can use sarg -L filename to use an alternate squidGuard log.
# squidguard_conf /usr/local/squidGuard/squidGuard.conf
#
#squidguard_conf none
squidguard_conf /etc/squid/squidGuard.conf ← squidGuard設定ファイル指定 ※squidGuard導入している場合のみ

# Report limits
# TAG: authfail_report_limit n
# TAG: denied_report_limit n
# TAG: siteusers_report_limit n
# TAG: squidguard_report_limit n
# TAG: user_report_limit n
# TAG: dansguardian_report_limit n
# TAG: download_report_limit n
# report limits (lines).
# '0' no limit
#
#authfail_report_limit 10
#denied_report_limit 10
#siteusers_report_limit 0
#squidguard_report_limit 10
#dansguardian_report_limit 10
#user_report_limit 10
#user_report_limit 50
squidguard_report_limit 0 ← squidGuardログ出力数を無制限にする ※squidGuard導入している場合のみ

# TAG: external_css_file path
# Provide the path to an external css file to link into the HTML reports instead of
# the inline css written by sarg when this option is not set.
#
# In versions prior to 2.3, this used to be an absolute file name to
# a file to include verbatim in each HTML page but, as it takes a lot of
# space, version 2.3 switched to a link to an external css file.
# Therefore, this option must contain the HTTP server path on which a client
# browser may find the css file.
#
# Sarg use theses style classes:
# .logo logo class
# .info sarg information class, align=center
# .title_c title class, align=center
# .header_c header class, align:center
# .header_l header class, align:left
# .header_r header class, align:right
# .text text class, align:right
# .data table text class, align:right
# .data2 table text class, align:left
# .data3 table text class, align:center
# .link link class
#
# Sarg can be instructed to output the internal css it inline
# into the reports with this command:
#
# sarg --css
#
# You can redirect the output to a file of your choice and edit
# it to your liking.
#
#external_css_file none
external_css_file /sarg/sarg.css ← スタイルシートパス修正

# TAG: sorttable path
# The path to a javascript script to dynamically sort the tables.
# The path is the link a browser must follow to find the script. For instance,
# it may be http://www.myproxy.org/sorttable.js or just /sorttable.js if the script
# is at the root of your web site.
#
# If the path starts with "../" then it is assumed to be a relative
# path and sarg adds as many "../" as necessary to locate the js script from
# the output directory. Therefore, ../../sorttable.js links to the javascript
# one level above output_dir.
#
# If this entry is set, each sortable table will have the "sortable" class set.
# You may have a look at http://www.kryogenix.org/code/browser/sorttable/
# for the implementation on which sarg is based.
#
# sorttable /sorttable.js
sorttable /sarg/sorttable.js ← ソートスクリプト指定※スクリプトインストールは後述
[root@localhost ~]# wget https://kryogenix.org/code/browser/sorttable/sorttable.js ← ソートスクリプトダウンロード
[root@localhost ~]# mv sorttable.js /var/www/sarg/ ← ソートスクリプトを所定のディレクトリへ移動

Apache設定

[root@localhost ~]# vi /etc/httpd/conf.d/sarg.conf ← SargApache設定ファイル編集
Alias /sarg "/var/www/sarg"

# 内部からのみアクセス許可
<Directory "/var/www/sarg">
DirectoryIndex index.html
<IfModule mod_authz_core.c>
# Apache 2.4
Require ip 10.0.0.0/8
Require ip 172.16.0.0/12
Require ip 192.168.0.0/16
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order allow,deny
Allow from 10.0.0.0/8
Allow from 172.16.0.0/12
Allow from 192.168.0.0/16
</IfModule>
</Directory>
[root@localhost ~]# systemctl reload httpd ← Apache設定反映

Sarg確認

[root@localhost ~]# sarg -d day-0 ← 当日のSquidログ解析

Daily reportsWeekly reportsMonthly reportsCRON設定(/etc/cron.daily/sarg、/etc/cron.weekly/sarg/etc/cron.monthly/sarg)による自動実行により作成される。


トップ   新規 一覧 検索 最終更新   ヘルプ   最終更新のRSS