Recent changes to support-requests

unable to generate user specific report for username such as "user@domain.local"

pratik jones — Thu, 23 May 2024 16:14:01 -0000

Im using sarg version: SARG version: 2.3.11 Jan-14-2018

Im trying to create a user specific report.
However when using inlcude_users "test@domain.local" reports for the mentioned users are not getting generated.

I have tried using strip_user_suffix, however im getting an error which says SARG: Unknown option strip_user_suffix @domain.local

what are my other options to deal such an issue?

Sarg report don't resolve ip->hostname on wifi and vpn area x

Stephane — Wed, 12 May 2021 06:56:19 -0000

Hello,
My sarg don't resolve ip for vpn and wifi area.
For vpn, it's not same dns, should i open flux in dns vpn server ans put address in my sarg computer?
For wifi, it's same dns server as ethernet, I shouldn't have this problem.
An idea please ? ;)
Thks

#42 Can't form reports

Sérgio Neves — Mon, 01 Mar 2021 18:18:32 -0000

TKS!!!

Exclude codes in Reporting

Murari Rajagopalan — Wed, 11 Nov 2020 14:03:15 -0000

Hello there,
I am trying to exclude the following logs in the SARG reporting. Sample access logs , sarg configuration path and exclude_hosts details are mentioned below.
For some reason, despite having a configuration in sarg.conf this does not seems to be working. any idea as what am i missing ?

Sarg Configuration
Reference in sarg.conf
exclude_codes /etc/sarg/exclude_codes

exclude_codes details
NONE/400
NONE/411
TCP_DENIED/407
TCP_DENIED/403
TCP_DENIED/400
TCP_DENIED/401
TCP_DENIED/411
TCP_MEM_HIT/200
TCP_MEM_HIT/302
TCP_REFRESH_HIT/200
TCP_REFRESH_HIT/304
TCP_NEGATIVE_HIT/404
TCP_IMS_HIT/304
TCP_IMS_HIT/200
TCP_HIT/200
TCP_HIT/302
TCP_MISS/200
TCP_MISS/503

Access Log Sample to be excluded
1605094541.375 274 192.168.0.61 TCP_MISS/200 335 GET http://detectportal.firefox.com/success.txt - HIER_DIRECT/34.107.221.82 text/plain
1605094541.477 5 192.168.0.61 TCP_MISS/200 335 GET http://detectportal.firefox.com/success.txt? - HIER_DIRECT/34.107.221.82 text/plain
1605094541.480 7 192.168.0.61 TCP_MISS/200 335 GET http://detectportal.firefox.com/success.txt? - HIER_DIRECT/34.107.221.82 text/plain
1605094542.380 3123 192.168.0.61 TCP_MISS/200 918 POST http://ocsp.digicert.com/ - HIER_DIRECT/117.18.237.29 application/ocsp-response
1605094542.381 3431 192.168.0.61 TCP_MISS/200 918 POST http://ocsp.digicert.com/ - HIER_DIRECT/117.18.237.29 application/ocsp-response
1605094542.381 2408 192.168.0.61 TCP_MISS/200 918 POST http://ocsp.digicert.com/ - HIER_DIRECT/117.18.237.29 application/ocsp-response
1605094542.381 4142 192.168.0.61 TCP_MISS/200 919 POST http://ocsp.digicert.com/ - HIER_DIRECT/117.18.237.29 application/ocsp-response
1605094542.381 909 192.168.0.61 TCP_MISS/200 919 POST http://ocsp.digicert.com/ - HIER_DIRECT/117.18.237.29 application/ocsp-response
1605094542.381 4455 192.168.0.61 TCP_MISS/200 919 POST http://ocsp.digicert.com/ - HIER_DIRECT/117.18.237.29 application/ocsp-response
1605094542.381 2715 192.168.0.61 TCP_MISS/200 918 POST http://ocsp.digicert.com/ - HIER_DIRECT/117.18.237.29 application/ocsp-response
1605094542.381 823 192.168.0.61 TCP_MISS/200 727 POST http://ocsp.digicert.com/ - HIER_DIRECT/117.18.237.29 application/ocsp-response
1605094542.381 5068 192.168.0.61 TCP_MISS/200 919 POST http://ocsp.digicert.com/ - HIER_DIRECT/117.18.237.29 application/ocsp-response
1605094542.743 9 192.168.0.61 TCP_MI

#46 Sarg: Show only the url typed

José Antônio Batista Júnior — Tue, 28 Nov 2017 10:28:48 -0000

Good Morning! OK thank you.

#46 Sarg: Show only the url typed

Frederic Marchal — Mon, 27 Nov 2017 19:51:02 -0000

None that I can see. Sorry.

An average desktop computer sends a lot of requests. Some are unattended such as system updates, software updates and so on. Others are consequences of user requests (css, images, js, ads, iframe...). You might filter out urls to only keep html pages. I don't know how many false positive that list would contain. And then you would miss any audio, video or exe downloaded by typing the url directly into the browser address bar (such as a link clicked in a mail). So, as I said, no reliable solution.

#46 Sarg: Show only the url typed

José Antônio Batista Júnior — Mon, 27 Nov 2017 19:15:59 -0000

Hello. First of all, thank you.

Is there an alternative?

#46 Sarg: Show only the url typed

Frederic Marchal — Mon, 27 Nov 2017 19:05:14 -0000

You can't. That information is not available in the log.

Squid only sees requests coming from network connected devices. Network devices don't advertise the reason they fetch such or such url.

Sarg: Show only the url typed

José Antônio Batista Júnior — Mon, 27 Nov 2017 18:17:35 -0000

How do I make the sarg report show me only user-entered url

Can't disable site_user_time_date report on version 2.3.10

William Della Noce — Wed, 12 Jul 2017 21:04:32 -0000

Hello

I've noticed that in version sarg 2.3.10, if the value site_user_time_date is not included in the parameter report_type the execution is aborted and the following message is shown in console:

$ sudo sarg -f /usr/local/etc/sarg.conf -d 12/07/2017-12/07/2017
SARG: Records in file: 12056, reading: 100.00%
SARG: Period covered by log files: 12/07/2017-12/07/2017
SARG: (repday) Cannot open file "/var/www/sarg/12Jul2017-12Jul2017/10_15_1_128/d10_15_1_128.html": No such file or directory

I'm getting this error on raspbian linux 8.0 Jessie (ARMHLv7 platorm).

If the value site_user_time_date is included in the report_type parameter, the execution ends without error, and the reports are generated as expected.

Thanks in advance.