Centos 7.9部署squid-SARG日志分析软件
2023/02/01 11:48 投稿

转载文章请注明源地址:https://www.latiao.org/631.html

部署SARG 2.3.8

下载地址:
https://master.dl.sourceforge.net/project/sarg/sarg/sarg-2.3.8/sarg-2.3.8.tar.gz?viasf=1

[root@localhost LOG]# tar zxvf sarg-2.3.8.tar.gz #解压
[root@localhost LOG]# cd sarg-2.3.8  #切换目录
[root@localhost LOG]# vim log.c # 对于64位的Linux,log.c的源代码修改

1506行:
if (fprintf(ufile->file, "%s\t%s\t%s\t%s\t%"PRIi64"\t%s\t%ld\t%s\n",dia,hora,ip,url,nbytes,code,elap_time,smartfilter)<=0) {
修改为:
if (fprintf(ufile->file, "%s\t%s\t%s\t%s\t%"PRIi64"\t%s\t%ld\t%s\n",dia,hora,ip,url,(int64_t)nbytes,code,elap_time,smartfilter)<=0) {

1513行:fprintf(fp_log, "%s\t%s\t%s\t%s\t%s\t%"PRIi64"\t%s\t%ld\t%s\n",dia,hora,user,ip,url,nbytes,code,elap_time,smartfilter);修改为:
fprintf(fp_log, "%s\t%s\t%s\t%s\t%s\t%"PRIi64"\t%s\t%ld\t%s\n",dia,hora,user,ip,url,(int64_t)nbytes,code,elap_time,smartfilter);

1654行:printf("LEN=\t%"PRIi64"\n",nbytes);
修改为:
printf("LEN=\t%"PRIi64"\n",(int64_t)nbytes);

[root@localhost LOG]# yum install gcc make httpd crond pcre-devel gd-devel -y #安装需要依赖
[root@localhost LOG]#./configure  #开始编译
[root@localhost LOG]#make 
[root@localhost LOG]#make install
[root@localhost LOG]vim /usr/local/etc/sarg.conf  #修改配置文件
access_log /LOG/squid/access.log              #日志文件位置
title "Squid User Access Reports"             #标题
output_dir /LOG/sarg/squid-reports            #输出目录
user_ip no                                    #使用用户名显示
topuser_sort_field CONNECT reverse            #top排序中使用连接数user_sort_field CONNECT reverse               #用户访问使用连接数
overwrite_report no                           #是否覆盖日期相同
charset UTF-8                                 #编码
weekdays 0-6                                  #周期
hours 0-23                                    #时间
www_document_root /LOG/sarg/                  #网站根目录

[root@localhost LOG]systemctl enable httpd   #开机自启httpd
[root@localhost LOG]firewall-cmd --permanent --add-service=http   #防火墙放行
[root@localhost LOG]vim /etc/httpd/conf/httpd.conf   #apache配置文件,仅供参考
…
DocumentRoot "/LOG/sarg/"
<Directory "/LOG/">
    AllowOverride None
    Require all granted
</Directory>
<Directory "/LOG/sarg/">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>
…

[root@localhost LOG]sarg -x         #执行当前分析

分析完毕 浏览器访问:X.X.X.X/squid-reports 即可看到报告!