squid日志分析软件sarg的安装和使用
环境:centos 5.4 +apache 2.2.17 apache 源码编译安装在/usr/local/httpd下
1 下载Sarg的源码包,使用如下命令解压安装。
tar –zxvf sarg-2.2.5.tar.gz
cd sarg-2.2.5
make
make install
2 修改配置文件(/usr/local/sarg/sarg.conf),内容如下
#指定网页报告类型,目前不支持中文
language english
#指定squid访问日志的绝对路径
access_log /usr/local/squid/var/logs/access.log
#指定网页报告的文件输出路径
output_dir /usr/local/httpd/htdocs/sarg
#如果报告已存在是否覆盖
overwrite_report no
# 指定临时文件目录,请确认该目录所在的分区足够大先,1g以上。
temporary_dir /var/tmp
3 sarg的命令行解释如下
[root@server ~]# sarg -h
sarg: Usage [options...]
-a Hostname or IP address
-b Useragent log
-c Exclude file
-d Date from-until dd/mm/yyyy-dd/mm/yyyy
-e Email address to send reports (stdout for console)
-f Config file (/usr/local/sarg/sarg.conf)
-g Date format [e=Europe -> dd/mm/yy, u= USA -> mm/dd/yy]
-h Help (this...)
-i Reports by user and IP address
-l Input log
-n Resolve IP Address
-o Output dir
-p Use Ip Address instead of userid (reports)
-s Accessed site [Eg. www.microsoft.com, www.netscape.com]
-t Time [HH, HH:MM]
-u User
-w Temporary dir
-x Process messages
-z Debug messages
-convert Convert the access.log file to a legible date
-split Split the log file by date in -d parameter
4 编写脚本
我的apache网站家目录是/usr/local/httpd/htdocs
每日备份脚本如下:sarg.daily 实现对昨天squid日志统计
#!/bin/bash
#Get current date
TODAY=$(date +%d/%m/%Y)
#Get one week ago today
YESTERDAY=$(date -d yesterday +%d/%m/%Y)
/usr/bin/sarg -l /usr/local/squid/var/logs/access.log -o /usr/local/httpd/htdocs/sarg/daily -z -d $YESTERDAY
exit 0
加入计划任务实现每天凌晨对昨天的访问日志统计
#crontab –e
0 0 * * * sh /data/myscripts/sarg.daily
每周备份脚本如下:sarg.weekly 实现对上周上网情况统计并对squid日志切割
#!/bin/bash
#Get current date
YESTERDAY=$(date --date "1 days ago" +%d/%m/%Y)
#Get one week ago today
WEEKAGO=$(date --date "7 days ago" +%d/%m/%Y)
/usr/bin/sarg -l /usr/local/squid/var/logs/access.log -o /usr/local/httpd/htdocs/sarg/weekly -z -d $WEEKAGO-$YESTERDAY
/usr/local/squid/sbin/squid -k rotate
exit 0
加入计划任务实现每周一对上周上网情况进行统计 因为考虑到日志切割 所以这个脚本必须在每日统计脚本后执行,所以我选择了凌晨一点。如果这个脚本在每日统计脚本前执行则会造成星期天日志统计报表无法生成
#crontab –e
0 1 * * 1 sh /data/myscripts/sarg.weekly
5 测试
sh /data/myscripts/sarg.daily
这样将在/usr/local/httpd/htdocs/sarg/daily下产生如下文件或者文件夹
2011Jun15-2011Jun15 Images index.html
网页访问http://192.168.1.2:30000/sarg/daily
网页访问http://192.168.1.2:30000/sarg/weekly
6 加密码
我们现在可以看到我们的访问统计情况了。但是这样很不安全,大家都可以看。我们可以用设置让访问http://192.168.1.2:30000/sarg/daily 和 http://192.168.1.2:30000/sarg/weekly 时输入用户名密码。
a.在apache配置文件 httpd.conf中添加
Include conf/extra/squid.conf
b.在/usr/local/httpd/conf/extra/下创建squid.conf 内容为:
Alias /sarg "/usr/local/httpd/htdocs/sarg"
<Directory "/usr/local/httpd/htdocs/sarg">
# SSLRequireSSL
Options None
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName "Sarg Access"
AuthType Basic
AuthUserFile /usr/local/sarg/htpasswd
Require valid-user
</Directory>
c.创建登陆用户和密码:
/usr/local/httpd/bin/htpasswd -c /usr/local/sarg/htpasswd test
输入两次test用户密码即可
d.重启http服务 让更改生效
/usr/local/httpd/bin/apachectl restart
现在在来登陆上面的网址输入用户名密码即可
好了,搭建完了