This is all well and good, however, SARG will only accept one log variable
(i.e., /var/log/squid/access.log), and squidGuard does not write logs in the
same format as squid.
We have also used SARG very successfully for nearly 2 years, and it is
frustrating to not be able to see the sites that were blocked.
Joe
----- Original Message -----
From: "Rick Matthews" <[EMAIL PROTECTED]>
To: "Elmar" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, August 22, 2002 10:00 PM
Subject: RE: SquidGuard with SARG / Analyzing the log
> > -----Original Message-----
> > From: Elmar
> > Sent: Thursday, August 22, 2002 4:57 PM
> >
> > For analyzing the squid-log SARG works very fine, but I use squidGuard
at
> > school and would like to monitor, which"forbidden" sites have been tried
to
> > being accessed and this is just written down in squidGuard''s log AFAIK.
>
> You can accomplish that by adding logfile and redirect statements to
> each destination declaration block. For example:
>
> dest porn {
> domainlist blacklists/porn/domains
> urllist blacklists/porn/urls
> redirect ......
> logfile /usr/local/squidGuard/log/porn.log
> }
>
> Use a different logfile for each group: aggressive.log, gambling.log,
> etc. You will need to first create each of those log files in your
> logfile directory and set the proper ownership and permissions, then
> bounce squid. Every redirect will then be logged with information that
> is extremely useful in research and debugging. Each time a person is
> redirected, the entry logged will include the following (if available):
> ident, ip, the source group squidGuard placed them in, the destination
> group that redirected them, and the url requested.
>
> Name them with a 'log' extension and then make sure you have a
> /etc/logrotate.d that looks something like this:
> --- /etc/logrotate.d --------
> /usr/local/squidGuard/log/*.log {
> notifempty
> missingok
> sharedscripts
> weekly
> rotate 5
> copytruncate
> postrotate
> /usr/sbin/squid -k reconfigure
> endscript
> }
> ---- end -------------------
> Then all of your squidGuard logs will be rotated together.
>
> After adding the logfile and redirect statements to your destination
> blocks, the only redirect statement needed in your acl blocks is the
> one in the default acl.
>
> I think you will find those helpful.
>
> Rick
