squid日志分析软件sarg的安装和使用
环境:centos 5.4 +apache 2.2.17 apache 源码编译安装在/usr/local/httpd下 1 下载Sarg的源码包,使用如下命令解压安装。tar –zxvf sarg-2.2.5.tar.gzcd sarg-2.2.5makemake install2 修改配置文件(/usr/local/sarg/sarg.conf),内容如下#指定网页报告类型,目前不支持中文language english#指定squid访问日志的绝对路径access_log /usr/local/squid/var/logs/access.log#指定网页报告的文件输出路径 output_dir /usr/local/httpd/htdocs/sarg#如果报告已存在是否覆盖 overwrite_report no# 指定临时文件目录,请确认该目录所在的分区足够大先,1g以上。temporary_dir /var/tmp3 sarg的命令行解释如下# sarg -hsarg: Usage -a Hostname or IP address -b Useragent log -c Exclude file -d Date from-until dd/mm/yyyy-dd/mm/yyyy -e Email address to send reports (stdout for console) -f Config file (/usr/local/sarg/sarg.conf) -g Date format -h Help (this...) -i Reports by user and IP address -l Input log -n Resolve IP Address -o Output dir -p Use Ip Address instead of userid (reports) -s Accessed site www.microsoft.com, www.netscape.com] -t Time -u User -w Temporary dir -x Process messages -z Debug messages -convert Convert the access.log file to a legible date -split Split the log file by date in -d parameter4 编写脚本我的apache网站家目录是/usr/local/httpd/htdocs每日备份脚本如下:sarg.daily 实现对昨天squid日志统计#!/bin/bash#Get current dateTODAY=$(date +%d/%m/%Y)#Get one week ago todayYESTERDAY=$(date -d yesterday +%d/%m/%Y)/usr/bin/sarg -l /usr/local/squid/var/logs/access.log -o /usr/local/httpd/htdocs/sarg/daily -z -d $YESTERDAYexit 0加入计划任务实现每天凌晨对昨天的访问日志统计#crontab –e0 0 * * *sh /data/myscripts/sarg.daily
每周备份脚本如下:sarg.weekly 实现对上周上网情况统计并对squid日志切割 #!/bin/bash#Get current dateYESTERDAY=$(date --date "1 days ago" +%d/%m/%Y)#Get one week ago todayWEEKAGO=$(date --date "7 days ago" +%d/%m/%Y)/usr/bin/sarg -l /usr/local/squid/var/logs/access.log-o /usr/local/httpd/htdocs/sarg/weekly -z -d $WEEKAGO-$YESTERDAY/usr/local/squid/sbin/squid -k rotateexit 0加入计划任务实现每周一对上周上网情况进行统计 因为考虑到日志切割 所以这个脚本必须在每日统计脚本后执行,所以我选择了凌晨一点。如果这个脚本在每日统计脚本前执行则会造成星期天日志统计报表无法生成#crontab –e0 1 * * 1sh /data/myscripts/sarg.weekly5 测试 sh /data/myscripts/sarg.daily 这样将在/usr/local/httpd/htdocs/sarg/daily下产生如下文件或者文件夹 2011Jun15-2011Jun15 Images index.html
网页访问
网页访问http://192.168.1.2:30000/sarg/weekly
6 加密码我们现在可以看到我们的访问统计情况了。但是这样很不安全,大家都可以看。我们可以用设置让访问http://192.168.1.2:30000/sarg/daily 和 http://192.168.1.2:30000/sarg/weekly时输入用户名密码。a.在apache配置文件 httpd.conf中添加Include conf/extra/squid.confb.在/usr/local/httpd/conf/extra/下创建squid.conf 内容为:
Alias /sarg "/usr/local/httpd/htdocs/sarg"
<Directory "/usr/local/httpd/htdocs/sarg">#SSLRequireSSL Options None AllowOverride None Order allow,deny Allow from all#Order deny,allow#Deny from all#Allow from 127.0.0.1 AuthName "Sarg Access" AuthType Basic AuthUserFile /usr/local/sarg/htpasswd Require valid-user</Directory>
c.创建登陆用户和密码:/usr/local/httpd/bin/htpasswd -c /usr/local/sarg/htpasswd test输入两次test用户密码即可d.重启http服务 让更改生效/usr/local/httpd/bin/apachectl restart现在在来登陆上面的网址输入用户名密码即可好了,搭建完了 帮你顶下哈!! 我抢、我抢、我抢沙发~ 找到好贴不容易,我顶你了,谢了 恋爱就是无数个饭局,结婚就是一个饭局。 帮帮顶顶!!
页:
[1]