{"id":26,"date":"2007-04-27T12:01:47","date_gmt":"2007-04-27T10:01:47","guid":{"rendered":"http:\/\/michauko.org\/blog\/2007\/04\/27\/analyser-synthetiser-ses-logs-de-proxy-squid\/"},"modified":"2009-10-08T15:31:45","modified_gmt":"2009-10-08T13:31:45","slug":"analyser-synthetiser-ses-logs-de-proxy-squid","status":"publish","type":"post","link":"https:\/\/michauko.org\/blog\/analyser-synthetiser-ses-logs-de-proxy-squid-26\/","title":{"rendered":"Analyser (synth\u00e9tiser) ses logs de proxy Squid"},"content":{"rendered":"

Je voulais avoir, par curiosit\u00e9, un top ten des sites visit\u00e9s par \u00ab\u00a0mes\u00a0\u00bb utilisateurs de tunnels SSH et de proxy Squid. Inutile, voyeur, et donc indispensable.
\nBon, dans un contexte professionnel, \u00e7a pourrait \u00eatre utile, j’admets, surtout avec des utilisateurs sign\u00e9s sur le proxy.<\/p>\n

J’ai donc trouv\u00e9 l’outil SARG (apt-get install sarg<\/code>), je l’ai install\u00e9, param\u00e9tr\u00e9 et j’ai attendu le cron.daily du matin pour obtenir un premier rapport Web. Que dalle. Juste un mail de crontab me disant \u00ab\u00a0no entry found in squid\/access.log\u00a0\u00bb (quelque chose dans ce go\u00fbt l\u00e0).
\nEn effet, le packaging de l’outil SARG pose un probl\u00e8me : les logs squid sont analys\u00e9s par SARG apr\u00e8s<\/strong> la rotation quotidienne des logs Squid. Donc pas de log Squid, pas de rapport, pas de voyeurisme. Les boules !<\/p>\n

Je vais donc d\u00e9crire comment param\u00e9trer grossi\u00e8rement SARG et puis comment le faire tourner avant<\/strong> \u00ab\u00a0logrotate\u00a0\u00bb.
\n<\/p>\n

Au fait, c’est peut-\u00eatre un bug, dans ce cas un jour ce sera corrig\u00e9. Moi j’ai constat\u00e9 la chose avec SARG 2.2.3.1-1. J’ai pos\u00e9 la question au mainteneur du paquet. On verra bien.<\/em><\/p>\n

Le gros du param\u00e9trage se situe dans \/etc\/squid\/sarg.conf<\/code>. J’ai extrait ci-dessous les param\u00e8tres les plus importants pour bien d\u00e9marrer. Dans le fichier de conf, chaque param\u00e8tre est explicit\u00e9, c’est pratique :<\/p>\n

madebian:\/etc\/squid# egrep -v \"^$|^#\" sarg.conf | j_enleve_ce_qui_est_inutile\r\nlanguage French\r\naccess_log \/var\/log\/squid\/access.log\r\ngraphs yes\r\ngraph_days_bytes_bar_color orange\r\ntitle \"Squid User Access Reports\"\r\ntemporary_dir \/tmp\r\noutput_dir \/var\/www\/squid-reports\r\nresolve_ip yes\r\nexclude_users \/etc\/squid\/sarg.users\r\nexclude_hosts \/etc\/squid\/sarg.hosts\r\ndate_format e\r\nindex yes\r\nindex_tree file\r\nmail_utility mailx\r\ncharset Latin1<\/pre>\n
Ensuite, le coup de la rotation des logs qui arrive trop t\u00f4t, c’est du fait de l’ordre alphab\u00e9tique, le script \u00ab\u00a0logrotate\u00a0\u00bb dans le r\u00e9pertoire \/etc\/cron.daily\/<\/code> arrive avant le script \u00ab\u00a0sarg\u00a0\u00bb. Ruse de sioux :<\/p>\n
mv \/etc\/cron.daily\/sarg \/etc\/cron.daily\/01sarg<\/pre>\n
J’ai pas voulu mettre le script \u00ab\u00a0sarg\u00a0\u00bb avant le script \u00ab\u00a000logwatch\u00a0\u00bb, \u00e7a m’a l’air mauvais comme id\u00e9e.<\/p>\n
Et le lendemain matin, \u00e0 l’heure de votre cron.daily, \u00e0 vous les rapports SARG.<\/p>\n","protected":false},"excerpt":{"rendered":"
Je voulais avoir, par curiosit\u00e9, un top ten des sites visit\u00e9s par \u00ab\u00a0mes\u00a0\u00bb utilisateurs de tunnels SSH et de proxy Squid. Inutile, voyeur, et donc indispensable. Bon, dans un contexte professionnel, \u00e7a pourrait \u00eatre utile, …<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[391,2,387,82],"tags":[],"class_list":["post-26","post","type-post","status-publish","format-standard","hentry","category-autres-outils","category-debian","category-ligne-de-commande","category-pl"],"yoast_head":"\nAnalyser (synth\u00e9tiser) ses logs de proxy Squid - Le blog de Michauko<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/michauko.org\/blog\/analyser-synthetiser-ses-logs-de-proxy-squid-26\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Analyser (synth\u00e9tiser) ses logs de proxy Squid - Le blog de Michauko\" \/>\n<meta property=\"og:description\" content=\"Je voulais avoir, par curiosit\u00e9, un top ten des sites visit\u00e9s par \u00ab\u00a0mes\u00a0\u00bb utilisateurs de tunnels SSH et de proxy Squid. Inutile, voyeur, et donc indispensable. Bon, dans un contexte professionnel, \u00e7a pourrait \u00eatre utile, …\" \/>\n<meta property=\"og:url\" content=\"https:\/\/michauko.org\/blog\/analyser-synthetiser-ses-logs-de-proxy-squid-26\/\" \/>\n<meta property=\"og:site_name\" content=\"Le blog de Michauko\" \/>\n<meta property=\"article:published_time\" content=\"2007-04-27T10:01:47+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2009-10-08T13:31:45+00:00\" \/>\n<meta name=\"author\" content=\"michauko\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"michauko\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/analyser-synthetiser-ses-logs-de-proxy-squid-26\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/analyser-synthetiser-ses-logs-de-proxy-squid-26\\\/\"},\"author\":{\"name\":\"michauko\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/#\\\/schema\\\/person\\\/0cd9f3d9ce4dccc05df81a5b27051ea9\"},\"headline\":\"Analyser (synth\u00e9tiser) ses logs de proxy Squid\",\"datePublished\":\"2007-04-27T10:01:47+00:00\",\"dateModified\":\"2009-10-08T13:31:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/analyser-synthetiser-ses-logs-de-proxy-squid-26\\\/\"},\"wordCount\":310,\"commentCount\":3,\"articleSection\":[\"autres outils\",\"Debian\",\"ligne de commande\",\"planet-libre.org\"],\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/michauko.org\\\/blog\\\/analyser-synthetiser-ses-logs-de-proxy-squid-26\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/analyser-synthetiser-ses-logs-de-proxy-squid-26\\\/\",\"url\":\"https:\\\/\\\/michauko.org\\\/blog\\\/analyser-synthetiser-ses-logs-de-proxy-squid-26\\\/\",\"name\":\"Analyser (synth\u00e9tiser) ses logs de proxy Squid - Le blog de Michauko\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/#website\"},\"datePublished\":\"2007-04-27T10:01:47+00:00\",\"dateModified\":\"2009-10-08T13:31:45+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/#\\\/schema\\\/person\\\/0cd9f3d9ce4dccc05df81a5b27051ea9\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/analyser-synthetiser-ses-logs-de-proxy-squid-26\\\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/michauko.org\\\/blog\\\/analyser-synthetiser-ses-logs-de-proxy-squid-26\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/analyser-synthetiser-ses-logs-de-proxy-squid-26\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/michauko.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Analyser (synth\u00e9tiser) ses logs de proxy Squid\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/michauko.org\\\/blog\\\/\",\"name\":\"Le blog de Michauko\",\"description\":\"Si tu ne comprends pas le titre de l'article, passe ton chemin\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/michauko.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/#\\\/schema\\\/person\\\/0cd9f3d9ce4dccc05df81a5b27051ea9\",\"name\":\"michauko\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g\",\"caption\":\"michauko\"},\"sameAs\":[\"http:\\\/\\\/michauko.org\\\/\"],\"url\":\"https:\\\/\\\/michauko.org\\\/blog\\\/author\\\/randomized2\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Analyser (synth\u00e9tiser) ses logs de proxy Squid - Le blog de Michauko","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/michauko.org\/blog\/analyser-synthetiser-ses-logs-de-proxy-squid-26\/","og_locale":"fr_FR","og_type":"article","og_title":"Analyser (synth\u00e9tiser) ses logs de proxy Squid - Le blog de Michauko","og_description":"Je voulais avoir, par curiosit\u00e9, un top ten des sites visit\u00e9s par \u00ab\u00a0mes\u00a0\u00bb utilisateurs de tunnels SSH et de proxy Squid. Inutile, voyeur, et donc indispensable. Bon, dans un contexte professionnel, \u00e7a pourrait \u00eatre utile, …","og_url":"https:\/\/michauko.org\/blog\/analyser-synthetiser-ses-logs-de-proxy-squid-26\/","og_site_name":"Le blog de Michauko","article_published_time":"2007-04-27T10:01:47+00:00","article_modified_time":"2009-10-08T13:31:45+00:00","author":"michauko","twitter_card":"summary_large_image","twitter_misc":{"\u00c9crit par":"michauko","Dur\u00e9e de lecture estim\u00e9e":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/michauko.org\/blog\/analyser-synthetiser-ses-logs-de-proxy-squid-26\/#article","isPartOf":{"@id":"https:\/\/michauko.org\/blog\/analyser-synthetiser-ses-logs-de-proxy-squid-26\/"},"author":{"name":"michauko","@id":"https:\/\/michauko.org\/blog\/#\/schema\/person\/0cd9f3d9ce4dccc05df81a5b27051ea9"},"headline":"Analyser (synth\u00e9tiser) ses logs de proxy Squid","datePublished":"2007-04-27T10:01:47+00:00","dateModified":"2009-10-08T13:31:45+00:00","mainEntityOfPage":{"@id":"https:\/\/michauko.org\/blog\/analyser-synthetiser-ses-logs-de-proxy-squid-26\/"},"wordCount":310,"commentCount":3,"articleSection":["autres outils","Debian","ligne de commande","planet-libre.org"],"inLanguage":"fr-FR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/michauko.org\/blog\/analyser-synthetiser-ses-logs-de-proxy-squid-26\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/michauko.org\/blog\/analyser-synthetiser-ses-logs-de-proxy-squid-26\/","url":"https:\/\/michauko.org\/blog\/analyser-synthetiser-ses-logs-de-proxy-squid-26\/","name":"Analyser (synth\u00e9tiser) ses logs de proxy Squid - Le blog de Michauko","isPartOf":{"@id":"https:\/\/michauko.org\/blog\/#website"},"datePublished":"2007-04-27T10:01:47+00:00","dateModified":"2009-10-08T13:31:45+00:00","author":{"@id":"https:\/\/michauko.org\/blog\/#\/schema\/person\/0cd9f3d9ce4dccc05df81a5b27051ea9"},"breadcrumb":{"@id":"https:\/\/michauko.org\/blog\/analyser-synthetiser-ses-logs-de-proxy-squid-26\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/michauko.org\/blog\/analyser-synthetiser-ses-logs-de-proxy-squid-26\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/michauko.org\/blog\/analyser-synthetiser-ses-logs-de-proxy-squid-26\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/michauko.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Analyser (synth\u00e9tiser) ses logs de proxy Squid"}]},{"@type":"WebSite","@id":"https:\/\/michauko.org\/blog\/#website","url":"https:\/\/michauko.org\/blog\/","name":"Le blog de Michauko","description":"Si tu ne comprends pas le titre de l'article, passe ton chemin","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/michauko.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Person","@id":"https:\/\/michauko.org\/blog\/#\/schema\/person\/0cd9f3d9ce4dccc05df81a5b27051ea9","name":"michauko","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/secure.gravatar.com\/avatar\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g","caption":"michauko"},"sameAs":["http:\/\/michauko.org\/"],"url":"https:\/\/michauko.org\/blog\/author\/randomized2\/"}]}},"_links":{"self":[{"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/posts\/26","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/comments?post=26"}],"version-history":[{"count":2,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/posts\/26\/revisions"}],"predecessor-version":[{"id":813,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/posts\/26\/revisions\/813"}],"wp:attachment":[{"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/media?parent=26"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/categories?post=26"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/tags?post=26"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}