4 # Where is the access.log file
7 #access_log /usr/local/squid/var/logs/access.log
10 # Use graphics where is possible.
11 # graph_days_bytes_bar_color blue|green|yellow|orange|brown|red
14 #graph_days_bytes_bar_color orange
17 # The full path to the TTF font file to use to create the graphs. It is required
18 # if graphs is set to yes.
20 #graph_font /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf
23 # Especify the title for html page.
25 #title "Squid User Access Reports"
28 # Especify the font for html page.
30 #font_face Tahoma,Verdana,Arial
33 # Especify the header color
35 #header_color darkblue
38 # Especify the header bgcolor
40 #header_bgcolor blanchedalmond
43 # Especify the text font size
47 # TAG: header_font_size
48 # Especify the header font size
52 # TAG: title_font_size
53 # Especify the title font size
57 # TAG: background_color
58 # TAG: background_color
59 # Html page background color
61 # background_color white
64 # Html page text color
69 # Html page text background color
71 #text_bgcolor lavender
74 # Html page title color
84 # Html page logo text.
88 # TAG: logo_text_color
89 # Html page logo texti color.
91 #logo_text_color #000000
93 # TAG: logo_image_size
94 # Html page logo image size.
99 # TAG: background_image
100 # Html page background image
102 #background_image none
105 # User password file used by Squid authentication scheme
106 # If used, generate reports just for that users.
111 # Temporary directory name for work files
117 # The reports will be saved in that directory
120 #output_dir /var/www/html/squid-reports
122 # TAG: anonymous_output_files yes/no
123 # Use anonymous file and directory names in the report. If it is set to
124 # no (the default), the user id/ip/name is slightly mangled to create a
125 # suitable file name to store the report of the user but the user's
126 # identity can easily be guessed from the mangled name. If this option is
127 # set, any file or directory belonging to the user is replaced by a short
128 # number. The purpose is to hide the identity of the user when looking
129 # at the report file names but it may serve to shorten the path too.
131 #anonymous_output_files no
134 # Email address to send the reports. If you use this tag, no html reports will be generated.
139 # TAG: resolve_ip modulelist
140 # List the modules to use to convert IP addresses into names.
141 # Each named module is tried in sequence until one returns a result. Therefore
142 # the order of the modules is relevant.
143 # The modules must be listed on one line each separated from the previous one with
146 # The possible modules are
148 # exec Call an external program with the IP address as argument.
150 # For compatibility with previous versions, yes is a synonymous for dns and
152 # sarg -n forces the use of the dns module.
155 # TAG: resolve_ip_exec command
156 # If resolve_ip selects the exec module, this is the command to run to
157 # resolve an IP address. The command must contain a placeholder where the
158 # IP address is inserted. The placeholder must be %IP in uppercases. The
159 # placeholder may be repeated multiple times if necessary.
161 # The command is expected to return the host name without frills on its
162 # standard output. If the command returns nothing, it is assumed that the
163 # command could not resolve the IP address and the next module in the
164 # chain is given a try with the same address.
166 # This option can only be used once. Therefore there is only one command
167 # available to resolve an IP address but the program can do anything it
168 # deems fit including attempting several strategies.
170 # Beware that running an external program is exceedingly slow. So you
171 # should try the DNS first and only call an external program if the DNS
173 #resolve_ip_exec nmblookup -A %IP | sed -n -e 's/^ *\(.*\) *<00> - *B.*/\1/p'
175 # TAG: user_ip yes/no
176 # Use Ip Address instead userid in reports.
180 # TAG: topuser_sort_field field normal/reverse
181 # Sort field for the Topuser Report.
182 # Allowed fields: USER CONNECT BYTES TIME
184 #topuser_sort_field BYTES reverse
186 # TAG: user_sort_field field normal/reverse
187 # Sort field for the User Report.
188 # Allowed fields: SITE CONNECT BYTES TIME
190 #user_sort_field BYTES reverse
192 # TAG: exclude_users file
193 # users within the file will be excluded from reports.
194 # you can use indexonly to have only index.html file.
198 # TAG: exclude_hosts file
199 # Hosts, domains or subnets will be excluded from reports.
201 # Eg.: 192.168.10.10 - exclude ip address only
202 # 192.168.10.0/24 - exclude full C class
203 # s1.acme.foo - exclude hostname only
204 # *.acme.foo - exclude full domain name
208 # TAG: useragent_log file
209 # useragent.log file patch to generate useragent report.
214 # Date format in reports: e (European=dd/mm/yy), u (American=mm/dd/yy), w (Weekly=yy.ww)
218 # TAG: per_user_limit file MB
219 # Saves userid on file if download exceed n MB.
220 # This option allow you to disable user access if user exceed a download limit.
225 # How many reports files must be keept in reports directory.
226 # The oldest report file will be automatically removed.
231 # TAG: remove_temp_files yes
232 # Remove temporary files: geral, usuarios, top, periodo from root report directory.
234 #remove_temp_files yes
236 # TAG: index yes|no|only
237 # Generate the main index.html.
238 # only - generate only the main index.html
242 # TAG: index_tree date|file
243 # How to generate the index.
248 # The columns to show in the index of the reports
249 # Columns are: dirsize
251 #index_fields dirsize
253 # TAG: overwrite_report yes|no
254 # yes - if report date already exist then will be overwrited.
255 # no - if report date already exist then will be renamed to filename.n, filename.n+1
259 # TAG: records_without_userid ignore|ip|everybody
260 # What can I do with records without user id (no authentication) in access.log file ?
262 # ignore - This record will be ignored.
263 # ip - Use ip address instead. (default)
264 # everybody - Use "everybody" instead.
266 #records_without_userid ip
268 # TAG: use_comma no|yes
269 # Use comma instead point in reports.
270 # Eg.: use_comma yes => 23,450,110
271 # use_comma no => 23.450.110
276 # Mail command to use to send reports via SMTP. Sarg calls it like this:
277 # mail_utility -s "SARG report, date" "output_email" <"mail_content"
279 # Therefore, it is possible to add more arguments to the command by specifying them
282 # If you need too, you can use a shell script to process the content of /dev/stdin
283 # (/dev/stdin is the mail_content passed by sarg to the script) and call whatever
284 # command you like. It is not limited to mailing the report via SMTP.
286 # Don't forget to quote the command if necessary (i.e. if the path contains
287 # characters that must be quoted).
291 # TAG: topsites_num n
292 # How many sites in topsites report.
296 # TAG: topsites_sort_order CONNECT|BYTES|TIME|USER A|D
297 # Sort for topsites report, where A=Ascendent, D=Descendent
299 #topsites_sort_order CONNECT D
301 # TAG: index_sort_order A/D
302 # Sort for index.html, where A=Ascendent, D=Descendent
306 # TAG: exclude_codes file
307 # Ignore records with these codes. Eg.: NONE/400
308 # Write one code per line. Lines starting with a # are ignored.
309 # Only codes matching exactly one of the line is rejected. The
310 # comparison is not case sensitive.
312 #exclude_codes /usr/local/sarg/etc/exclude_codes
314 # TAG: replace_index string
315 # Replace "index.html" in the main index file with this string
316 # If null "index.html" is used
318 #replace_index <?php echo str_replace(".", "_", $REMOTE_ADDR); echo ".html"; ?>
320 # TAG: max_elapsed milliseconds
321 # If elapsed time is recorded in log is greater than max_elapsed use 0 for elapsed time.
322 # Use 0 for no checking
324 #max_elapsed 28800000
327 # TAG: report_type type
328 # What kind of reports to generate.
329 # topusers - users, sites, times, bytes, connects, links to accessed sites, etc
330 # topsites - site, connect and bytes report
331 # sites_users - users and sites report
332 # users_sites - accessed sites by the user report
333 # date_time - bytes used per day and hour report
334 # denied - denied sites with full URL report
335 # auth_failures - autentication failures report
336 # site_user_time_date - sites, dates, times and bytes report
337 # downloads - downloads per user report
339 # Eg.: report_type topsites denied
341 #report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
343 # TAG: usertab filename
344 # You can change the "userid" or the "ip address" to be a real user name on the reports.
345 # If resolve_ip is active, the ip address is resolved before being looked up into this
346 # file. That is, if you want to map the ip address, be sure to set resolv_ip to no or
347 # the resolved name will be looked into the file instead of the ip address. Note that
348 # it can be used to resolve any ip address known to the dns and then map the unresolved
349 # ip addresses to a name found in the usertab file.
351 # userid name or ip address name
353 # SirIsaac Isaac Newton
354 # vinci Leonardo da Vinci
355 # 192.168.10.1 Karol Wojtyla
357 # Each line must be terminated with '\n'
358 # If usertab have value "ldap" (case ignoring), user names
359 # will be taken from LDAP server. This method as approaches for reception
360 # of usernames from Active Didectory
364 # TAG: LDAPHost hostname
365 # FQDN or IP address of host with LDAP service or AD DC
366 # default is '127.0.0.1'
370 # LDAP service port number
374 # TAG: LDAPBindDN CN=username,OU=group,DC=mydomain,DC=com
375 # DN of LDAP user, who is authorized to read user's names from LDAP base
376 # default is empty line
377 #LDAPBindDN cn=proxy,dc=mydomain,dc=local
379 # TAG: LDAPBindPW secret
380 # Password of DN, who is authorized to read user's names from LDAP base
381 # default is empty line
384 # TAG: LDAPBaseSearch OU=users,DC=mydomain,DC=com
386 # default is empty line
387 #LDAPBaseSearch ou=users,dc=mydomain,dc=local
389 # TAG: LDAPFilterSearch (uid=%s)
390 # User search filter by user's logins in LDAP
391 # First founded record will be used
392 # %s - will be changed to userlogins from access.log file
393 # filter string can have up to 5 '%s' tags
394 # default value is '(uid=%s)'
395 #LDAPFilterSearch (uid=%s)
397 # TAG: LDAPTargetAttr attributename
398 # Name of the attribute containing a name of the user
399 # default value is 'cn'
402 # TAG: long_url yes|no
403 # If yes, the full url is showed in report.
404 # If no, only the site will be showed
406 # YES option generate very big sort files and reports.
410 # TAG: date_time_by bytes|elap
411 # Date/Time reports show the downloaded volume or the elapsed time or both.
416 # ISO 8859 is a full series of 10 standardized multilingual single-byte coded (8bit)
417 # graphic character sets for writing in alphabetic languages
418 # You can use the following charsets:
419 # Latin1 - West European
420 # Latin2 - East European
421 # Latin3 - South European
422 # Latin4 - North European
436 # TAG: user_invalid_char "&/"
437 # Records that contain invalid characters in userid will be ignored by Sarg.
439 #user_invalid_char "&/"
441 # TAG: privacy yes|no
442 # privacy_string "***.***.***.***"
443 # privacy_string_color blue
444 # In some countries the sysadm cannot see the visited sites by a restrictive law.
445 # Using privacy yes the visited url will be changes by privacy_string and the link
446 # will be removed from reports.
449 #privacy_string "***.***.***.***"
450 #privacy_string_color blue
452 # TAG: include_users "user1:user2:...:usern"
453 # Reports will be generated only for listed users.
457 # TAG: exclude_string "string1:string2:...:stringn"
458 # Records from access.log file that contain one of listed strings will be ignored.
462 # TAG: show_successful_message yes|no
463 # Shows "Successful report generated on dir" at end of process.
465 #show_successful_message yes
467 # TAG: show_read_statistics yes|no
468 # Shows some reading statistics.
470 #show_read_statistics yes
472 # TAG: topuser_fields
473 # Which fields must be in Topuser report.
475 #topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
477 # TAG: user_report_fields
478 # Which fields must be in User report.
480 #user_report_fields CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
482 # TAG: bytes_in_sites_users_report yes|no
483 # Bytes field must be in Site & Users Report ?
485 #bytes_in_sites_users_report no
488 # How many users in topsites report. 0 = no limit
493 # Save the report results in a file to populate some database
497 # TAG: datafile_delimiter ";"
498 # ascii character to use as a field separator in datafile
500 #datafile_delimiter ";"
502 # TAG: datafile_fields all
503 # Which data fields must be in datafile
504 # user;date;time;url;connect;bytes;in_cache;out_cache;elapsed
506 #datafile_fields user;date;time;url;connect;bytes;in_cache;out_cache;elapsed
508 # TAG: datafile_url ip|name
509 # Saves the URL as ip or name in datafile
514 # The weekdays to take into account ( Sunday->0, Saturday->6 )
521 # The hours to take into account
523 #hours 7-12,14,16,18-20
527 # TAG: dansguardian_conf file
528 # DansGuardian.conf file path
529 # Generate reports from DansGuardian logs.
530 # Use 'none' to disable it.
531 # dansguardian_conf /usr/dansguardian/dansguardian.conf
533 #dansguardian_conf none
535 # TAG: dansguardian_filter_out_date on|off
536 # This option replaces dansguardian_ignore_date whose name was not appropriate with respect to its action.
537 # Note the change of parameter value compared with the old option.
538 # 'off' use the record even if its date is outside of the range found in the input log file.
539 # 'on' use the record only if its date is in the range found in the input log file.
541 #dansguardian_filter_out_date on
543 # TAG: squidguard_conf file
544 # path to squidGuard.conf file
545 # Generate reports from SquidGuard logs.
546 # Use 'none' to disable.
547 # You can use sarg -L filename to use an alternate squidGuard log.
548 # squidguard_conf /usr/local/squidGuard/squidGuard.conf
550 #squidguard_conf none
552 # TAG: redirector_log file
553 # the location of the web proxy redirector log such as one created by squidGuard or Rejik. The option
554 # may be repeated up to 64 times to read multiple files.
555 # If this option is specified, it takes precedence over squidguard_conf.
556 # The command line option -L override this option.
558 #redirector_log /usr/local/squidGuard/var/logs/urls.log
560 # TAG: redirector_filter_out_date on|off
561 # This option replaces squidguard_ignore_date and redirector_ignore_date whose names were not
562 # appropriate with respect to their action.
563 # Note the change of parameter value compared with the old options.
564 # 'off' use the record even if its date is outside of the range found in the input log file.
565 # 'on' use the record only if its date is in the range found in the input log file.
567 #redirector_filter_out_date on
569 # TAG: redirector_log_format
570 # Format string for web proxy redirector logs.
571 # This option was named squidguard_log_format before sarg 2.3.
572 # REJIK #year#-#mon#-#day# #hour# #list#:#tmp# #ip# #user# #tmp#/#tmp#/#url#/#end#
573 # SQUIDGUARD #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp# #url# #ip#/#tmp# #user# #end#
574 #redirector_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp# #url# #ip#/#tmp# #user# #end#
576 # TAG: show_sarg_info yes|no
577 # shows sarg information and site path on each report bottom
581 # TAG: show_sarg_logo yes|no
586 # TAG: parsed_output_log directory
587 # Saves the processed log in a sarg format after parsing the squid log file.
588 # This is a way to dump all of the data structures out, after parsing from
589 # the logs (presumably this data will be much smaller than the log files themselves),
590 # and pull them back in for later processing and merging with data from previous logs.
592 #parsed_output_log none
594 # TAG: parsed_output_log_compress /bin/gzip|/usr/bin/bzip2|nocompress
595 # Command to run to compress sarg parsed output log. It may contain
596 # options (such as -f to overwrite existing target file). The name of
597 # the file to compresse is provided at the end of this
598 # command line. Don't forget to quote things appropriately.
600 #parsed_output_log_compress /bin/gzip
602 # TAG: displayed_values bytes|abbreviation
603 # how the values will be displayed in reports.
604 # eg. bytes - 209.526
605 # abbreviation - 210K
607 #displayed_values bytes
610 # TAG: authfail_report_limit n
611 # TAG: denied_report_limit n
612 # TAG: siteusers_report_limit n
613 # TAG: squidguard_report_limit n
614 # TAG: user_report_limit n
615 # TAG: dansguardian_report_limit n
616 # TAG: download_report_limit n
617 # report limits (lines).
620 #authfail_report_limit 10
621 #denied_report_limit 10
622 #siteusers_report_limit 0
623 #squidguard_report_limit 10
624 #dansguardian_report_limit 10
625 #user_report_limit 10
626 #user_report_limit 50
628 # TAG: www_document_root dir
629 # Where is your Web DocumentRoot
630 # Sarg will create sarg-php directory with some PHP modules:
631 # - sarg-squidguard-block.php - add urls from user reports to squidGuard DB
633 #www_document_root /var/www/html
635 # TAG: block_it module_url
636 # This tag allow you to pass urls from user reports to a cgi or php module,
637 # to be blocked by some Squid acl
639 # Eg.: block_it /sarg-php/sarg-block-it.php
640 # sarg-block-it is a php that will append a url to a flat file.
641 # You must change /var/www/html/sarg-php/sarg-block-it to point to your file
642 # in $filename variable, and chown to a httpd owner.
644 # sarg will pass http://module_url?url=url
648 # TAG: external_css_file path
649 # Provide the path to an external css file to link into the HTML reports instead of
650 # the inline css written by sarg when this option is not set.
652 # In versions prior to 2.3, this used to be an absolute file name to
653 # a file to include verbatim in each HTML page but, as it takes a lot of
654 # space, version 2.3 switched to a link to an external css file.
655 # Therefore, this option must contain the HTTP server path on which a client
656 # browser may find the css file.
658 # Sarg use theses style classes:
660 # .info sarg information class, align=center
661 # .title_c title class, align=center
662 # .header_c header class, align:center
663 # .header_l header class, align:left
664 # .header_r header class, align:right
665 # .text text class, align:right
666 # .data table text class, align:right
667 # .data2 table text class, align:left
668 # .data3 table text class, align:center
671 # Sarg can be instructed to output the internal css it inline
672 # into the reports with this command:
676 # You can redirect the output to a file of your choice and edit
679 #external_css_file none
681 # TAG: user_authentication yes|no
682 # Allow user authentication in User Reports using .htaccess
684 # AuthUserTemplateFile - The template to use to create the
685 # .htaccess file. In the template, %u is replaced by the
686 # user's ID for which the report is generated. The path of the
687 # template is relative to the directory containing sarg
688 # configuration file.
690 # user_authentication no
691 # AuthUserTemplateFile sarg_htaccess
693 # TAG: download_suffix "suffix,suffix,...,suffix"
694 # file suffix to be considered as "download" in Download report.
695 # Use 'none' to disable.
697 #download_suffix "zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,mp3,avi,mpg,mpeg"
700 # The maximum number of open file descriptors to avoid "Too many open files" error message.
701 # You need to run sarg as root to use ulimit tag.
702 # If you run sarg with a low privilege user, set to 'none' to disable ulimit
706 # TAG: ntlm_user_format user|domainname+username
709 #ntlm_user_format domainname+username
711 # TAG: realtime_refresh_time num sec
712 # How many time to auto refresh the realtime report
715 # realtime_refresh_time 3
717 # TAG: realtime_access_log_lines num
718 # How many last lines to get from access.log file
720 # realtime_access_log_lines 1000
722 # TAG: realtime_types: GET,PUT,CONNECT,ICP_QUERY,POST
723 # Which records must be in realtime report.
725 # realtime_types GET,PUT,CONNECT
727 # TAG: realtime_unauthenticated_records: ignore|show
728 # What to do with unauthenticated records in realtime report.
730 # realtime_unauthenticated_records: show
732 # TAG: byte_cost value no_cost_limit
734 # Eg. byte_cost 0.01 100000000
735 # per byte cost = 0.01
736 # bytes with no cost = 100 Mb
739 # byte_cost 0.01 50000000
741 # TAG: squid24 on|off
742 # Compatilibity with squid version <= 2.4 when using emulate_http_log on
746 # TAG: sorttable path
747 # The path to a javascript script to dynamically sort the tables.
748 # The path is the link a browser must follow to find the script. For instance,
749 # it may be http://www.myproxy.org/sorttable.js or just /sorttable.js if the script
750 # is at the root of your web site.
752 # If the path starts with "../" then it is assumed to be a relative
753 # path and sarg adds as many "../" as necessary to locate the js script from
754 # the output directory. Therefore, ../../sorttable.js links to the javascript
755 # one level above output_dir.
757 # If this entry is set, each sortable table will have the "sortable" class set.
758 # You may have a look at http://www.kryogenix.org/code/browser/sorttable/
759 # for the implementation on which sarg is based.
761 # sorttable /sorttable.js
764 # The name of a text file containing the host names one per line and the
765 # optional alias to use in the report instead of that host name.
766 # Host names may contain up to one wildcard denoted by a *. The wildcard
767 # must not end the host name.
768 # The host name may be followed by an optional alias but if no alias is
769 # provided, the host name, including the wildcard, replaces any matching
770 # host name found in the log.
771 # Host names replaced by identical aliases are grouped together in the
773 # IP addresses are supported and accept the CIDR notation both for IPv4 and
775 # Regular expressions can also be used if sarg was compiled with libpcre.
776 # A regular expression is formated as re:/regexp/ alias
777 # The regexp is a perl regular expression (see man perlre).
778 # Subpatterns are allowed in the alias. Sarg recognizes sed (\1) or perl ($1)
779 # subpatterns. Only 9 subpatterns are allowed in the replacement string.
784 # *.myphone.microsoft.com
785 # *.myphone.microsoft.com:443 *.myphone.microsoft.com:secure
786 # *.freeav.net antivirus:freeav
788 # 65.52.00.00/14 *.mail.live.com
789 # re:/\.dropbox\.com(:443)?/ dropbox
790 # re:/([\w-]+)\.(\w*[a-zA-Z]\w*)(?::\d+)?$/\1.\2
791 #hostalias /usr/local/sarg/hostalias
793 # TAG: keep_temp_log yes|no
794 # Keep temporary files created by sarg to produce its reports. The normal
795 # operation mode is to delete those files when they are not necessary any more.
797 # Never leave that option to "yes" for normal operation as temporary files
798 # left over by previous run can be included in subsequent reports.
800 # Use this option only to diagnose a problem with your reports. A better
801 # alternative is to run sarg from the command line with optino -k.