# sarg.conf
#
-# TAG: language
-# Available languages:
-# Bulgarian_windows1251
-# Catalan
-# Czech
-# Czech_UTF8
-# Dutch
-# English
-# French
-# German
-# Greek
-# Hungarian
-# Indonesian
-# Italian
-# Japanese
-# Latvian
-# Polish
-# Portuguese
-# Romanian
-# Russian_koi8
-# Russian_UTF-8
-# Russian_windows1251
-# Serbian
-# Slovak
-# Spanish
-# Turkish
-#
-#language English
-
# TAG: access_log file
# Where is the access.log file
-# sarg -l file
+#
+# This option can be repeated multiple times to list rotated files or
+# files from different sources.
+#
+# The files named here must exists or sarg aborts. It is intended as a
+# safety against incomplete reporting due to problems occuring with the
+# logs.
+#
+# If the file globbing was compiled in, the file name can contain shell
+# wildcards such as * and ?. Tilde expension and variable expension are
+# not supported. Special characters can be escaped with a backslash.
+#
+# If some files are passed on the command line with "sarg -l file" or
+# "sarg file", the files listed here are ignored.
#
#access_log /usr/local/squid/var/logs/access.log
#graphs yes
#graph_days_bytes_bar_color orange
+# TAG: graph_font
+# The full path to the TTF font file to use to create the graphs. It is required
+# if graphs is set to yes.
+#
+#graph_font /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf
+
# TAG: title
# Especify the title for html page.
#
#logo_text_color #000000
# TAG: logo_image_size
-# Html page logo image size.
+# Html page logo image size.
# width height
#
#image_size 80 45
#
#output_dir /var/www/html/squid-reports
+# TAG: anonymous_output_files yes/no
+# Use anonymous file and directory names in the report. If it is set to
+# no (the default), the user id/ip/name is slightly mangled to create a
+# suitable file name to store the report of the user but the user's
+# identity can easily be guessed from the mangled name. If this option is
+# set, any file or directory belonging to the user is replaced by a short
+# number. The purpose is to hide the identity of the user when looking
+# at the report file names but it may serve to shorten the path too.
+#
+#anonymous_output_files no
+
# TAG: output_email
# Email address to send the reports. If you use this tag, no html reports will be generated.
# sarg -e email
#
#output_email none
-# TAG: resolve_ip yes/no
-# Convert ip address to dns name
-# sarg -n
+# TAG: resolve_ip modulelist
+# List the modules to use to convert IP addresses into names.
+# Each named module is tried in sequence until one returns a result. Therefore
+# the order of the modules is relevant.
+# The modules must be listed on one line each separated from the previous one with
+# a space.
+#
+# The possible modules are
+# dns Use the DNS.
+# exec Call an external program with the IP address as argument.
+#
+# For compatibility with previous versions, yes is a synonymous for dns and
+# no does nothing.
+# sarg -n forces the use of the dns module.
#resolve_ip no
+# TAG: resolve_ip_exec command
+# If resolve_ip selects the exec module, this is the command to run to
+# resolve an IP address. The command must contain a placeholder where the
+# IP address is inserted. The placeholder must be %IP in uppercases. The
+# placeholder may be repeated multiple times if necessary.
+#
+# The command is expected to return the host name without frills on its
+# standard output. If the command returns nothing, it is assumed that the
+# command could not resolve the IP address and the next module in the
+# chain is given a try with the same address.
+#
+# This option can only be used once. Therefore there is only one command
+# available to resolve an IP address but the program can do anything it
+# deems fit including attempting several strategies.
+#
+# Beware that running an external program is exceedingly slow. So you
+# should try the DNS first and only call an external program if the DNS
+# fails.
+#resolve_ip_exec nmblookup -A %IP | sed -n -e 's/^ *\(.*\) *<00> - *B.*/\1/p'
+
# TAG: user_ip yes/no
# Use Ip Address instead userid in reports.
# sarg -p
#user_sort_field BYTES reverse
# TAG: exclude_users file
-# users within the file will be excluded from reports.
-# you can use indexonly to have only index.html file.
+# Users within the file will be excluded from reports.
+# Write one user per line. Lines beginning with # are ignored.
#
#exclude_users none
#exclude_hosts none
# TAG: useragent_log file
-# useragent.log file patch to generate useragent report.
+# useragent.log file to generate useragent report.
+#
+# This option may be repeated multiple times to process several files.
+#
+# Wildcards are allowed (see access_log).
#
#useragent_log none
# TAG: date_format
# Date format in reports: e (European=dd/mm/yy), u (American=mm/dd/yy), w (Weekly=yy.ww)
-#
+#
#date_format u
-# TAG: per_user_limit file MB
-# Saves userid on file if download exceed n MB.
-# This option allow you to disable user access if user exceed a download limit.
-#
+# TAG: per_user_limit file MB ip/id
+# Write the user's ID (if last flag is 'id') or the user's IP address (if last flag is 'ip')
+# in file if download exceed n MB.
+# This option allows you to disable user access if users exceed a download limit.
+# The option may be repeated up to 16 times to generate several files with
+# different content type or limit.
+#
+# Examples:
+# per_user_limit userlimit_1G.txt 1000 ip
+# per_user_limit /var/log/sarg/userlimit_500M.log 500 id
+#
#per_user_limit none
+# TAG: per_user_limit_file_create always/as_required
+# When to create a per_user_limit file.
+#
+# Use 'always' to always create the file requested by per_user_limit
+# even if it is empty.
+#
+# Use 'as_required' to create a per_user_limit file only if at least
+# one user crosses the limit.
+#
+#per_user_limit_file_create purge
+
# TAG: lastlog n
# How many reports files must be keept in reports directory.
# The oldest report file will be automatically removed.
#
#index_tree file
+# TAG: index_fields
+# The columns to show in the index of the reports
+# Columns are: dirsize
+#
+#index_fields dirsize
+
# TAG: overwrite_report yes|no
# yes - if report date already exist then will be overwrited.
# no - if report date already exist then will be renamed to filename.n, filename.n+1
#
#use_comma no
-# TAG: mail_utility mail|mailx
-# Mail command to use to send reports via SMTP
+# TAG: mail_utility
+# Mail command to use to send reports via SMTP. Sarg calls it like this:
+# mail_utility -s "SARG report, date" "output_email" <"mail_content"
+#
+# Therefore, it is possible to add more arguments to the command by specifying them
+# here.
+#
+# If you need too, you can use a shell script to process the content of /dev/stdin
+# (/dev/stdin is the mail_content passed by sarg to the script) and call whatever
+# command you like. It is not limited to mailing the report via SMTP.
+#
+# Don't forget to quote the command if necessary (i.e. if the path contains
+# characters that must be quoted).
#
#mail_utility mailx
#
#topsites_num 100
-# TAG: topsites_sort_order CONNECT|BYTES A|D
+# TAG: topsites_sort_order CONNECT|BYTES|TIME|USER A|D
# Sort for topsites report, where A=Ascendent, D=Descendent
#
#topsites_sort_order CONNECT D
# TAG: exclude_codes file
# Ignore records with these codes. Eg.: NONE/400
+# Write one code per line. Lines starting with a # are ignored.
+# Only codes matching exactly one of the line is rejected. The
+# comparison is not case sensitive.
#
-#exclude_codes /usr/local/sarg/exclude_codes
+#exclude_codes /usr/local/sarg/etc/exclude_codes
# TAG: replace_index string
# Replace "index.html" in the main index file with this string
-# If null "index.html" is used
+# If null "index.html" is used
#
#replace_index <?php echo str_replace(".", "_", $REMOTE_ADDR); echo ".html"; ?>
# TAG: max_elapsed milliseconds
# If elapsed time is recorded in log is greater than max_elapsed use 0 for elapsed time.
-# Use 0 for no checking
+# Use 0 for no checking
#
#max_elapsed 28800000
# 8 Hours
# site_user_time_date - sites, dates, times and bytes report
# downloads - downloads per user report
#
-# Eg.: report_type topsites denied
+# Eg.: report_type topsites denied
#
#report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
# TAG: usertab filename
# You can change the "userid" or the "ip address" to be a real user name on the reports.
+# If resolve_ip is active, the ip address is resolved before being looked up into this
+# file. That is, if you want to map the ip address, be sure to set resolv_ip to no or
+# the resolved name will be looked into the file instead of the ip address. Note that
+# it can be used to resolve any ip address known to the dns and then map the unresolved
+# ip addresses to a name found in the usertab file.
# Table syntax:
# userid name or ip address name
# Eg:
# SirIsaac Isaac Newton
# vinci Leonardo da Vinci
# 192.168.10.1 Karol Wojtyla
-#
+#
# Each line must be terminated with '\n'
+# If usertab have value "ldap" (case ignoring), user names
+# will be taken from LDAP server. This method as approaches for reception
+# of usernames from Active Didectory
#
#usertab none
+# TAG: LDAPHost hostname
+# FQDN or IP address of host with LDAP service or AD DC
+# default is '127.0.0.1'
+#LDAPHost 127.0.0.1
+
+# TAG: LDAPPort port
+# LDAP service port number
+# default is '389'
+#LDAPPort 389
+
+# TAG: LDAPBindDN CN=username,OU=group,DC=mydomain,DC=com
+# DN of LDAP user, who is authorized to read user's names from LDAP base
+# default is empty line
+#LDAPBindDN cn=proxy,dc=mydomain,dc=local
+
+# TAG: LDAPBindPW secret
+# Password of DN, who is authorized to read user's names from LDAP base
+# default is empty line
+#LDAPBindPW secret
+
+# TAG: LDAPBaseSearch OU=users,DC=mydomain,DC=com
+# LDAP search base
+# default is empty line
+#LDAPBaseSearch ou=users,dc=mydomain,dc=local
+
+# TAG: LDAPFilterSearch (uid=%s)
+# User search filter by user's logins in LDAP
+# First founded record will be used
+# %s - will be changed to userlogins from access.log file
+# filter string can have up to 5 '%s' tags
+# default value is '(uid=%s)'
+#LDAPFilterSearch (uid=%s)
+
+# TAG: LDAPTargetAttr attributename
+# Name of the attribute containing a name of the user
+# default value is 'cn'
+#LDAPTargetAttr cn
+
+# TAG: LDAPNativeCharset charset-iconv-style
+# Character set to convert the LDAP string to.
+# For the list of some available charsets use: "iconv -l".
+# This option requires libiconv and sarg must have been built with --with-iconv.
+# default is empty line (UTF-8)
+#LDAPNativeCharset ISO-8859-1
+
# TAG: long_url yes|no
# If yes, the full url is showed in report.
# If no, only the site will be showed
#long_url no
# TAG: date_time_by bytes|elap
-# Date/Time reports will use bytes or elapsed time?
+# Date/Time reports show the downloaded volume or the elapsed time or both.
#
-#date_time_by elap
+#date_time_by bytes
# TAG: charset name
# ISO 8859 is a full series of 10 standardized multilingual single-byte coded (8bit)
# graphic character sets for writing in alphabetic languages
# You can use the following charsets:
# Latin1 - West European
-# Latin2 - East European
-# Latin3 - South European
-# Latin4 - North European
-# Cyrillic
-# Arabic
-# Greek
-# Hebrew
-# Latin5 - Turkish
+# Latin2 - East European
+# Latin3 - South European
+# Latin4 - North European
+# Cyrillic
+# Arabic
+# Greek
+# Hebrew
+# Latin5 - Turkish
# Latin6
# Windows-1251
# Japan
#show_successful_message yes
# TAG: show_read_statistics yes|no
-# Shows some reading statistics.
+# Shows how many lines have been read from the current input log file.
+#
+#show_read_statistics no
+
+# TAG: show_read_percent yes|no
+# Shows how many percents have been read from the current input log file.
#
-#show_read_statistics yes
+# Beware that this feature requires to read the input log file once to
+# count the number of lines and then a second time to actually parse it.
+# You can save some time by disabling it.
+#
+#show_read_percent no
# TAG: topuser_fields
# Which fields must be in Topuser report.
#
+# Valid columns are
+# NUM Report line number.
+# DATE_TIME Icons to display the date and time reports.
+# USERID Display the user's ID. It may be a name or the IP address depending on other settings.
+# USERIP Display the user's IP address.
+# CONNECT Number of connections made by the user.
+# BYTES Number of bytes downloaded by the user.
+# %BYTES Percent of the total downloaded volume.
+# IN-CACHE-OUT Percent of cache hit and miss.
+# USED_TIME How long it took to process the requests from that user.
+# MILISEC The same in milliseconds
+# %TIME Percent of the total processing time of the reported users.
+# TOTAL Add a line to the report with the total of every column.
+# AVERAGE Add a line to the report with the average of every column.
#topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
# TAG: user_report_fields
#
#topuser_num 0
-# TAG: site_user_time_date_type list|table
-# generate reports for site_user_time_date in list or table format
-#
-#site_user_time_date_type table
-
# TAG: datafile file
# Save the report results in a file to populate some database
#
# TAG: datafile_url ip|name
# Saves the URL as ip or name in datafile
#
-#datafile ip
+#datafile_url ip
# TAG: weekdays
-# The weekdays to take account ( Sunday->0, Saturday->6 )
+# The weekdays to take into account ( Sunday->0, Saturday->6 )
# Example:
#weekdays 1-3,5
# Default:
#weekdays 0-6
# TAG: hours
-# The hours to take account
+# The hours to take into account
# Example:
#hours 7-12,14,16,18-20
# Default:
#
#dansguardian_conf none
-# TAG: dansguardian_ignore_date on|off
-# 'on' must use the record even the date range is different from the used in squid access.log file.
-# 'off' must use the record only if the date range is in the irange used in squid access.log file.
+# TAG: dansguardian_filter_out_date on|off
+# This option replaces dansguardian_ignore_date whose name was not appropriate with respect to its action.
+# Note the change of parameter value compared with the old option.
+# 'off' use the record even if its date is outside of the range found in the input log file.
+# 'on' use the record only if its date is in the range found in the input log file.
#
-#dansguardian_ignore_date off
+#dansguardian_filter_out_date on
# TAG: squidguard_conf file
# path to squidGuard.conf file
#
#squidguard_conf none
-# TAG: squidguard_ignore_date on|off
-# Use 'on' use the record even the date range is different from the used squid access.log file.
-# Use 'off' use the record only if the date range is in the used squid access.log file.
+# TAG: redirector_log file
+# the location of the web proxy redirector log such as one created by squidGuard or Rejik. The option
+# may be repeated up to 64 times to read multiple files.
+# If this option is specified, it takes precedence over squidguard_conf.
+# The command line option -L override this option.
#
-#squidguard_ignore_date off
+#redirector_log /usr/local/squidGuard/var/logs/urls.log
-# TAG: squidguard_log_format
-# Format string SquidGuard logs.
+# TAG: redirector_filter_out_date on|off
+# This option replaces squidguard_ignore_date and redirector_ignore_date whose names were not
+# appropriate with respect to their action.
+# Note the change of parameter value compared with the old options.
+# 'off' use the record even if its date is outside of the range found in the input log file.
+# 'on' use the record only if its date is in the range found in the input log file.
+#
+#redirector_filter_out_date on
+
+# TAG: redirector_log_format
+# Format string for web proxy redirector logs.
+# This option was named squidguard_log_format before sarg 2.3.
# REJIK #year#-#mon#-#day# #hour# #list#:#tmp# #ip# #user# #tmp#/#tmp#/#url#/#end#
-# SQUIDGUARD #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#
-#squidguard_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#
+# SQUIDGUARD #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp# #url# #ip#/#tmp# #user# #end#
+#redirector_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp# #url# #ip#/#tmp# #user# #end#
# TAG: show_sarg_info yes|no
# shows sarg information and site path on each report bottom
# TAG: parsed_output_log directory
# Saves the processed log in a sarg format after parsing the squid log file.
-# This is a way to dump all of the data structures out, after parsing from
+# This is a way to dump all of the data structures out, after parsing from
# the logs (presumably this data will be much smaller than the log files themselves),
# and pull them back in for later processing and merging with data from previous logs.
#
#block_it none
# TAG: external_css_file path
-# This tag allow internal sarg css override.
+# Provide the path to an external css file to link into the HTML reports instead of
+# the inline css written by sarg when this option is not set.
+#
+# In versions prior to 2.3, this used to be an absolute file name to
+# a file to include verbatim in each HTML page but, as it takes a lot of
+# space, version 2.3 switched to a link to an external css file.
+# Therefore, this option must contain the HTTP server path on which a client
+# browser may find the css file.
+#
# Sarg use theses style classes:
-# .body body class
+# .logo logo class
# .info sarg information class, align=center
-# .title title class, align=center
-# .header header class, align:left
-# .header2 header class, align:right
-# .header3 header class, align:right
-# .text text class, align:left
+# .title_c title class, align=center
+# .header_c header class, align:center
+# .header_l header class, align:left
+# .header_r header class, align:right
+# .text text class, align:right
# .data table text class, align:right
-# .data2 table text class, align:right, border colors
+# .data2 table text class, align:left
+# .data3 table text class, align:center
# .link link class
#
-# There is a sample in /usr/local/sarg/etc/css.tpl
+# Sarg can be instructed to output the internal css it inline
+# into the reports with this command:
+#
+# sarg --css
+#
+# You can redirect the output to a file of your choice and edit
+# it to your liking.
#
#external_css_file none
# TAG: user_authentication yes|no
# Allow user authentication in User Reports using .htaccess
-# Parameters:
-# AuthUserFile - where the user password file is
-# AuthName - authentication realm. Eg "Members Only"
-# AuthType - authenticaion type - basic
-# Require - authorized users to see the report.
-# %u - user report
+# Parameters:
+# AuthUserTemplateFile - The template to use to create the
+# .htaccess file. In the template, %u is replaced by the
+# user's ID for which the report is generated. The path of the
+# template is relative to the directory containing sarg
+# configuration file.
#
# user_authentication no
-# AuthUserFile /usr/local/sarg/passwd
-# AuthName "SARG, Restricted Access"
-# AuthType Basic
-# Require user admin %u
+# AuthUserTemplateFile sarg_htaccess
# TAG: download_suffix "suffix,suffix,...,suffix"
# file suffix to be considered as "download" in Download report.
-# Use 'none' to disable.
+# Use 'none' to disable.
#
#download_suffix "zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,mp3,avi,mpg,mpeg"
#
#ulimit 20000
-# TAG: ntlm_user_format username|domainname+username
+# TAG: ntlm_user_format user|domainname+username
# NTLM users format.
#
#ntlm_user_format domainname+username
+# TAG: strip_user_suffix suffix
+# Remove a suffix from the user name. The suffix may be
+# a Kerberos domain name. It must be at the end of the
+# user name (as is implied by a suffix).
+#
+# This is a lightweight easy to configure option. For a
+# more complete solution, see useralias.
+#strip_user_suffix @example.com
+
# TAG: realtime_refresh_time num sec
# How many time to auto refresh the realtime report
# 0 = disable
# realtime_refresh_time 3
# TAG: realtime_access_log_lines num
-# How many last lines to get from access.log file
+# How many last lines to get from access.log file
#
# realtime_access_log_lines 1000
# TAG: realtime_types: GET,PUT,CONNECT,ICP_QUERY,POST
# Which records must be in realtime report.
#
-# realtime_types GET,PUT,CONNECT
+# realtime_types GET,PUT,CONNECT,POST
# TAG: realtime_unauthenticated_records: ignore|show
# What to do with unauthenticated records in realtime report.
# Compatilibity with squid version <= 2.4 when using emulate_http_log on
#
# squid24 off
+
+# TAG: sorttable path
+# The path to a javascript script to dynamically sort the tables.
+# The path is the link a browser must follow to find the script. For instance,
+# it may be http://www.myproxy.org/sorttable.js or just /sorttable.js if the script
+# is at the root of your web site.
+#
+# If the path starts with "../" then it is assumed to be a relative
+# path and sarg adds as many "../" as necessary to locate the js script from
+# the output directory. Therefore, ../../sorttable.js links to the javascript
+# one level above output_dir.
+#
+# If this entry is set, each sortable table will have the "sortable" class set.
+# You may have a look at http://www.kryogenix.org/code/browser/sorttable/
+# for the implementation on which sarg is based.
+#
+# sorttable /sorttable.js
+
+# TAG: hostalias
+# The name of a text file containing the host names one per line and the
+# optional alias to use in the report instead of that host name. If the
+# alias is missing, the host name is replaced by the matching pattern
+# (that is, including the wildcard). For instance, in the example below,
+# any host matching *.gstatic.com is grouped, in the report, under the
+# text "*.gstatic.com".
+#
+# Host names may contain up to one wildcard denoted by a *. The wildcard
+# must not end the host name.
+#
+# The host name may be followed by an optional alias but if no alias is
+# provided, the host name, including the wildcard, replaces any matching
+# host name found in the log.
+#
+# Host names replaced by identical aliases are grouped together in the
+# reports.
+#
+# IP addresses are supported and accept the CIDR notation both for IPv4 and
+# IPv6 addresses.
+#
+# Regular expressions can also be used if sarg was compiled with libpcre.
+# A regular expression is formated as re:/regexp/ alias
+# The regexp is a perl regular expression (see man perlre).
+# Subpatterns are allowed in the alias. Sarg recognizes sed (\1) or perl ($1)
+# subpatterns. Only 9 subpatterns are allowed in the replacement string.
+# Regex are case sensitive by default. To have a case insensitive regex,
+# defined it like this: re:/regexp/i alias
+# The option "i" must be written with a lower case.
+#
+# Example:
+# *.gstatic.com
+# mt*.google.com
+# *.myphone.microsoft.com
+# *.myphone.microsoft.com:443 *.myphone.microsoft.com:secure
+# *.freeav.net antivirus:freeav
+# *.mail.live.com
+# 65.52.00.00/14 *.mail.live.com
+# re:/\.dropbox\.com(:443)?/ dropbox
+# re:/([\w-]+)\.(\w*[a-zA-Z]\w*)(?::\d+)?$/ \1.\2
+#hostalias /usr/local/sarg/hostalias
+
+# TAG: useralias
+# The name of a text file containing the user names one per line and the
+# optional alias to use in the report instead of that user name.
+# See the description of hostalias. It uses the same file format as the
+# useralias option.
+#
+# Example:
+# user454 John
+# admin* Administrator
+# re:/^(.*)@example.com$/i \1
+#useralias /usr/local/sarg/useralias
+
+# TAG: keep_temp_log yes|no
+# Keep temporary files created by sarg to produce its reports. The normal
+# operation mode is to delete those files when they are not necessary any more.
+#
+# Never leave that option to "yes" for normal operation as temporary files
+# left over by previous run can be included in subsequent reports.
+#
+# Use this option only to diagnose a problem with your reports. A better
+# alternative is to run sarg from the command line with optino -k.
+#keep_temp_log no
+
+# TAG: max_successive_log_errors n
+# Set the number of consecutive errors allowed in the input log file before
+# the reading is aborted with an error.
+#max_successive_log_errors 3
+
+# TAG: max_total_log_errors n
+# The reading of the input log file is interrupted if too many errors are found
+# in the log file. This parameter set the number of errors before the reading
+# is aborted. Set it to -1 to keep reading the logs irrespective of the
+# errors found.
+#
+# Note that the max_successive_log_errors is still taken into account and
+# cannot be disabled.
+#max_total_log_errors 50
+
+# TAG: include conffile
+# Include the specified conffile. The full path must be provided to
+# make sure the correct file is loaded.
+#
+# Use this option to store common options in one file and include it
+# in multiple sarg.conf dedicated to various reporting tasks.
+#
+# Options declared last take precedence. Use it to include a file and
+# then override some options after the include statement. Beware that
+# some options are cumulative such as access_log, useragent_log or
+# redirector_log. You can't override those options as explained here.
+# Declaring them in the common file and the including file will merely
+# add the latter to the list.
+#include /etc/sarg/sarg-common.conf