]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/blame - config/sarg/sarg.conf
projects / people / teissler / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
firewall: Sort order in which chains are initialized.
[people/teissler/ipfire-2.x.git] / config / sarg / sarg.conf
CommitLineData
fb6e700b
MT		 1# sarg.conf
2#
3# TAG: access_log file
4# Where is the access.log file
5# sarg -l file
6#
7access_log /var/log/squid/access.log
8
9# TAG: graphs yes|no
10# Use graphics where is possible.
11# graph_days_bytes_bar_color blue|green|yellow|orange|brown|red
12#
13graphs yes
14graph_days_bytes_bar_color orange
15
16# TAG: graph_font
17# The full path to the TTF font file to use to create the graphs. It is required
18# if graphs is set to yes.
19#
20graph_font /usr/share/sarg/fonts/DejaVuSans.ttf
21
22# TAG: title
23# Especify the title for html page.
24#
25title "Squid User Access Reports"
26
27# TAG: font_face
28# Especify the font for html page.
29#
30font_face Tahoma,Verdana,Arial
31
32# TAG: header_color
33# Especify the header color
34#
35header_color darkblue
36
37# TAG: header_bgcolor
38# Especify the header bgcolor
39#
40header_bgcolor blanchedalmond
41
42# TAG: font_size
43# Especify the text font size
44#
45font_size 12px
46
47# TAG: header_font_size
48# Especify the header font size
49#
50header_font_size 12px
51
52# TAG: title_font_size
53# Especify the title font size
54#
55title_font_size 12px
56
57# TAG: background_color
58# TAG: background_color
59# Html page background color
60#
61# background_color white
62
63# TAG: text_color
64# Html page text color
65#
66text_color #000000
67
68# TAG: text_bgcolor
69# Html page text background color
70#
71text_bgcolor lavender
72
73# TAG: title_color
74# Html page title color
75#
76#title_color green
77
78# TAG: logo_image
79# Html page logo.
80#
81#logo_image none
82
83# TAG: logo_text
84# Html page logo text.
85#
86#logo_text ""
87
88# TAG: logo_text_color
89# Html page logo texti color.
90#
91#logo_text_color #000000
92
93# TAG: logo_image_size
94# Html page logo image size.
95# width height
96#
97#image_size 80 45
98
99# TAG: background_image
100# Html page background image
101#
102#background_image none
103
104# TAG: password
105# User password file used by Squid authentication scheme
106# If used, generate reports just for that users.
107#
108#password none
109
110# TAG: temporary_dir
111# Temporary directory name for work files
112# sarg -w dir
113#
114#temporary_dir /tmp
115
116# TAG: output_dir
117# The reports will be saved in that directory
118# sarg -o dir
119#
120output_dir /srv/web/ipfire/html/sarg
121
122# TAG: output_email
123# Email address to send the reports. If you use this tag, no html reports will be generated.
124# sarg -e email
125#
126#output_email none
127
128# TAG: resolve_ip yes/no
129# Convert ip address to dns name
130# sarg -n
131resolve_ip no
132
133# TAG: user_ip yes/no
134# Use Ip Address instead userid in reports.
135# sarg -p
136#user_ip no
137
138# TAG: topuser_sort_field field normal/reverse
139# Sort field for the Topuser Report.
140# Allowed fields: USER CONNECT BYTES TIME
141#
142#topuser_sort_field BYTES reverse
143
144# TAG: user_sort_field field normal/reverse
145# Sort field for the User Report.
146# Allowed fields: SITE CONNECT BYTES TIME
147#
148#user_sort_field BYTES reverse
149
150# TAG: exclude_users file
151# users within the file will be excluded from reports.
152# you can use indexonly to have only index.html file.
153#
154#exclude_users none
155
156# TAG: exclude_hosts file
157# Hosts, domains or subnets will be excluded from reports.
158#
159# Eg.: 192.168.10.10 - exclude ip address only
160# 192.168.10.0/24 - exclude full C class
161# s1.acme.foo - exclude hostname only
162# *.acme.foo - exclude full domain name
163#
164#exclude_hosts none
165
166# TAG: useragent_log file
167# useragent.log file patch to generate useragent report.
168#
1d8c3038 169#useragent_log /var/log/squid/user_agent.log
fb6e700b
MT		 170
171# TAG: date_format
172# Date format in reports: e (European=dd/mm/yy), u (American=mm/dd/yy), w (Weekly=yy.ww)
173#
174date_format e
175
176# TAG: per_user_limit file MB
177# Saves userid on file if download exceed n MB.
178# This option allow you to disable user access if user exceed a download limit.
179#
180#per_user_limit none
181
182# TAG: lastlog n
183# How many reports files must be keept in reports directory.
184# The oldest report file will be automatically removed.
185# 0 - no limit.
186#
187#lastlog 0
188
189# TAG: remove_temp_files yes
190# Remove temporary files: geral, usuarios, top, periodo from root report directory.
191#
192#remove_temp_files yes
193
194# TAG: index yes|no|only
195# Generate the main index.html.
196# only - generate only the main index.html
197#
198#index yes
199
200# TAG: index_tree date|file
201# How to generate the index.
202#
203#index_tree file
204
205# TAG: overwrite_report yes|no
206# yes - if report date already exist then will be overwrited.
207# no - if report date already exist then will be renamed to filename.n, filename.n+1
208#
209overwrite_report yes
210
211# TAG: records_without_userid ignore|ip|everybody
212# What can I do with records without user id (no authentication) in access.log file ?
213#
214# ignore - This record will be ignored.
215# ip - Use ip address instead. (default)
216# everybody - Use "everybody" instead.
217#
218#records_without_userid ip
219
220# TAG: use_comma no|yes
221# Use comma instead point in reports.
222# Eg.: use_comma yes => 23,450,110
223# use_comma no => 23.450.110
224#
225#use_comma no
226
227# TAG: mail_utility
228# Mail command to use to send reports via SMTP. Sarg calls it like this:
229# mail_utility -s "SARG report, date" "output_email" <"mail_content"
230#
231# Therefore, it is possible to add more arguments to the command by specifying them
232# here.
233#
234# If you need too, you can use a shell script to process the content of /dev/stdin
235# (/dev/stdin is the mail_content passed by sarg to the script) and call whatever
236# command you like. It is not limited to mailing the report via SMTP.
237#
238# Don't forget to quote the command if necessary (i.e. if the path contains
239# characters that must be quoted).
240#
241#mail_utility mailx
242
243# TAG: topsites_num n
244# How many sites in topsites report.
245#
246#topsites_num 100
247
248# TAG: topsites_sort_order CONNECT|BYTES A|D
249# Sort for topsites report, where A=Ascendent, D=Descendent
250#
251#topsites_sort_order CONNECT D
252
253# TAG: index_sort_order A/D
254# Sort for index.html, where A=Ascendent, D=Descendent
255#
256#index_sort_order D
257
258# TAG: exclude_codes file
259# Ignore records with these codes. Eg.: NONE/400
260# Write one code per line. Lines starting with a # are ignored.
261# Only codes matching exactly one of the line is rejected. The
262# comparison is not case sensitive.
263#
264#exclude_codes /usr/local/sarg/exclude_codes
265
266# TAG: replace_index string
267# Replace "index.html" in the main index file with this string
268# If null "index.html" is used
269#
270#replace_index <?php echo str_replace(".", "_", $REMOTE_ADDR); echo ".html"; ?>
271
272# TAG: max_elapsed milliseconds
273# If elapsed time is recorded in log is greater than max_elapsed use 0 for elapsed time.
274# Use 0 for no checking
275#
276#max_elapsed 28800000
277# 8 Hours
278
279# TAG: report_type type
280# What kind of reports to generate.
281# topusers - users, sites, times, bytes, connects, links to accessed sites, etc
282# topsites - site, connect and bytes report
283# sites_users - users and sites report
284# users_sites - accessed sites by the user report
285# date_time - bytes used per day and hour report
286# denied - denied sites with full URL report
287# auth_failures - autentication failures report
288# site_user_time_date - sites, dates, times and bytes report
289# downloads - downloads per user report
290#
291# Eg.: report_type topsites denied
292#
293report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
294
295# TAG: usertab filename
296# You can change the "userid" or the "ip address" to be a real user name on the reports.
297# If resolve_ip is active, the ip address is resolved before being looked up into this
298# file. That is, if you want to map the ip address, be sure to set resolv_ip to no or
299# the resolved name will be looked into the file instead of the ip address. Note that
300# it can be used to resolve any ip address known to the dns and then map the unresolved
301# ip addresses to a name found in the usertab file.
302# Table syntax:
303# userid name or ip address name
304# Eg:
305# SirIsaac Isaac Newton
306# vinci Leonardo da Vinci
307# 192.168.10.1 Karol Wojtyla
308#
309# Each line must be terminated with '\n'
310# If usertab have value "ldap" (case ignoring), user names
311# will be taken from LDAP server. This method as approaches for reception
312# of usernames from Active Didectory
313#
314#usertab none
315
316# TAG: LDAPHost hostname
317# FQDN or IP address of host with LDAP service or AD DC
318# default is '127.0.0.1'
319#LDAPHost 127.0.0.1
320
321# TAG: LDAPPort port
322# LDAP service port number
323# default is '389'
324#LDAPPort 389
325
326# TAG: LDAPBindDN CN=username,OU=group,DC=mydomain,DC=com
327# DN of LDAP user, who is authorized to read user's names from LDAP base
328# default is empty line
329#LDAPBindDN cn=proxy,dc=mydomain,dc=local
330
331# TAG: LDAPBindPW secret
332# Password of DN, who is authorized to read user's names from LDAP base
333# default is empty line
334#LDAPBindPW secret
335
336# TAG: LDAPBaseSearch OU=users,DC=mydomain,DC=com
337# LDAP search base
338# default is empty line
339#LDAPBaseSearch ou=users,dc=mydomain,dc=local
340
341# TAG: LDAPFilterSearch (uid=%s)
342# User search filter by user's logins in LDAP
343# First founded record will be used
344# %s - will be changed to userlogins from access.log file
345# filter string can have up to 5 '%s' tags
346# default value is '(uid=%s)'
347#LDAPFilterSearch (uid=%s)
348
349# TAG: LDAPTargetAttr attributename
350# Name of the attribute containing a name of the user
351# default value is 'cn'
352#LDAPTargetAttr cn
353
354# TAG: long_url yes|no
355# If yes, the full url is showed in report.
356# If no, only the site will be showed
357#
358# YES option generate very big sort files and reports.
359#
360#long_url no
361
362# TAG: date_time_by bytes|elap
363# Date/Time reports show the downloaded volume or the elapsed time or both.
364#
365#date_time_by bytes
366
367# TAG: charset name
368# ISO 8859 is a full series of 10 standardized multilingual single-byte coded (8bit)
369# graphic character sets for writing in alphabetic languages
370# You can use the following charsets:
371# Latin1 - West European
372# Latin2 - East European
373# Latin3 - South European
374# Latin4 - North European
375# Cyrillic
376# Arabic
377# Greek
378# Hebrew
379# Latin5 - Turkish
380# Latin6
381# Windows-1251
382# Japan
383# Koi8-r
384# UTF-8
385#
386#charset Latin1
387
388# TAG: user_invalid_char "&/"
389# Records that contain invalid characters in userid will be ignored by Sarg.
390#
391#user_invalid_char "&/"
392
393# TAG: privacy yes|no
394# privacy_string "***.***.***.***"
395# privacy_string_color blue
396# In some countries the sysadm cannot see the visited sites by a restrictive law.
397# Using privacy yes the visited url will be changes by privacy_string and the link
398# will be removed from reports.
399#
400#privacy no
401#privacy_string "***.***.***.***"
402#privacy_string_color blue
403
404# TAG: include_users "user1:user2:...:usern"
405# Reports will be generated only for listed users.
406#
407#include_users none
408
409# TAG: exclude_string "string1:string2:...:stringn"
410# Records from access.log file that contain one of listed strings will be ignored.
411#
412#exclude_string none
413
414# TAG: show_successful_message yes|no
415# Shows "Successful report generated on dir" at end of process.
416#
417#show_successful_message yes
418
419# TAG: show_read_statistics yes|no
420# Shows some reading statistics.
421#
422show_read_statistics yes
423
424# TAG: topuser_fields
425# Which fields must be in Topuser report.
426#
427#topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
428
429# TAG: user_report_fields
430# Which fields must be in User report.
431#
432#user_report_fields CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
433
434# TAG: bytes_in_sites_users_report yes|no
435# Bytes field must be in Site & Users Report ?
436#
437#bytes_in_sites_users_report no
438
439# TAG: topuser_num n
440# How many users in topsites report. 0 = no limit
441#
442#topuser_num 0
443
444# TAG: datafile file
445# Save the report results in a file to populate some database
446#
447#datafile none
448
449# TAG: datafile_delimiter ";"
450# ascii character to use as a field separator in datafile
451#
452#datafile_delimiter ";"
453
454# TAG: datafile_fields all
455# Which data fields must be in datafile
456# user;date;time;url;connect;bytes;in_cache;out_cache;elapsed
457#
458#datafile_fields user;date;time;url;connect;bytes;in_cache;out_cache;elapsed
459
460# TAG: datafile_url ip|name
461# Saves the URL as ip or name in datafile
462#
463#datafile_url ip
464
465# TAG: weekdays
466# The weekdays to take into account ( Sunday->0, Saturday->6 )
467# Example:
468#weekdays 1-3,5
469# Default:
470#weekdays 0-6
471
472# TAG: hours
473# The hours to take into account
474# Example:
475#hours 7-12,14,16,18-20
476# Default:
477#hours 0-23
478
479# TAG: dansguardian_conf file
480# DansGuardian.conf file path
481# Generate reports from DansGuardian logs.
482# Use 'none' to disable it.
483# dansguardian_conf /usr/dansguardian/dansguardian.conf
484#
485#dansguardian_conf none
486
487# TAG: dansguardian_filter_out_date on|off
488# This option replaces dansguardian_ignore_date whose name was not appropriate with respect to its action.
489# Note the change of parameter value compared with the old option.
490# 'off' use the record even if its date is outside of the range found in the input log file.
491# 'on' use the record only if its date is in the range found in the input log file.
492#
493#dansguardian_filter_out_date on
494
495# TAG: squidguard_conf file
496# path to squidGuard.conf file
497# Generate reports from SquidGuard logs.
498# Use 'none' to disable.
499# You can use sarg -L filename to use an alternate squidGuard log.
500# squidguard_conf /usr/local/squidGuard/squidGuard.conf
501#
502#squidguard_conf none
503
504# TAG: redirector_log file
505# the location of the web proxy redirector log such as one created by squidGuard or Rejik. The option
506# may be repeated up to 64 times to read multiple files.
507# If this option is specified, it takes precedence over squidguard_conf.
508# The command line option -L override this option.
509#
510#redirector_log /usr/local/squidGuard/var/logs/urls.log
511
512# TAG: redirector_filter_out_date on|off
513# This option replaces squidguard_ignore_date and redirector_ignore_date whose names were not
514# appropriate with respect to their action.
515# Note the change of parameter value compared with the old options.
516# 'off' use the record even if its date is outside of the range found in the input log file.
517# 'on' use the record only if its date is in the range found in the input log file.
518#
519#redirector_filter_out_date on
520
521# TAG: redirector_log_format
522# Format string for web proxy redirector logs.
523# This option was named squidguard_log_format before sarg 2.3.
524# REJIK #year#-#mon#-#day# #hour# #list#:#tmp# #ip# #user# #tmp#/#tmp#/#url#/#end#
525# SQUIDGUARD #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#
526#redirector_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#
527
528# TAG: show_sarg_info yes|no
529# shows sarg information and site path on each report bottom
530#
531#show_sarg_info yes
532
533# TAG: show_sarg_logo yes|no
534# shows sarg logo
535#
536#show_sarg_logo yes
537
538# TAG: parsed_output_log directory
539# Saves the processed log in a sarg format after parsing the squid log file.
540# This is a way to dump all of the data structures out, after parsing from
541# the logs (presumably this data will be much smaller than the log files themselves),
542# and pull them back in for later processing and merging with data from previous logs.
543#
544#parsed_output_log none
545
546# TAG: parsed_output_log_compress /bin/gzip|/usr/bin/bzip2|nocompress
547# Command to run to compress sarg parsed output log. It may contain
548# options (such as -f to overwrite existing target file). The name of
549# the file to compresse is provided at the end of this
550# command line. Don't forget to quote things appropriately.
551#
552#parsed_output_log_compress /bin/gzip
553
554# TAG: displayed_values bytes|abbreviation
555# how the values will be displayed in reports.
556# eg. bytes - 209.526
557# abbreviation - 210K
558#
559#displayed_values bytes
560
561# Report limits
562# TAG: authfail_report_limit n
563# TAG: denied_report_limit n
564# TAG: siteusers_report_limit n
565# TAG: squidguard_report_limit n
566# TAG: user_report_limit n
567# TAG: dansguardian_report_limit n
568# TAG: download_report_limit n
569# report limits (lines).
570# '0' no limit
571#
572#authfail_report_limit 10
573#denied_report_limit 10
574#siteusers_report_limit 0
575#squidguard_report_limit 10
576#dansguardian_report_limit 10
577#user_report_limit 10
578#user_report_limit 50
579
580# TAG: www_document_root dir
581# Where is your Web DocumentRoot
582# Sarg will create sarg-php directory with some PHP modules:
583# - sarg-squidguard-block.php - add urls from user reports to squidGuard DB
584#
585#www_document_root /var/www/html
586
587# TAG: block_it module_url
588# This tag allow you to pass urls from user reports to a cgi or php module,
589# to be blocked by some Squid acl
590#
591# Eg.: block_it /sarg-php/sarg-block-it.php
592# sarg-block-it is a php that will append a url to a flat file.
593# You must change /var/www/html/sarg-php/sarg-block-it to point to your file
594# in $filename variable, and chown to a httpd owner.
595#
596# sarg will pass http://module_url?url=url
597#
598#block_it none
599
600# TAG: external_css_file path
601# Provide the path to an external css file to link into the HTML reports instead of
602# the inline css written by sarg when this option is not set.
603#
604# In versions prior to 2.3, this used to be an absolute file name to
605# a file to include verbatim in each HTML page but, as it takes a lot of
606# space, version 2.3 switched to a link to an external css file.
607# Therefore, this option must contain the HTTP server path on which a client
608# browser may find the css file.
609#
610# Sarg use theses style classes:
611# .logo logo class
612# .info sarg information class, align=center
613# .title_c title class, align=center
614# .header_c header class, align:center
615# .header_l header class, align:left
616# .header_r header class, align:right
617# .text text class, align:right
618# .data table text class, align:right
619# .data2 table text class, align:left
620# .data3 table text class, align:center
621# .link link class
622#
623# Sarg can be instructed to output the internal css it inline
624# into the reports with this command:
625#
626# sarg --css
627#
628# You can redirect the output to a file of your choice and edit
629# it to your liking.
630#
631#external_css_file none
632
633# TAG: user_authentication yes|no
634# Allow user authentication in User Reports using .htaccess
635# Parameters:
636# AuthUserTemplateFile - The template to use to create the
637# .htaccess file. In the template, %u is replaced by the
638# user's ID for which the report is generated. The path of the
639# template is relative to the directory containing sarg
640# configuration file.
641#
642# user_authentication no
643# AuthUserTemplateFile sarg_htaccess
644
645# TAG: download_suffix "suffix,suffix,...,suffix"
646# file suffix to be considered as "download" in Download report.
647# Use 'none' to disable.
648#
649download_suffix "zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,mp3,avi,mpg,mpeg"
650
651# TAG: ulimit n
652# The maximum number of open file descriptors to avoid "Too many open files" error message.
653# You need to run sarg as root to use ulimit tag.
654# If you run sarg with a low privilege user, set to 'none' to disable ulimit
655#
656#ulimit 20000
657
658# TAG: ntlm_user_format username|domainname+username
659# NTLM users format.
660#
661#ntlm_user_format domainname+username
662
663# TAG: realtime_refresh_time num sec
664# How many time to auto refresh the realtime report
665# 0 = disable
666#
667# realtime_refresh_time 3
668
669# TAG: realtime_access_log_lines num
670# How many last lines to get from access.log file
671#
672# realtime_access_log_lines 1000
673
674# TAG: realtime_types: GET,PUT,CONNECT,ICP_QUERY,POST
675# Which records must be in realtime report.
676#
677# realtime_types GET,PUT,CONNECT
678
679# TAG: realtime_unauthenticated_records: ignore|show
680# What to do with unauthenticated records in realtime report.
681#
682# realtime_unauthenticated_records: show
683
684# TAG: byte_cost value no_cost_limit
685# Cost per byte.
686# Eg. byte_cost 0.01 100000000
687# per byte cost = 0.01
688# bytes with no cost = 100 Mb
689# 0 = disable
690#
691# byte_cost 0.01 50000000
692
693# TAG: squid24 on|off
694# Compatilibity with squid version <= 2.4 when using emulate_http_log on
695#
696# squid24 off
Timo's tree of IPFire 2.x