4 # Where is the access.log file
7 #access_log /usr/local/squid/var/logs/access.log
10 # Use graphics where is possible.
11 # graph_days_bytes_bar_color blue|green|yellow|orange|brown|red
14 #graph_days_bytes_bar_color orange
17 # The full path to the TTF font file to use to create the graphs. It is required
18 # if graphs is set to yes.
20 #graph_font /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf
23 # Especify the title for html page.
25 #title "Squid User Access Reports"
28 # Especify the font for html page.
30 #font_face Tahoma,Verdana,Arial
33 # Especify the header color
35 #header_color darkblue
38 # Especify the header bgcolor
40 #header_bgcolor blanchedalmond
43 # Especify the text font size
47 # TAG: header_font_size
48 # Especify the header font size
52 # TAG: title_font_size
53 # Especify the title font size
57 # TAG: background_color
58 # TAG: background_color
59 # Html page background color
61 # background_color white
64 # Html page text color
69 # Html page text background color
71 #text_bgcolor lavender
74 # Html page title color
84 # Html page logo text.
88 # TAG: logo_text_color
89 # Html page logo texti color.
91 #logo_text_color #000000
93 # TAG: logo_image_size
94 # Html page logo image size.
99 # TAG: background_image
100 # Html page background image
102 #background_image none
105 # User password file used by Squid authentication scheme
106 # If used, generate reports just for that users.
111 # Temporary directory name for work files
117 # The reports will be saved in that directory
120 #output_dir /var/www/html/squid-reports
122 # TAG: anonymous_output_files yes/no
123 # Use anonymous file and directory names in the report. If it is set to
124 # no (the default), the user id/ip/name is slightly mangled to create a
125 # suitable file name to store the report of the user but the user's
126 # identity can easily be guessed from the mangled name. If this option is
127 # set, any file or directory belonging to the user is replaced by a short
128 # number. The purpose is to hide the identity of the user when looking
129 # at the report file names but it may serve to shorten the path too.
131 #anonymous_output_files no
134 # Email address to send the reports. If you use this tag, no html reports will be generated.
139 # TAG: resolve_ip modulelist
140 # List the modules to use to convert IP addresses into names.
141 # Each named module is tried in sequence until one returns a result. Therefore
142 # the order of the modules is relevant.
143 # The modules must be listed on one line each separated from the previous one with
146 # The possible modules are
148 # exec Call an external program with the IP address as argument.
150 # For compatibility with previous versions, yes is a synonymous for dns and
152 # sarg -n forces the use of the dns module.
155 # TAG: resolve_ip_exec command
156 # If resolve_ip selects the exec module, this is the command to run to
157 # resolve an IP address. The command must contain a placeholder where the
158 # IP address is inserted. The placeholder must be %IP in uppercases. The
159 # placeholder may be repeated multiple times if necessary.
161 # The command is expected to return the host name without frills on its
162 # standard output. If the command returns nothing, it is assumed that the
163 # command could not resolve the IP address and the next module in the
164 # chain is given a try with the same address.
166 # This option can only be used once. Therefore there is only one command
167 # available to resolve an IP address but the program can do anything it
168 # deems fit including attempting several strategies.
170 # Beware that running an external program is exceedingly slow. So you
171 # should try the DNS first and only call an external program if the DNS
173 #resolve_ip_exec nmblookup -A %IP | sed -n -e 's/^ *\(.*\) *<00> - *B.*/\1/p'
175 # TAG: user_ip yes/no
176 # Use Ip Address instead userid in reports.
180 # TAG: topuser_sort_field field normal/reverse
181 # Sort field for the Topuser Report.
182 # Allowed fields: USER CONNECT BYTES TIME
184 #topuser_sort_field BYTES reverse
186 # TAG: user_sort_field field normal/reverse
187 # Sort field for the User Report.
188 # Allowed fields: SITE CONNECT BYTES TIME
190 #user_sort_field BYTES reverse
192 # TAG: exclude_users file
193 # users within the file will be excluded from reports.
194 # you can use indexonly to have only index.html file.
198 # TAG: exclude_hosts file
199 # Hosts, domains or subnets will be excluded from reports.
201 # Eg.: 192.168.10.10 - exclude ip address only
202 # 192.168.10.0/24 - exclude full C class
203 # s1.acme.foo - exclude hostname only
204 # *.acme.foo - exclude full domain name
208 # TAG: useragent_log file
209 # useragent.log file patch to generate useragent report.
214 # Date format in reports: e (European=dd/mm/yy), u (American=mm/dd/yy), w (Weekly=yy.ww)
218 # TAG: per_user_limit file MB
219 # Saves userid on file if download exceed n MB.
220 # This option allow you to disable user access if user exceed a download limit.
225 # How many reports files must be keept in reports directory.
226 # The oldest report file will be automatically removed.
231 # TAG: remove_temp_files yes
232 # Remove temporary files: geral, usuarios, top, periodo from root report directory.
234 #remove_temp_files yes
236 # TAG: index yes|no|only
237 # Generate the main index.html.
238 # only - generate only the main index.html
242 # TAG: index_tree date|file
243 # How to generate the index.
248 # The columns to show in the index of the reports
249 # Columns are: dirsize
251 #index_fields dirsize
253 # TAG: overwrite_report yes|no
254 # yes - if report date already exist then will be overwrited.
255 # no - if report date already exist then will be renamed to filename.n, filename.n+1
259 # TAG: records_without_userid ignore|ip|everybody
260 # What can I do with records without user id (no authentication) in access.log file ?
262 # ignore - This record will be ignored.
263 # ip - Use ip address instead. (default)
264 # everybody - Use "everybody" instead.
266 #records_without_userid ip
268 # TAG: use_comma no|yes
269 # Use comma instead point in reports.
270 # Eg.: use_comma yes => 23,450,110
271 # use_comma no => 23.450.110
276 # Mail command to use to send reports via SMTP. Sarg calls it like this:
277 # mail_utility -s "SARG report, date" "output_email" <"mail_content"
279 # Therefore, it is possible to add more arguments to the command by specifying them
282 # If you need too, you can use a shell script to process the content of /dev/stdin
283 # (/dev/stdin is the mail_content passed by sarg to the script) and call whatever
284 # command you like. It is not limited to mailing the report via SMTP.
286 # Don't forget to quote the command if necessary (i.e. if the path contains
287 # characters that must be quoted).
291 # TAG: topsites_num n
292 # How many sites in topsites report.
296 # TAG: topsites_sort_order CONNECT|BYTES|TIME|USER A|D
297 # Sort for topsites report, where A=Ascendent, D=Descendent
299 #topsites_sort_order CONNECT D
301 # TAG: index_sort_order A/D
302 # Sort for index.html, where A=Ascendent, D=Descendent
306 # TAG: exclude_codes file
307 # Ignore records with these codes. Eg.: NONE/400
308 # Write one code per line. Lines starting with a # are ignored.
309 # Only codes matching exactly one of the line is rejected. The
310 # comparison is not case sensitive.
312 #exclude_codes /usr/local/sarg/exclude_codes
314 # TAG: replace_index string
315 # Replace "index.html" in the main index file with this string
316 # If null "index.html" is used
318 #replace_index <?php echo str_replace(".", "_", $REMOTE_ADDR); echo ".html"; ?>
320 # TAG: max_elapsed milliseconds
321 # If elapsed time is recorded in log is greater than max_elapsed use 0 for elapsed time.
322 # Use 0 for no checking
324 #max_elapsed 28800000
327 # TAG: report_type type
328 # What kind of reports to generate.
329 # topusers - users, sites, times, bytes, connects, links to accessed sites, etc
330 # topsites - site, connect and bytes report
331 # sites_users - users and sites report
332 # users_sites - accessed sites by the user report
333 # date_time - bytes used per day and hour report
334 # denied - denied sites with full URL report
335 # auth_failures - autentication failures report
336 # site_user_time_date - sites, dates, times and bytes report
337 # downloads - downloads per user report
339 # Eg.: report_type topsites denied
341 #report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
343 # TAG: usertab filename
344 # You can change the "userid" or the "ip address" to be a real user name on the reports.
345 # If resolve_ip is active, the ip address is resolved before being looked up into this
346 # file. That is, if you want to map the ip address, be sure to set resolv_ip to no or
347 # the resolved name will be looked into the file instead of the ip address. Note that
348 # it can be used to resolve any ip address known to the dns and then map the unresolved
349 # ip addresses to a name found in the usertab file.
351 # userid name or ip address name
353 # SirIsaac Isaac Newton
354 # vinci Leonardo da Vinci
355 # 192.168.10.1 Karol Wojtyla
357 # Each line must be terminated with '\n'
358 # If usertab have value "ldap" (case ignoring), user names
359 # will be taken from LDAP server. This method as approaches for reception
360 # of usernames from Active Didectory
364 # TAG: LDAPHost hostname
365 # FQDN or IP address of host with LDAP service or AD DC
366 # default is '127.0.0.1'
370 # LDAP service port number
374 # TAG: LDAPBindDN CN=username,OU=group,DC=mydomain,DC=com
375 # DN of LDAP user, who is authorized to read user's names from LDAP base
376 # default is empty line
377 #LDAPBindDN cn=proxy,dc=mydomain,dc=local
379 # TAG: LDAPBindPW secret
380 # Password of DN, who is authorized to read user's names from LDAP base
381 # default is empty line
384 # TAG: LDAPBaseSearch OU=users,DC=mydomain,DC=com
386 # default is empty line
387 #LDAPBaseSearch ou=users,dc=mydomain,dc=local
389 # TAG: LDAPFilterSearch (uid=%s)
390 # User search filter by user's logins in LDAP
391 # First founded record will be used
392 # %s - will be changed to userlogins from access.log file
393 # filter string can have up to 5 '%s' tags
394 # default value is '(uid=%s)'
395 #LDAPFilterSearch (uid=%s)
397 # TAG: LDAPTargetAttr attributename
398 # Name of the attribute containing a name of the user
399 # default value is 'cn'
402 # TAG: long_url yes|no
403 # If yes, the full url is showed in report.
404 # If no, only the site will be showed
406 # YES option generate very big sort files and reports.
410 # TAG: date_time_by bytes|elap
411 # Date/Time reports show the downloaded volume or the elapsed time or both.
416 # ISO 8859 is a full series of 10 standardized multilingual single-byte coded (8bit)
417 # graphic character sets for writing in alphabetic languages
418 # You can use the following charsets:
419 # Latin1 - West European
420 # Latin2 - East European
421 # Latin3 - South European
422 # Latin4 - North European
436 # TAG: user_invalid_char "&/"
437 # Records that contain invalid characters in userid will be ignored by Sarg.
439 #user_invalid_char "&/"
441 # TAG: privacy yes|no
442 # privacy_string "***.***.***.***"
443 # privacy_string_color blue
444 # In some countries the sysadm cannot see the visited sites by a restrictive law.
445 # Using privacy yes the visited url will be changes by privacy_string and the link
446 # will be removed from reports.
449 #privacy_string "***.***.***.***"
450 #privacy_string_color blue
452 # TAG: include_users "user1:user2:...:usern"
453 # Reports will be generated only for listed users.
457 # TAG: exclude_string "string1:string2:...:stringn"
458 # Records from access.log file that contain one of listed strings will be ignored.
462 # TAG: show_successful_message yes|no
463 # Shows "Successful report generated on dir" at end of process.
465 #show_successful_message yes
467 # TAG: show_read_statistics yes|no
468 # Shows how many lines have been read from the current input log file.
470 #show_read_statistics no
472 # TAG: show_read_percent yes|no
473 # Shows how many percents have been read from the current input log file.
475 # Beware that this feature requires to read the input log file once to
476 # count the number of lines and then a second time to actually parse it.
477 # You can save some time by disabling it.
479 #show_read_percent no
481 # TAG: topuser_fields
482 # Which fields must be in Topuser report.
484 #topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
486 # TAG: user_report_fields
487 # Which fields must be in User report.
489 #user_report_fields CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
491 # TAG: bytes_in_sites_users_report yes|no
492 # Bytes field must be in Site & Users Report ?
494 #bytes_in_sites_users_report no
497 # How many users in topsites report. 0 = no limit
502 # Save the report results in a file to populate some database
506 # TAG: datafile_delimiter ";"
507 # ascii character to use as a field separator in datafile
509 #datafile_delimiter ";"
511 # TAG: datafile_fields all
512 # Which data fields must be in datafile
513 # user;date;time;url;connect;bytes;in_cache;out_cache;elapsed
515 #datafile_fields user;date;time;url;connect;bytes;in_cache;out_cache;elapsed
517 # TAG: datafile_url ip|name
518 # Saves the URL as ip or name in datafile
523 # The weekdays to take into account ( Sunday->0, Saturday->6 )
530 # The hours to take into account
532 #hours 7-12,14,16,18-20
536 # TAG: dansguardian_conf file
537 # DansGuardian.conf file path
538 # Generate reports from DansGuardian logs.
539 # Use 'none' to disable it.
540 # dansguardian_conf /usr/dansguardian/dansguardian.conf
542 #dansguardian_conf none
544 # TAG: dansguardian_filter_out_date on|off
545 # This option replaces dansguardian_ignore_date whose name was not appropriate with respect to its action.
546 # Note the change of parameter value compared with the old option.
547 # 'off' use the record even if its date is outside of the range found in the input log file.
548 # 'on' use the record only if its date is in the range found in the input log file.
550 #dansguardian_filter_out_date on
552 # TAG: squidguard_conf file
553 # path to squidGuard.conf file
554 # Generate reports from SquidGuard logs.
555 # Use 'none' to disable.
556 # You can use sarg -L filename to use an alternate squidGuard log.
557 # squidguard_conf /usr/local/squidGuard/squidGuard.conf
559 #squidguard_conf none
561 # TAG: redirector_log file
562 # the location of the web proxy redirector log such as one created by squidGuard or Rejik. The option
563 # may be repeated up to 64 times to read multiple files.
564 # If this option is specified, it takes precedence over squidguard_conf.
565 # The command line option -L override this option.
567 #redirector_log /usr/local/squidGuard/var/logs/urls.log
569 # TAG: redirector_filter_out_date on|off
570 # This option replaces squidguard_ignore_date and redirector_ignore_date whose names were not
571 # appropriate with respect to their action.
572 # Note the change of parameter value compared with the old options.
573 # 'off' use the record even if its date is outside of the range found in the input log file.
574 # 'on' use the record only if its date is in the range found in the input log file.
576 #redirector_filter_out_date on
578 # TAG: redirector_log_format
579 # Format string for web proxy redirector logs.
580 # This option was named squidguard_log_format before sarg 2.3.
581 # REJIK #year#-#mon#-#day# #hour# #list#:#tmp# #ip# #user# #tmp#/#tmp#/#url#/#end#
582 # SQUIDGUARD #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp# #url# #ip#/#tmp# #user# #end#
583 #redirector_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp# #url# #ip#/#tmp# #user# #end#
585 # TAG: show_sarg_info yes|no
586 # shows sarg information and site path on each report bottom
590 # TAG: show_sarg_logo yes|no
595 # TAG: parsed_output_log directory
596 # Saves the processed log in a sarg format after parsing the squid log file.
597 # This is a way to dump all of the data structures out, after parsing from
598 # the logs (presumably this data will be much smaller than the log files themselves),
599 # and pull them back in for later processing and merging with data from previous logs.
601 #parsed_output_log none
603 # TAG: parsed_output_log_compress /bin/gzip|/usr/bin/bzip2|nocompress
604 # Command to run to compress sarg parsed output log. It may contain
605 # options (such as -f to overwrite existing target file). The name of
606 # the file to compresse is provided at the end of this
607 # command line. Don't forget to quote things appropriately.
609 #parsed_output_log_compress /bin/gzip
611 # TAG: displayed_values bytes|abbreviation
612 # how the values will be displayed in reports.
613 # eg. bytes - 209.526
614 # abbreviation - 210K
616 #displayed_values bytes
619 # TAG: authfail_report_limit n
620 # TAG: denied_report_limit n
621 # TAG: siteusers_report_limit n
622 # TAG: squidguard_report_limit n
623 # TAG: user_report_limit n
624 # TAG: dansguardian_report_limit n
625 # TAG: download_report_limit n
626 # report limits (lines).
629 #authfail_report_limit 10
630 #denied_report_limit 10
631 #siteusers_report_limit 0
632 #squidguard_report_limit 10
633 #dansguardian_report_limit 10
634 #user_report_limit 10
635 #user_report_limit 50
637 # TAG: www_document_root dir
638 # Where is your Web DocumentRoot
639 # Sarg will create sarg-php directory with some PHP modules:
640 # - sarg-squidguard-block.php - add urls from user reports to squidGuard DB
642 #www_document_root /var/www/html
644 # TAG: block_it module_url
645 # This tag allow you to pass urls from user reports to a cgi or php module,
646 # to be blocked by some Squid acl
648 # Eg.: block_it /sarg-php/sarg-block-it.php
649 # sarg-block-it is a php that will append a url to a flat file.
650 # You must change /var/www/html/sarg-php/sarg-block-it to point to your file
651 # in $filename variable, and chown to a httpd owner.
653 # sarg will pass http://module_url?url=url
657 # TAG: external_css_file path
658 # Provide the path to an external css file to link into the HTML reports instead of
659 # the inline css written by sarg when this option is not set.
661 # In versions prior to 2.3, this used to be an absolute file name to
662 # a file to include verbatim in each HTML page but, as it takes a lot of
663 # space, version 2.3 switched to a link to an external css file.
664 # Therefore, this option must contain the HTTP server path on which a client
665 # browser may find the css file.
667 # Sarg use theses style classes:
669 # .info sarg information class, align=center
670 # .title_c title class, align=center
671 # .header_c header class, align:center
672 # .header_l header class, align:left
673 # .header_r header class, align:right
674 # .text text class, align:right
675 # .data table text class, align:right
676 # .data2 table text class, align:left
677 # .data3 table text class, align:center
680 # Sarg can be instructed to output the internal css it inline
681 # into the reports with this command:
685 # You can redirect the output to a file of your choice and edit
688 #external_css_file none
690 # TAG: user_authentication yes|no
691 # Allow user authentication in User Reports using .htaccess
693 # AuthUserTemplateFile - The template to use to create the
694 # .htaccess file. In the template, %u is replaced by the
695 # user's ID for which the report is generated. The path of the
696 # template is relative to the directory containing sarg
697 # configuration file.
699 # user_authentication no
700 # AuthUserTemplateFile sarg_htaccess
702 # TAG: download_suffix "suffix,suffix,...,suffix"
703 # file suffix to be considered as "download" in Download report.
704 # Use 'none' to disable.
706 #download_suffix "zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,mp3,avi,mpg,mpeg"
709 # The maximum number of open file descriptors to avoid "Too many open files" error message.
710 # You need to run sarg as root to use ulimit tag.
711 # If you run sarg with a low privilege user, set to 'none' to disable ulimit
715 # TAG: ntlm_user_format user|domainname+username
718 #ntlm_user_format domainname+username
720 # TAG: realtime_refresh_time num sec
721 # How many time to auto refresh the realtime report
724 # realtime_refresh_time 3
726 # TAG: realtime_access_log_lines num
727 # How many last lines to get from access.log file
729 # realtime_access_log_lines 1000
731 # TAG: realtime_types: GET,PUT,CONNECT,ICP_QUERY,POST
732 # Which records must be in realtime report.
734 # realtime_types GET,PUT,CONNECT
736 # TAG: realtime_unauthenticated_records: ignore|show
737 # What to do with unauthenticated records in realtime report.
739 # realtime_unauthenticated_records: show
741 # TAG: byte_cost value no_cost_limit
743 # Eg. byte_cost 0.01 100000000
744 # per byte cost = 0.01
745 # bytes with no cost = 100 Mb
748 # byte_cost 0.01 50000000
750 # TAG: squid24 on|off
751 # Compatilibity with squid version <= 2.4 when using emulate_http_log on
755 # TAG: sorttable path
756 # The path to a javascript script to dynamically sort the tables.
757 # The path is the link a browser must follow to find the script. For instance,
758 # it may be http://www.myproxy.org/sorttable.js or just /sorttable.js if the script
759 # is at the root of your web site.
761 # If the path starts with "../" then it is assumed to be a relative
762 # path and sarg adds as many "../" as necessary to locate the js script from
763 # the output directory. Therefore, ../../sorttable.js links to the javascript
764 # one level above output_dir.
766 # If this entry is set, each sortable table will have the "sortable" class set.
767 # You may have a look at http://www.kryogenix.org/code/browser/sorttable/
768 # for the implementation on which sarg is based.
770 # sorttable /sorttable.js
773 # The name of a text file containing the host names one per line and the
774 # optional alias to use in the report instead of that host name.
775 # Host names may contain up to one wildcard denoted by a *. The wildcard
776 # must not end the host name.
777 # The host name may be followed by an optional alias but if no alias is
778 # provided, the host name, including the wildcard, replaces any matching
779 # host name found in the log.
780 # Host names replaced by identical aliases are grouped together in the
782 # IP addresses are supported and accept the CIDR notation both for IPv4 and
784 # Regular expressions can also be used if sarg was compiled with libpcre.
785 # A regular expression is formated as re:/regexp/ alias
786 # The regexp is a perl regular expression (see man perlre).
787 # Subpatterns are allowed in the alias. Sarg recognizes sed (\1) or perl ($1)
788 # subpatterns. Only 9 subpatterns are allowed in the replacement string.
793 # *.myphone.microsoft.com
794 # *.myphone.microsoft.com:443 *.myphone.microsoft.com:secure
795 # *.freeav.net antivirus:freeav
797 # 65.52.00.00/14 *.mail.live.com
798 # re:/\.dropbox\.com(:443)?/ dropbox
799 # re:/([\w-]+)\.(\w*[a-zA-Z]\w*)(?::\d+)?$/\1.\2
800 #hostalias /usr/local/sarg/hostalias
802 # TAG: keep_temp_log yes|no
803 # Keep temporary files created by sarg to produce its reports. The normal
804 # operation mode is to delete those files when they are not necessary any more.
806 # Never leave that option to "yes" for normal operation as temporary files
807 # left over by previous run can be included in subsequent reports.
809 # Use this option only to diagnose a problem with your reports. A better
810 # alternative is to run sarg from the command line with optino -k.