Sort the top sites report by number of users connecting the sites
The top sites report can be sorted according to the number of users
connecting to the visited sites. It shows how popular sites are within your
network.
If sarg is configured with a wrong /tmp path or the path given points to a
directory the user doesn't intent to use as a temporary directory, we must
not delete it's content (think about a link going to /usr/bin).
To protect against that situation, sarg only deletes its own files and
after making sure it only contains files created by sarg.
During the creation of the user's reports, if the report showing the details
by date and hour is not requested, the unnecessary file is deleted but it
overwrite the buffer containing the name of another temporary file to
delete. As the file name is overwritten, it cannot be deleted when the
function completes.
To prevent sarg from filling up the memory and waking up the OOM killer
while reading an invalid or corrupted log file, the longest line sarg
will accept before aborting is 10MB long. The limit is arbitrary.
Update the messages when an error is detected while reading a line
The module to read long text lines may read any file. It is not restricted
to reading the input log file. Therefore, the error messages must not claim
that the error is in the input log file.
Frédéric Marchal [Thu, 14 Jun 2012 08:04:25 +0000 (10:04 +0200)]
Allow backslash as the domain/user separator
For NTLM users, the domain and user names may be separated by a + or a \\
as pointed out by mrac33:
(http://sourceforge.net/tracker/index.php?func=detail&aid=3532108&group_id=68910&atid=522791)
For compatibility reasons, the _ separator is still retained.
Thanks to mrac33 for reporting and fixing this bug.
Frédéric Marchal [Mon, 21 May 2012 19:55:47 +0000 (21:55 +0200)]
IP address resolution using one external program
It is now possible to resolve an IP address using an external program.
Only one external program can be configured but it may do anything
including attempting several strategies to resolve the IP address.
The module may be chained after the standard dns module to get the name of
a computer not registered with the DNS.
Executing an external program is exceedingly slow so it is best to try
the DNS first!
Frédéric Marchal [Mon, 21 May 2012 08:10:37 +0000 (10:10 +0200)]
Take the port number into account when processing IPv4 addresses
The port number is ignored from IPv4 addresses read from the log file. It
allows to compare IPv4 addresses against the host exclusion list.
Prior to that change, it was not possible to filter out IPv4 ranges if a
port number was reported in the log file as the address was not recognized
as an IPv4 address and therefore was not compared to the correct exclusion
list.
Frédéric Marchal [Mon, 12 Mar 2012 09:14:25 +0000 (10:14 +0100)]
Display the offending regular expression if an error is detected
If a regular expression is invalid, the actual regular expression is displayed
in the error message in addition to the error message from libpcre. The user
will know what regular expression failed.
Frédéric Marchal [Sat, 10 Mar 2012 14:37:11 +0000 (15:37 +0100)]
Deal with url without scheme or path in a squidGuard log
Some url in a squidGuard log don't start with a scheme:// and may not
even contain a path. Those bare minimum url are not parsed correctly
by the redirector_log_format suggested in sarg.conf.
To parse those log entries correctly, we grab the whole url in the
buffer and strip it down to keep the host name.
If an empty user name creeps up to the name manufacturing function, the name
generated to store the user's files is empty and it leads to the deletion of
the whole report directory during the process. The visible results is that sarg
ends up with an error because its output directory is missing.
This patch makes sure no empty file name is used. It is still necessary to
avoid empty user names in the first place.
Frédéric Marchal [Sat, 18 Feb 2012 08:19:45 +0000 (09:19 +0100)]
Make a module out of the DNS IP resolving
The code was changed to accommodate module names in resolve_ip instead of
just yes or no. The named modules are tried in sequence until one returns
a positive result.
Frédéric Marchal [Sun, 12 Feb 2012 15:42:35 +0000 (16:42 +0100)]
Fix the permissions in the archive file
The archive to distribute a release had the wrong permissions. Every
directory was missing the x permission preventing the user from entering
into the directory.
Avoid a possible name clash in the temporary directory
As all the temporary files are generated in the same directory and some of
them may be named after the user's ID found in the log file, it is possible
that a user's file ends up with the same name as an internal file such as
the downloads.
To avoid that name clash, the temporary files created for any auxiliary
report are suffixed with a distinct extension.
No links in the denied page if the user is not on the topusers list
The report with the denied accesses contains links to the user report page
but the user report page is not generated if the user is not on the
topusers list.
This patch hide the link if the user's page doesn't exists.