Centos 7.9部署squid-SARG日志分析软件
2023/02/01 11:48 投稿
转载文章请注明源地址:https://www.latiao.org/631.html
部署SARG 2.3.8
下载地址:
https://master.dl.sourceforge.net/project/sarg/sarg/sarg-2.3.8/sarg-2.3.8.tar.gz?viasf=1
[root@localhost LOG]# tar zxvf sarg-2.3.8.tar.gz #解压
[root@localhost LOG]# cd sarg-2.3.8 #切换目录
[root@localhost LOG]# vim log.c # 对于64位的Linux,log.c的源代码修改
1506行:
if (fprintf(ufile->file, "%s\t%s\t%s\t%s\t%"PRIi64"\t%s\t%ld\t%s\n",dia,hora,ip,url,nbytes,code,elap_time,smartfilter)<=0) {
修改为:
if (fprintf(ufile->file, "%s\t%s\t%s\t%s\t%"PRIi64"\t%s\t%ld\t%s\n",dia,hora,ip,url,(int64_t)nbytes,code,elap_time,smartfilter)<=0) {
1513行:fprintf(fp_log, "%s\t%s\t%s\t%s\t%s\t%"PRIi64"\t%s\t%ld\t%s\n",dia,hora,user,ip,url,nbytes,code,elap_time,smartfilter);修改为:
fprintf(fp_log, "%s\t%s\t%s\t%s\t%s\t%"PRIi64"\t%s\t%ld\t%s\n",dia,hora,user,ip,url,(int64_t)nbytes,code,elap_time,smartfilter);
1654行:printf("LEN=\t%"PRIi64"\n",nbytes);
修改为:
printf("LEN=\t%"PRIi64"\n",(int64_t)nbytes);
[root@localhost LOG]# yum install gcc make httpd crond pcre-devel gd-devel -y #安装需要依赖
[root@localhost LOG]#./configure #开始编译
[root@localhost LOG]#make
[root@localhost LOG]#make install
[root@localhost LOG]vim /usr/local/etc/sarg.conf #修改配置文件
access_log /LOG/squid/access.log #日志文件位置
title "Squid User Access Reports" #标题
output_dir /LOG/sarg/squid-reports #输出目录
user_ip no #使用用户名显示
topuser_sort_field CONNECT reverse #top排序中使用连接数user_sort_field CONNECT reverse #用户访问使用连接数
overwrite_report no #是否覆盖日期相同
charset UTF-8 #编码
weekdays 0-6 #周期
hours 0-23 #时间
www_document_root /LOG/sarg/ #网站根目录
[root@localhost LOG]systemctl enable httpd #开机自启httpd
[root@localhost LOG]firewall-cmd --permanent --add-service=http #防火墙放行
[root@localhost LOG]vim /etc/httpd/conf/httpd.conf #apache配置文件,仅供参考
…
DocumentRoot "/LOG/sarg/"
<Directory "/LOG/">
AllowOverride None
Require all granted
</Directory>
<Directory "/LOG/sarg/">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
…
[root@localhost LOG]sarg -x #执行当前分析
分析完毕 浏览器访问:X.X.X.X/squid-reports 即可看到报告!
