Sarg 是一个用户分析统计 Squid 访问日志的工具,下载源代码编译安装:
tar zxvf sarg-2.0.9.tar.gz cd sarg-2.0.9 ./configure --prefix=/usr/local/sarg make make install
为了修改配置方便,创建目录 /etc/sarg 在该目录下建立到 /usr/local/sarg/sarg.conf 的符号链接,设置配置文件参数:
language English access_log /var/log/squid/access.log title "Squid User Access Reports" logo_image /Phoenix_Logo.gif image_size 240 91 output_dir /var/www/appl/sarg/ONE-SHOT exclude_users /etc/sarg/exusers exclude_hosts /etc/sarg/exhosts topsites_num 20 max_elapsed 28800000 report_type topsites sites_users users_sites date_time denied auth_failures site_user_time_date usertab /etc/sarg/userlist show_sarg_info no show_sarg_logo no
上面的配置文件中指定了三个配置文件,其中 exusers 包括不进行统计的客户端 IP 地址,exhosts 包括不进行统计的网站的 IP 地址或域名,而 userlist 是将 IP 地址转换为显示的用户名,使用脚本(gen_userlist.sh)读取 /etc/phoenix-ipinfo.conf 生成:
#!/bin/sh
cat /etc/phoenix-ipinfo.conf | grep -v ^# | awk -F'\t' '{ print $1,$5}' > /etc/sarg/userlist
Squid 日志使用 logrotate 归档日志文件,因此在创建每周和每月报表时,还必须读取合并已经归档的日志文件。
每天统计脚本(sarg.daily)
#!/bin/bash # Generate userlist /etc/sarg/gen_usrlist.sh > /dev/null 2>&1 # Get yesterday date YESTERDAY=$(date --date "1 day ago" +%d/%m/%Y) /usr/bin/sarg -o /var/www/appl/sarg/daily -d $YESTERDAY > /dev/null 2>&1 exit 0
这个脚本有个缺点因为每周日下午 logratate,所以周六、周日的日志就无法正确统计。
每周统计脚本(sarg.weekly)
#!/bin/bash # Define weekly log file weeklylogfile=/var/log/squid/access.log.week # Generate access.log for correct weekly reports zcat /var/log/squid/access.log.1.gz > $weeklylogfile cat /var/log/squid/access.log >> $weeklylogfile # Get yesterday date YESTERDAY=$(date --date "1 days ago" +%d/%m/%Y) # Get one week ago date WEEKAGO=$(date --date "7 days ago" +%d/%m/%Y) /usr/bin/sarg -l $weeklylogfile -o /var/www/appl/sarg/weekly \ -d $WEEKAGO-$YESTERDAY > /dev/null 2>&1 # Remove tmp log file rm -f $weeklylogfile exit 0
每月统计脚本(sarg.monthly)
#!/bin/bash
# Define monthly log file
monthlylogfile=/var/log/squid/access.log.monthly
echo > $monthlylogfile
# Generate monthly log file
i=5
while [ $i -gt 0 ]; do
if [ -f "/var/log/squid/access.log.$i.gz" ]; then
zcat /var/log/squid/access.log.$i.gz >> $monthlylogfile
fi
i=`expr $i - 1`
done
cat /var/log/squid/access.log >> $monthlylogfile
#Get yesterday date
YESTERDAY=$(date --date "1 day ago" +%d/%m/%Y)
#Get 1 month ago date
MONTHAGO=$(date --date "1 month ago" +%d/%m/%Y)
/usr/bin/sarg -l $monthlylogfile -o /var/www/appl/sarg/monthly \
-d $MONTHAGO-$YESTERDAY > /dev/null 2>&1
# Remove monthly log file
rm -f $monthlylogfile
exit 0
Share on Twitter
Share on Facebook
Comments
There are currently no comments
New Comment