SARG on FreeBSD+Squid

Squid Report Analysis using SARG in FreeBSD and Squid 


Ok if you want to be the big brother and wanted to monitor and analyse the web usage of your users sarg is your best friend. Do let me warn you about
the consiquences of using it and breaking the users privacy and legal mess you can be. Do kindly let ur users know that they are getting monitored on their 
web usage.




Now why SARG?
Bcoz it produces nice report in html format neatly that too datewise and userwise


Prior requirment? Yes Apache and squid which I hope you guys have installed and running already


Installation is as root
#cd /usr/ports/www/sarg
#make install clean


Ok thats it you got it installed guys! Dont you love freebsd for its ports?


Now time to tweak sarg settings
#cd /usr/local/etc/sarg/


Lets edit sarg configuaration file
#vi sarg.conf


First of all modify the like which talks about squid access log file. Modify it according to ur squid log file location
Ok I am just putting only the besic ones kindly go through ur sarg configuration file and see what and all you can change and tweak


access_log /usr/local/squid/var/logs/access.log
graphs yes
graph_days_bytes_bar_color orange
title "Squid User Access Reports"
output_dir /var/www/htdocs/sarg
resolve_ip no
topuser_sort_field BYTES reverse
user_sort_field BYTES reverse


Ok save it and now its time for us to run it everyday so that it can produce the report at the end of the day
in my case I wanted sarge to produce the report at midnight so that I can check my users access next day morning


Now how to run it everyday mid night? There comes the cron for your help
Create a crontab entry to run the sarg at mid night everyday
#cronttab -e    
01 * * * *   root /usr/local/bin/sarg


Ok guys thats all , Ready to be the big brother and snoop on users . Shame on you guys :) dont you feel guily? Yeah I know the anser, WHY THE HELL I MUST BE?
If our bosses doesnt feel that, balls to users ha? LOL


OK I hope some desparete user dont kill us LOL

Getting rid of comments from any File

Ever wanted to have a mean squid.conf file?

How neat it may look if U get rid of all that comments of # marks

Yeah I found out an easier way with grep command
Infact I wanted to do it with awk which I am trying to learn but found the command worked on linux wont work in FreeBSD
So went back not shell commands and grep was there to save the day

#grep -v ^# /usr/local/etc/squid/squid.conf | grep -v ^$

Must get you the filtered squid configuration file without all that commented lines
Enjoy

Warm New Year Wishes

Wishing Everyone A Warm NewYear

Lets all hope this new year brings great hopes , peace and prosperity & achievements to everyones life.

Eagerly  looking forward to the coming months are years

Lets all have a wonderful New Year Ahead.

Babs

FreeBSD 8.0 Released!!!

Hey came today a great news of FreeBSD 8.0 release. Cant wait to put my hand on it. But I will hold on till the initial rush runs down and any issues prop up and settle down.
So here is the news we all are waiting for!
http://www.freebsd.org/releases/8.0R/relnotes.html

Whats interesting for me in that?
OK here they are
1.  FreeBSD 8.0-RELEASE 
2.  A new virtualization container named “vimage” has been implemented.
3.   The FreeBSD netisr framework has been reimplemented for parallel threading support.
4.   The FreeBSD TTY layer has been replaced with a new one 
5.   The FreeBSD Linux emulation layer has been updated 
6.   Includes Trusted BSD MAC 
7.   The FreeBSD USB subsystem 
8.   The ZFS file system has been updated
9.   The FreeBSD NFS v4 subsystem
10. The wireless network support layer (n
11. The GCC stack protection
12. Gnome and KDE


These are some of them though many I wont be using as for me whats interesting
 will be something I can use it in Server side




Anyway Ejnoy

Server under attack, How to deal with it by the help of bsd PF

Hammering those Hammers

If your server gets under attack what can be done and how we will be able to prevent server going down with hammering from the attackers
Few simeple steps with pf can do magic instead of some high fi pocket crashing firewalls

Say the server we want to protect is our web server

Add the following to the /etc/pf.conf
# Ok all the attackers goes to presistant mode with a file in /etc/pf.blocklist so
table persist file "/etc/pf.blocklist"

# block all incoming connections from attackers on FTPD
block in quick on $ext_if from

# Allow we server access with protection from hammering
pass in quick on $ext_if inet proto tcp from any to ($ext_if) port 80 keep state (max-src-conn-rate 5/40, overload flush global)

So  what the previous lines gona do

i.e if any ip produces more than 5 connections in 40 seconds time, that ip gona end up in pf table of hammers and who are in pf table of hammers are blocked with block in command bfore that

But this work as long as system doesnt restart or pf looses the table so lets make it permanent by adding it to rc.shutdown

# echo '/sbin/pfctl -t ftp-attacks -T show > /etc/pf.blocklist' >> /etc/rc.shutdown

Woah!  Next time even if the system reboots we have the list of those guys who tried to hammer our web server.

See how easy and cool it is
Yes ofcoz I came across from the net and used it for my purpose

Setting Fixed IP for Specific Hosts

When you need to have to fix ip for some systems  but supplied through DHCP
We need to add specific sections in /usr/local/etc/dhcp.conf

Add the following to /usr/local/etc/dhcp.conf
host {
hardware ethernet ;
fixed-address ;
option domain-name-servers ;
option domain-name "";
option routers ;
}

Ok save and quit the file
restart dhcpd
#/usr/local/etc/rc.d/isc-dhcpd restart

Ok there you go!
Enjoy! :)

Changing network settings without rebooting

Did ever wondered how to get the network settings change to applied immediately in Freebsd?
In Linux we had much easier service network restart
So after a few searches I found we have two commands in our help
Any changes to /etc/rc.conf
just run
#/etc/rc.d/netif restart

Any changes to routing to take place
#/etc/rc.d/routing restart

Yeah that two commands are my best friends when fiddling around with network settings
Enjoy :)