Richard Chapman wrote:
I also can't find a way to make it cover further back than the current
squid log file - though the daily and weekly reports will presumably
go further back.
/path/to/sarg -l /var/log/squid/access.log -l
/var/log/squid/access.log.1 -l /var/log/squid/access.log.2.gz
will parse the data from access.log, access.log.1 and (after gunzipping)
access.log.2.gz, and will give you one report for the time covered by
these log files.
What i want to do is produce a report that shows me:
Which clients visited which sites between (say) 18:00 and 19:00. Maybe
this is possible with sarg - but if so I haven't found it.
You have two choices with SARG.
The first is the simplest, but might not meet your needs. Make sure in
your sarg.conf file the "report_type" directive includes "users_sites"
and "date_time" and/or "site_user_time_date". The first will give you a
listing of the sites each username/IP accessed. The second, will show
bandwidth usage per hour for each username/IP (linked from the main
report). The third will give you a listing of the times an individual
accessed a specific website (linked from the users_sites report).
Your second option is to create a report just covering a specific time
period. The following hourly cron job does this:
#!/bin/bash
#Get current date
TODAY=$(date +%d/%m/%Y)
LASTHOUR=$(date +%H -d "1 hour ago")
HOUR=$(date +%H)
/bin/touch /path/to/web/squid-reports/images
# Be careful with this next line, as it recursively removes any files
modified more
# than 30 minutes ago in the path given!
/usr/bin/find /path/to/web/squid-reports -type d -cmin +30 -exec rm -rf
{} \;
/usr/bin/sarg -d $TODAY-$TODAY -t $LASTHOUR:00-$HOUR:00
Regards
Richard.
Chris