I decided on squid, since it is free, well-supported and run on Windows. I decided on the SquidNT version, although the version available (free registration required for download) for Microsoft Services for Unix (or Subsystem for Unix Applications in newer Windows versions) should work as well.
SquidNT does not include an installer and is simply extracted to the hard drive (preferably to "c:\"). It requires a bit of configuration before starting. (Simply run "squid.exe" from the command-prompt to attempt to run it) The log file ("C:\squid\var\logs\cache.log") also provides help figuring out why squid would not start. You need to generate cache folders before squid would start. ("squid -z")
Once squid is running the configuration can be tweaked a bit further. (For basic configuration see here; for advanced tweaking see here).
Once configuration is complete, it is a good idea to install it as a service ("squid -i") and set it to start automatically from "Services" under Administrative tools.
For log file analysis I use SARG, combined with the sarg-reports script. (get my configured version here) Since sarg-reports is a unix shell script and expects to be run form a Unix-like environment, I recommend installing Microsoft Services for Unix (SFU). Once SFU is installed, install Interop Systems' package manager. After that, it might be a good idea to install a few packages, install at least bash and mktemp ("pkg_update -L bash" for bash). Certain SFU applications need DEP to be turned off (AlwaysOff mode). This might affect security negatively.
For SARG's installation, I recommend downloading its source code from sourceforge. Extract the source code with the following command: "tar -xzf sarg-2.2.3.1.tar.gz" (replace filename with correct version). Change into the correct directory and run "./configure" followed by "make" and "make install". Sarg's configuration file can be found in "/usr/local/sarg". Edit it to correctly reflect the paths of your log files and web server documents directory. (/dev/fs/C/inetpub/wwwroot for IIS) You might want to creat a symlink from /var/www/html as well (since sarg sometimes ignores its config file).
The next step would be to install sarg-reports and log rotation. Copy sarg-reports to /usr/local/bin (C:\SFU\usr\local\bin from a Windows POV). Make it executable (chmod +x /usr/local/bin/sarg-reports). Edit sarg-reports in a text editor (supporting unix text files, such as notepad2) and modify the first line to read "#!/usr/local/bin/bash". Set any other settings that you wish.
Sarg-reports needs the GNU coreutils version of date to run. Download and install coreutils from here. Copy date.exe, libiconv2.dll and libintl3.dll from "C:\Program Files\GnuWin32\bin" to c:\SFU\common (backup original first). Rename /bin/date and replace it with a symbolic link to /common/date.exe. Attempt to run sarg-reports to ensure that it returns no errors.
Now the cron entries need to be added. Run "crontab -e" and add the following: (followed by Ctrl-D) (all text might not show correctly at a low resolution and high zoom. View source to copy all text)
00 * * * * /usr/local/bin/sarg-reports today
00 00 * * * /usr/local/bin/sarg-reports daily
00 01 * * 1 /usr/local/bin/sarg-reports weekly
30 02 1 * * /usr/local/bin/sarg-reports monthly && /dev/fs/C/squid/sbin/squid.exe -k rotate -n squid
Run "crontab -p" in order to save your password for use by cron.
SARG should run regularly now.
Hey Dude..
ReplyDeleteThis is a good post for a newbie like myself. And YES as expected of a newbie I am hoping you can advise me. I have a working configuration of SQUID & SARG, except my Log Rotation is not working like I want.
Everytime I need a report I have to do it manually by running sarg.exe and when I view the report it always begins with the date of a previous report up to the curent day.
I lost you from the "The next step would be to install sarg-reports and log rotation" section
I know this pretty vague but could you brake it down to a newbie level, there are not that many posts on how to do this in Windows so I will appreciate any feedback you might.
Thanks
Bonga Dwayi
On the installation that I described, SARG runs correctly for the intervals described, but it ends up creating an entry on the web interface for each hour. (I have a fix somewhere, can't remember exactly where...)
ReplyDeleteThe sarg-reports script should run sarg correctly for the period configured.
However the script requires a Unix-like environment to run under. This is where MS SFU comes in. (And date needs to be replaced with the GNU version since that is what the script expects)
The crontab editing could get a bit easier if you set your EDITOR environment variable beforehand. (vi is a common editor, but it takes some getting used to...) To set editor to vi type the following before running crontab -e: (Google VI beforehand if you are not familiar with it, it takes some getting used to)
EDITOR=vi
export EDITOR
the log rotation does not work perfectly as documented here, I should have updated the post when I figured out how to fix it...
Additional documentation: (in SFU sheel0
man crontab
man vi