Monthly Archives: March 2015

Sarg – Squid Analysis Report Generator

Install Sarg – Squid Analysis Report Generator

wget -O sarg-latest.tar.gz
tar zxvf sarg-latest.tar.gz
cd sarg-*
sudo make install


access_log /var/log/squid3/access.log
output_dir /var/www/squid-reports
temporary_dir /var/tmp/sarg
date_format e
overwrite_report yes
lastlog 45
resolve_ip yes

mkdir -p /var/www/squid-reports /var/tmp/sarg
chown www-data:www-data /var/www/squid-reports /var/tmp/sarg
chmod 775 /var/tmp/sarg
usermod -a -G proxy,staff www-data

Generate Sarg report
su -c "sarg -x" www-data

Access Sarg report

Automatic generating Sarg reports

Daily report

su -c "sarg -d day-1 -w /var/tmp/sarg/sarg.daily -o /var/www/squid-reports/Daily /var/log/squid3/access.log*" www-data

Weekly report

su -c "sarg -d week-1 -w /var/tmp/sarg/sarg.weekly -o /var/www/squid-reports/Weekly /var/log/squid3/access.log*" www-data

Monthly report

su -c "sarg -d month-1 -w /var/tmp/sarg/sarg.monthly -o /var/www/squid-reports/Monthly /var/log/squid3/access.log*" www-data

chmod 755 /etc/cron.daily/sarg /etc/cron.weekly/sarg /etc/cron.monthly/sarg

Squid transparent proxy

Setup Squid transparent proxy

Install required dependencies:

apt-get build-dep squid3 openssh openssl
apt-get install devscripts build-essential fakeroot libtool libssl-dev libcrypto++-dev devscripts ssl-cert squid-langpack libecap2-dev

Download Squid sources:

cd /usr/src
tar -xvf squid3_3.4.8.orig.tar.bz2
cd squid-3.4.8/
tar -xvf ../squid3_3.4.8-6.debian.tar.xz

Include Squid transparent SSL support:

vi debian/rules
--enable-ssl \
--enable-ssl-crtd \

Build Deb packages:

debuild -us -uc -b -d

Check Squid3 version:
squid3 -v

Initialise certificates directory:

/usr/lib/squid3/ssl_crtd -c -s /var/lib/ssl_db/
chown -R proxy:proxy /var/lib/ssl_db/

Create Squid caching directory:

mkdir /var/cache/squid
chown proxy:proxy /var/cache/squid/

Generate a certificate for Squid:

cd /etc/ssl/private
openssl genrsa -out squid.key 2048
openssl req -new -key squid.key -out squid.csr    
openssl x509 -req -days 1825 -in squid.csr -signkey squid.key -out squid.crt

Squid configuration file:

cd /etc/squid3
mv squid.conf squid.conf.orig


#Proxy Name
visible_hostname home-server.homelan

#Proxy Logs
access_log stdio:/var/log/squid3/access.log
cache_log /var/log/squid3/cache.log
coredump_dir /var/cache/squid

#SSL Parametres
ssl_bump none localhost
always_direct allow all
sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/lib/ssl_db/ -M 256MB
sslcrtd_children 50
sslproxy_cert_error allow all

#Access Lists
acl localnet src

#Ports allowed through Squid
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all

#Proxy Ports
http_port 3128
http_port 3129 intercept
https_port 3130 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=256MB cert=/etc/ssl/private/squid.crt key=/etc/ssl/private/squid.key version=3

#Caching Directory
cache_dir ufs /var/spool/squid3 500 16 256
cache_mem 512 MB

#DNS Servers

#Shutdown time
shutdown_lifetime 3 seconds

Load Sysctl settings:


sysctl -p

Adjust UFW rules to redirect web traffic to Squid:

# Port Forwardings
-A PREROUTING -s -p tcp --dport 80 -j REDIRECT --to-port 3129
-A PREROUTING -s -p tcp --dport 443 -j REDIRECT --to-port 3130

# Forward traffic through eth0 (Internet)

# don't delete the 'COMMIT' line or these nat table rules won't
# be processed

Run Squid in foregroud:
squid3 -NCd1

See Squid activity using:

tail -f /var/log/squid3/cache.log
tail -f /var/log/squid3/access.log

Start Squid as a daemon:
/etc/init.d/squid3 restart