August 2011
M T W T F S S
« Jul   Sep »
1234567
891011121314
15161718192021
22232425262728
293031  
  1. We welcome any feedback, questions or comments

Lightsquid : Monitoring SQUID users

Recently I was trying to use pfesence which would more easy to configure and does support transparent squid proxy. I had tried to setup different time slot to different group with different categories to set some policy to access internet. But I got fewer luck and seems that the access list we set earlier was override the previous one. So we can’t use multiple ACL list using Pfsence

Pfsense issues are.
a. I can’t set multiple ACL list with time based restriction. Certain rules are overlapping the existing one even though “Squid guard” does not shows any error while on creation time.
b. Only one user can connect a remote VPN over PPTP connection through the pfsense.

So I decided to drop Pfsence and found that it has some interesting features like bandwidthd,ntop and lightsquid. I like lightsquid much and would like it to be installed on my 512Mb cheap software router runs on CentOS.

How do I install and configure lightsquid on Squid server

1. Download the lightsquid from “http://lightsquid.sourceforge.net/”
2. Install apache and start it
3. Copy the lightsquid folder to any web location like ” /var/www/html/”
4. Add an entry like as below in httpd.conf

#vi /etc/httpd/conf/httpd.conf  
 <Directory "/var/www/html/lightsquid">
   AddHandler cgi-script .cgi
   AllowOverride All
   deny from all
   allow from <my ip>
   </Directory>

Configuring lightsquid
A. Switch to lightsquid directory and check necessary perl libraries are present.

[root@rc-009 lightsquid]# perl check-setup.pl
LightSquid Config Checker, (c) 2005-9 Sergey Erokhin GNU GPL
LogPath   : /var/log/squid
reportpath: /var/www/html/lightsquid/report
Lang      : /var/www/html/lightsquid/lang/eng
Template  : /var/www/html/lightsquid/tpl/base
Ip2Name   : /var/www/html/lightsquid/ip2name/ip2name.simple
all check passed, now try access to cgi part in browser
[root@rc-009 lightsquid]#

Pls note you may need to install perl “CGI” and “GD” library. GD is an optional to enable graph support. Sometime you may get error as follows,
Can’t locate CGI.pm in @INC (@INC contains: /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl
Solution is

[root@rc-009 lightsquid]# perl -MCPAN -e shell
Terminal does not support AddHistory.
cpan shell -- CPAN exploration and modules installation (v1.7602)
ReadLine support available (try 'install Bundle::CPAN')
cpan> install CGI
cpan> install GD

B. Set the scheduler to parse the squid log file.

a. Open the “lighsquid.cfg ” file and verify the squid log path is correctly set. You may also change the certain values as you wish like to get best graph size change the value to “$graphmaxall=3.50*(1024*1024*1024);” etc.

  $logpath             ="/var/log/squid";

b. Set the cronjob as follows

#crontab -l
        */50 * * * * /usr/bin/perl /var/www/html/lightsquid/lightparser.pl >/dev/null 2>&<code>
<strong>C. Customize the User-IP mapping file</strong>
      You need to  add all the users entry inside the "realname.cfg" file
       Eg: < IP>    <User name >
      <code>[root@rc-009 lightsquid]# grep "Liju"  realname.cfg
      192.168.0.14    Liju

You may also create groups by editing group.cfg. Add the entry like this

#cat  group.cfg
           Liju      01 SysAdmin
           Arun    01   SysAdmin
           Jacob  02    Support
           Tom   02         Support

That’s it. Try to run the parser to get first report.

/usr/bin/perl /var/www/html/lightsquid/lightparser.pl

Now it’s your turn to keep eye on user’s activity. Access the lightsquid over the ip ie http://squidserver ip/lightsquid

Here are the few useful reports

1. Daily usage report

2. User wise usage listing

3. Big files downloaded by the user

4. Daily Usage Graph

5. Listing time based access

Author: Liju Mathew
Visit Liju's Website - Email Liju
I'm Liju, one linux enthusiastic who have been playing with Linux for more than 7 years. I'm curious about to read blog, learning and implementing new technologies from my personal experience. Like to be play with burning head on busy schedule :-) This is a bookmark of all challenges that I'd faced which would be helpful to others sometimes as I'd learn it from the same way :-) Nothing more, I have to go miles, before I sleep

7 comments to Lightsquid : Monitoring SQUID users

  • Mithun Cheriyath

    Great Article. Thank you Liju ….. I am so happy that we worked together.

  • Is there a way to view top sites by user?

  • Obert

    Thank you so very much. It works perfectly.

  • srilinux

    nice tutorial, but when i run ./lightparser.pl and then proses….log, finaly the response
    —-
    LightSquid parser statistic report

    881 lines processed (average 881.00 lines per second)
    0 lines parsed
    0 lines recovered
    661 lines notrecovered
    220 lines skiped by bad year
    0 lines skiped by date filter
    0 lines skiped by Denied filter
    0 lines skiped by skipURL filter

    WARNING !!!!, parsed 0 lines from total : 881
    please check confiuration !!!!
    may be wrong log format selected ?

    what happened..? please help me

  • LogPath : /var/log/squid3
    reportpath: /var/www/html/lightsquid/report
    can’t found report folder `/var/www/html/lightsquid/report`
    please check $reportpath variable, create if need
    root@dellubuntu:/var/www/html/lightsquid-1.8# perl ./check-setup.pl
    LightSquid Config Checker, (c) 2005-9 Sergey Erokhin GNU GPL

    LogPath : /var/log/squid3
    reportpath: /var/www/html/lightsquid/report
    can’t found report folder `/var/www/html/lightsquid/report`
    please check $reportpath variable, create if need
    root@dellubuntu:/var/www/html/lightsquid-1.8#

  • frozzz

    hi

    i want to ask i finish it install lightsquid on openbsd and i has been read U tutor but if i opened on browser lightsquid just display content lightparse.pl

Leave a Reply

  

  

  

You can use these HTML tags

<a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>