SafeSquid: Integrasi Awstats
Installing and configuring AWStats to analyze SafeSquid Logs Post a reply 1 post • Page 1 of 1 Installing and configuring AWStats to analyze SafeSquid Logs
by Tech Support One » Wed Jan 07, 2009 5:54 pm AWStat requires Perl for running and httpd service to view the log report.
1. Download the latest Awstats packge from the internet to /usr/local/src directory -
Code: Select all
cd /usr/local/src wget -nd http://prdownloads.sourceforge.net/awstats/awstats-6.9.tar.gz
2. Extract the package -
Code: Select all
tar xvzf awstats-6.9.tar.gz
3. Copy awstats-6-9 directory to /usr/local/awstats directory
Code: Select all
cp -rfv /usr/loca/src/wstats-6.9 /usr/local/awstats cd /usr/local/awstats/tools
4. Run awstats_configure.pl perl script for setting configuration parametters
Code: Select all
perl awstats_configure.pl
5. You will be asked to enter the path to httpd configuration file. Enter the path - /etc/httpd/conf/httpd.conf (This is the default path of the httpd service in Fedora)
6. You will be asked to press 'y' to build the configuraion.
7. You will be asked to give a name to the configuraion file. Enter the IP of SafeSquid / Apache Server - 192.168.0.178
8. You will be asked to define the config file path - /etc/awstats
9. Next, the httpd service will be restarted and you should get the follwoing message
Code: Select all
-----> Add update process inside a scheduler Sorry, configure.pl does not support automatic add to cron yet. You can do it manually by adding the following command to your cron: /usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=192.168.0.178 Or if you have several config files and prefer having only one command: /usr/local/awstats/tools/awstats_updateall.pl now Press ENTER to continue...
10. When you press Enter to continue, you should get the following message -
Code: Select all
A SIMPLE config file has been created: /etc/awstats/awstats.192.168.0.178.conf You should have a look inside to check and change manually main parameters. You can then manually update your statistics for '192.168.0.178' with command: > perl awstats.pl -update -config=192.168.0.178 You can also build static report pages for '192.168.0.178' with command: > perl awstats.pl -output=pagetype -config=192.168.0.178
Press ENTER to finish...
10. Press Enter to finish the configuration.
11. Next, you will have to edit the configutraion file -
Code: Select all
vim /etc/awstats/awstats.192.168.0.178.conf
12. Locate the LogFile= parameter and specify the path to SafeSquid Extended Log -
Code: Select all
LogFile="/opt/safesquid/safesquid/logs/extended/extended.log"
13. Locate the LogFormat= parameter and modify it as follows -
Code: Select all
LogFormat="%otherquot %other %host %lognamequot %otherquot %time1 %methodurl %code %bytesd %refererquot %uaquot %other %extra1 %extra2 %extra3 %otherquot"
14. AWStats, by default, shows domains/country chart.
Since this is not required in a proxy reports, so you can disable it. Locate ShowDomainsStats=PHB parameter, and disable it -
Code: Select all
ShowDomainsStats=0
15. If you have authenticated users, and would to dispaly a chart for authenticated users, locate ShowAuthenticatedUsers=0 and make it -
Code: Select all
ShowAuthenticatedUsers=PHBL
16. If you would like to display a chart of all instances when a filter was activated, like ClamAV, URL Filter, URL Blacklist, etc. insert the following under the "# EXTRA SECTIONS"
Code: Select all
#This section displays the summary of all requests blocked by various filter ExtraSectionName1="Summary of Security Breaches" ExtraSectionCondition1="extra1,(ClamAV|dnsbl|url\-filter|keyword\-filter|mime\-filter|urlbl)" ExtraSectionFirstColumnTitle1="Filter-Wise" ExtraSectionFirstColumnValues1="extra1,([^\"]+)" ExtraSectionStatTypes1=PHBL ExtraSectionAddSumRow1=1 MaxNbOfExtra1=10 MinHitExtra1=1
#This section displays instances when ClamAV was activated ExtraSectionName2="Security Breaches Prevented by CLAM ANTI VIRUS" ExtraSectionCondition2="extra1,ClamAV" ExtraSectionFirstColumnTitle2="Threats Detected & Blocked" ExtraSectionFirstColumnValues2="extra2,([^\"]+)" ExtraSectionStatTypes2=PHBL ExtraSectionAddSumRow2=1 MaxNbOfExtra2=10 MinHitExtra2=1
#This section displays instances when DNS Blacklist was activated ExtraSectionName3="Security Breaches Prevented by DNS BLACKLIST" ExtraSectionCondition3="extra1,dnsbl" ExtraSectionFirstColumnTitle3="Domains Bloked" ExtraSectionFirstColumnValues3="extra2,([^\"]+)" ExtraSectionStatTypes3=PHBL ExtraSectionAddSumRow3=1 MaxNbOfExtra3=10 MinHitExtra3=1
#This section displays instances when URL Filter was activated ExtraSectionName4="Security Breaches Prevented by URL FILTER" ExtraSectionCondition4="extra1,url\-filter" ExtraSectionFirstColumnTitle4="URLs Blocked" ExtraSectionFirstColumnValues4="URL,(.+:\/\/[^\/]+)" ExtraSectionStatTypes4=PHBL ExtraSectionAddSumRow4=1 MaxNbOfExtra4=10 MinHitExtra4=1
#This section displays instances when Keyword Filter was activated ExtraSectionName5="Security Breaches Prevented by KEYWORD FILTER" ExtraSectionCondition5="extra1,keyword\-filter" ExtraSectionFirstColumnTitle5="Score of blocked pages" ExtraSectionFirstColumnValues5="URL,(.+:\/\/[^\/]+)" ExtraSectionStatTypes5=PHBL ExtraSectionAddSumRow5=1 MaxNbOfExtra5=10 MinHitExtra5=1
#This section displays instances when Mime FIlter was activated ExtraSectionName6="Security Breaches Prevented by MIME FILTER" ExtraSectionCondition6="extra1,mime\-filter" ExtraSectionFirstColumnTitle6="Column Title" ExtraSectionFirstColumnValues6="extra2,([^\"]+)" ExtraSectionStatTypes6=PHBL ExtraSectionAddSumRow6=1 MaxNbOfExtra6=10 MinHitExtra6=1
#This section displays instances when URL Blacklist was activated ExtraSectionName7="Security Breaches Prevented by URL BLACKLIST" ExtraSectionCondition7="extra1,urlbl" ExtraSectionFirstColumnTitle7="Blocked Categories" ExtraSectionFirstColumnValues7="extra2,([^\"]+)" ExtraSectionStatTypes7=PHBL ExtraSectionAddSumRow7=1 MaxNbOfExtra7=10 MinHitExtra7=1
16. Save and close the conf file.
16. Now you can generate a report with the command -
Code: Select all
cd /usr/local/awstats/tools/ ./awstats_updateall.pl now
You should get this message -
Code: Select all
Running '"/usr/local/awstats/wwwroot/cgi-bin/awstats.pl" -update -config=192.168.0.178 -configdir="/etc/awstats"' to update config 192.168.0.178 Create/Update database for config "/etc/awstats/awstats.192.168.0.178.conf" by AWStats version 6.9 (build 1.925) From data in log file "/opt/safesquid/safesquid/logs/extended/extended.log"... Phase 1 : First bypass old records, searching new record... Searching new records from beginning of log file... Phase 2 : Now process new records (Flush history on disk after 20000 hosts)... Jumped lines in file: 0 Parsed lines in file: 3691 Found 337 dropped records, Found 2 corrupted records, Found 0 old records, Found 3352 new qualified records.
17. To view the log report, you need to enter this URL in the browser -
http://<ip of the linux machine>/awstats/awstats.pl?-confdig=<name of the config file>
Code: Select all
Enter - http://192.168.0.178/awstats/awstats.pl?-config=192.168.0.178 This will display the generated report.
18. You can set cron jobs to update AWStats database by inserting following lines in the /etc/crontab file
Code: Select all
# This will update databse of the awstats every nighat at 12.05a.m. 5 00 * * * root /usr/local/awstats/tools/awstats_updateall.pl now
19. Save and restart cron -
Code: Select all
/etc/init.d/crond restart