SafeSquid: Integrasi Awstats

From OnnoWiki
Jump to navigation Jump to search

Installing and configuring AWStats to analyze SafeSquid Logs Post a reply 1 post • Page 1 of 1 Installing and configuring AWStats to analyze SafeSquid Logs

by Tech Support One » Wed Jan 07, 2009 5:54 pm AWStat requires Perl for running and httpd service to view the log report.

1. Download the latest Awstats packge from the internet to /usr/local/src directory -

Code: Select all 

   cd /usr/local/src
   wget -nd http://prdownloads.sourceforge.net/awstats/awstats-6.9.tar.gz


2. Extract the package -

Code: Select all 

   tar xvzf awstats-6.9.tar.gz


3. Copy awstats-6-9 directory to /usr/local/awstats directory

Code: Select all 

   cp -rfv /usr/loca/src/wstats-6.9 /usr/local/awstats
   cd /usr/local/awstats/tools


4. Run awstats_configure.pl perl script for setting configuration parametters

Code: Select all 

   perl awstats_configure.pl


5. You will be asked to enter the path to httpd configuration file. Enter the path - /etc/httpd/conf/httpd.conf (This is the default path of the httpd service in Fedora)

6. You will be asked to press 'y' to build the configuraion.

7. You will be asked to give a name to the configuraion file. Enter the IP of SafeSquid / Apache Server - 192.168.0.178

8. You will be asked to define the config file path - /etc/awstats

9. Next, the httpd service will be restarted and you should get the follwoing message

Code: Select all 

   -----> Add update process inside a scheduler
   Sorry, configure.pl does not support automatic add to cron yet.
   You can do it manually by adding the following command to your cron:
   /usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=192.168.0.178
   Or if you have several config files and prefer having only one command:
   /usr/local/awstats/tools/awstats_updateall.pl now
   Press ENTER to continue...


10. When you press Enter to continue, you should get the following message -

Code: Select all 

   A SIMPLE config file has been created: /etc/awstats/awstats.192.168.0.178.conf
   You should have a look inside to check and change manually main parameters.
   You can then manually update your statistics for '192.168.0.178' with command:
   > perl awstats.pl -update -config=192.168.0.178
   You can also build static report pages for '192.168.0.178' with command:
   > perl awstats.pl -output=pagetype -config=192.168.0.178

   Press ENTER to finish...


10. Press Enter to finish the configuration.

11. Next, you will have to edit the configutraion file -

Code: Select all 

   vim /etc/awstats/awstats.192.168.0.178.conf


12. Locate the LogFile= parameter and specify the path to SafeSquid Extended Log -

Code: Select all 

   LogFile="/opt/safesquid/safesquid/logs/extended/extended.log"


13. Locate the LogFormat= parameter and modify it as follows -

Code: Select all 

   LogFormat="%otherquot %other %host %lognamequot %otherquot %time1 %methodurl %code %bytesd %refererquot %uaquot %other %extra1 %extra2 %extra3 %otherquot"


14. AWStats, by default, shows domains/country chart. Since this is not required in a proxy reports, so you can disable it. Locate ShowDomainsStats=PHB parameter, and disable it -

Code: Select all 

   ShowDomainsStats=0


15. If you have authenticated users, and would to dispaly a chart for authenticated users, locate ShowAuthenticatedUsers=0 and make it -

Code: Select all 

   ShowAuthenticatedUsers=PHBL


16. If you would like to display a chart of all instances when a filter was activated, like ClamAV, URL Filter, URL Blacklist, etc. insert the following under the "# EXTRA SECTIONS"

Code: Select all 

   #This section displays the summary of all requests blocked by various filter
   ExtraSectionName1="Summary of Security Breaches"
   ExtraSectionCondition1="extra1,(ClamAV|dnsbl|url\-filter|keyword\-filter|mime\-filter|urlbl)"
   ExtraSectionFirstColumnTitle1="Filter-Wise"
   ExtraSectionFirstColumnValues1="extra1,([^\"]+)"
   ExtraSectionStatTypes1=PHBL
   ExtraSectionAddSumRow1=1
   MaxNbOfExtra1=10
   MinHitExtra1=1

   #This section displays instances when ClamAV was activated
   ExtraSectionName2="Security Breaches Prevented by CLAM ANTI VIRUS"
   ExtraSectionCondition2="extra1,ClamAV"
   ExtraSectionFirstColumnTitle2="Threats Detected & Blocked"
   ExtraSectionFirstColumnValues2="extra2,([^\"]+)"
   ExtraSectionStatTypes2=PHBL
   ExtraSectionAddSumRow2=1
   MaxNbOfExtra2=10
   MinHitExtra2=1

   #This section displays instances when DNS Blacklist was activated
   ExtraSectionName3="Security Breaches Prevented by DNS BLACKLIST"
   ExtraSectionCondition3="extra1,dnsbl"
   ExtraSectionFirstColumnTitle3="Domains Bloked"
   ExtraSectionFirstColumnValues3="extra2,([^\"]+)"
   ExtraSectionStatTypes3=PHBL
   ExtraSectionAddSumRow3=1
   MaxNbOfExtra3=10
   MinHitExtra3=1

   #This section displays instances when URL Filter was activated
   ExtraSectionName4="Security Breaches Prevented by URL FILTER"
   ExtraSectionCondition4="extra1,url\-filter"
   ExtraSectionFirstColumnTitle4="URLs Blocked"
   ExtraSectionFirstColumnValues4="URL,(.+:\/\/[^\/]+)"
   ExtraSectionStatTypes4=PHBL
   ExtraSectionAddSumRow4=1
   MaxNbOfExtra4=10
   MinHitExtra4=1

   #This section displays instances when Keyword Filter was activated
   ExtraSectionName5="Security Breaches Prevented by KEYWORD FILTER"
   ExtraSectionCondition5="extra1,keyword\-filter"
   ExtraSectionFirstColumnTitle5="Score of blocked pages"
   ExtraSectionFirstColumnValues5="URL,(.+:\/\/[^\/]+)"
   ExtraSectionStatTypes5=PHBL
   ExtraSectionAddSumRow5=1
   MaxNbOfExtra5=10
   MinHitExtra5=1

   #This section displays instances when Mime FIlter was activated
   ExtraSectionName6="Security Breaches Prevented by MIME FILTER"
   ExtraSectionCondition6="extra1,mime\-filter"
   ExtraSectionFirstColumnTitle6="Column Title"
   ExtraSectionFirstColumnValues6="extra2,([^\"]+)"
   ExtraSectionStatTypes6=PHBL
   ExtraSectionAddSumRow6=1
   MaxNbOfExtra6=10
   MinHitExtra6=1

   #This section displays instances when URL Blacklist was activated
   ExtraSectionName7="Security Breaches Prevented by URL BLACKLIST"
   ExtraSectionCondition7="extra1,urlbl"
   ExtraSectionFirstColumnTitle7="Blocked Categories"
   ExtraSectionFirstColumnValues7="extra2,([^\"]+)"
   ExtraSectionStatTypes7=PHBL
   ExtraSectionAddSumRow7=1
   MaxNbOfExtra7=10
   MinHitExtra7=1


16. Save and close the conf file.

16. Now you can generate a report with the command -

Code: Select all 

   cd /usr/local/awstats/tools/
   ./awstats_updateall.pl now


You should get this message -

Code: Select all 

   Running '"/usr/local/awstats/wwwroot/cgi-bin/awstats.pl" -update -config=192.168.0.178 -configdir="/etc/awstats"' to update config 192.168.0.178
   Create/Update database for config "/etc/awstats/awstats.192.168.0.178.conf" by AWStats version 6.9 (build 1.925)
   From data in log file "/opt/safesquid/safesquid/logs/extended/extended.log"...
   Phase 1 : First bypass old records, searching new record...
   Searching new records from beginning of log file...
   Phase 2 : Now process new records (Flush history on disk after 20000 hosts)...
   Jumped lines in file: 0
   Parsed lines in file: 3691
   Found 337 dropped records,
   Found 2 corrupted records,
   Found 0 old records,
   Found 3352 new qualified records.



17. To view the log report, you need to enter this URL in the browser - http://<ip of the linux machine>/awstats/awstats.pl?-confdig=<name of the config file>

Code: Select all 

   Enter -
   http://192.168.0.178/awstats/awstats.pl?-config=192.168.0.178
   This will display the generated report.



18. You can set cron jobs to update AWStats database by inserting following lines in the /etc/crontab file

Code: Select all 

   # This will update databse of the awstats every nighat at 12.05a.m.
   5 00 * * * root /usr/local/awstats/tools/awstats_updateall.pl now


19. Save and restart cron -

Code: Select all 

   /etc/init.d/crond restart




Referensi

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=SafeSquid:_Integrasi_Awstats&oldid=48869"