Onnowpurbo: Created page with "Installing and configuring AWStats to analyze SafeSquid Logs Post a reply 1 post • Page 1 of 1 Installing and configuring AWStats to analyze SafeSquid Logs by Tech Support..."

2017-06-23T02:37:51Z

Created page with "Installing and configuring AWStats to analyze SafeSquid Logs Post a reply 1 post • Page 1 of 1 Installing and configuring AWStats to analyze SafeSquid Logs by Tech Support..."

New page

Installing and configuring AWStats to analyze SafeSquid Logs
Post a reply
1 post • Page 1 of 1
Installing and configuring AWStats to analyze SafeSquid Logs

by Tech Support One » Wed Jan 07, 2009 5:54 pm
AWStat requires Perl for running and httpd service to view the log report.

1. Download the latest Awstats packge from the internet to /usr/local/src directory -

Code: Select all
cd /usr/local/src
wget -nd http://prdownloads.sourceforge.net/awstats/awstats-6.9.tar.gz

2. Extract the package -

Code: Select all
tar xvzf awstats-6.9.tar.gz

3. Copy awstats-6-9 directory to /usr/local/awstats directory

Code: Select all
cp -rfv /usr/loca/src/wstats-6.9 /usr/local/awstats
cd /usr/local/awstats/tools

4. Run awstats_configure.pl perl script for setting configuration parametters

Code: Select all
perl awstats_configure.pl

5. You will be asked to enter the path to httpd configuration file. Enter the path -
/etc/httpd/conf/httpd.conf (This is the default path of the httpd service in Fedora)

6. You will be asked to press 'y' to build the configuraion.

7. You will be asked to give a name to the configuraion file. Enter the IP of SafeSquid / Apache Server -
192.168.0.178

8. You will be asked to define the config file path -
/etc/awstats

9. Next, the httpd service will be restarted and you should get the follwoing message

Code: Select all
-----> Add update process inside a scheduler
Sorry, configure.pl does not support automatic add to cron yet.
You can do it manually by adding the following command to your cron:
/usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=192.168.0.178
Or if you have several config files and prefer having only one command:
/usr/local/awstats/tools/awstats_updateall.pl now
Press ENTER to continue...

10. When you press Enter to continue, you should get the following message -

Code: Select all
A SIMPLE config file has been created: /etc/awstats/awstats.192.168.0.178.conf
You should have a look inside to check and change manually main parameters.
You can then manually update your statistics for '192.168.0.178' with command:
> perl awstats.pl -update -config=192.168.0.178
You can also build static report pages for '192.168.0.178' with command:
> perl awstats.pl -output=pagetype -config=192.168.0.178

Press ENTER to finish...

10. Press Enter to finish the configuration.

11. Next, you will have to edit the configutraion file -

Code: Select all
vim /etc/awstats/awstats.192.168.0.178.conf

12. Locate the LogFile= parameter and specify the path to SafeSquid Extended Log -

Code: Select all
LogFile="/opt/safesquid/safesquid/logs/extended/extended.log"

13. Locate the LogFormat= parameter and modify it as follows -

Code: Select all
LogFormat="%otherquot %other %host %lognamequot %otherquot %time1 %methodurl %code %bytesd %refererquot %uaquot %other %extra1 %extra2 %extra3 %otherquot"

14. AWStats, by default, shows domains/country chart.
Since this is not required in a proxy reports, so you can disable it. Locate ShowDomainsStats=PHB parameter, and disable it -

Code: Select all
ShowDomainsStats=0

15. If you have authenticated users, and would to dispaly a chart for authenticated users, locate ShowAuthenticatedUsers=0 and make it -

Code: Select all
ShowAuthenticatedUsers=PHBL

16. If you would like to display a chart of all instances when a filter was activated, like ClamAV, URL Filter, URL Blacklist, etc. insert the following under the "# EXTRA SECTIONS"

Code: Select all
#This section displays the summary of all requests blocked by various filter
ExtraSectionName1="Summary of Security Breaches"
ExtraSectionCondition1="extra1,(ClamAV|dnsbl|url\-filter|keyword\-filter|mime\-filter|urlbl)"
ExtraSectionFirstColumnTitle1="Filter-Wise"
ExtraSectionFirstColumnValues1="extra1,([^\"]+)"
ExtraSectionStatTypes1=PHBL
ExtraSectionAddSumRow1=1
MaxNbOfExtra1=10
MinHitExtra1=1

#This section displays instances when ClamAV was activated
ExtraSectionName2="Security Breaches Prevented by CLAM ANTI VIRUS"
ExtraSectionCondition2="extra1,ClamAV"
ExtraSectionFirstColumnTitle2="Threats Detected & Blocked"
ExtraSectionFirstColumnValues2="extra2,([^\"]+)"
ExtraSectionStatTypes2=PHBL
ExtraSectionAddSumRow2=1
MaxNbOfExtra2=10
MinHitExtra2=1

#This section displays instances when DNS Blacklist was activated
ExtraSectionName3="Security Breaches Prevented by DNS BLACKLIST"
ExtraSectionCondition3="extra1,dnsbl"
ExtraSectionFirstColumnTitle3="Domains Bloked"
ExtraSectionFirstColumnValues3="extra2,([^\"]+)"
ExtraSectionStatTypes3=PHBL
ExtraSectionAddSumRow3=1
MaxNbOfExtra3=10
MinHitExtra3=1

#This section displays instances when URL Filter was activated
ExtraSectionName4="Security Breaches Prevented by URL FILTER"
ExtraSectionCondition4="extra1,url\-filter"
ExtraSectionFirstColumnTitle4="URLs Blocked"
ExtraSectionFirstColumnValues4="URL,(.+:\/\/[^\/]+)"
ExtraSectionStatTypes4=PHBL
ExtraSectionAddSumRow4=1
MaxNbOfExtra4=10
MinHitExtra4=1

#This section displays instances when Keyword Filter was activated
ExtraSectionName5="Security Breaches Prevented by KEYWORD FILTER"
ExtraSectionCondition5="extra1,keyword\-filter"
ExtraSectionFirstColumnTitle5="Score of blocked pages"
ExtraSectionFirstColumnValues5="URL,(.+:\/\/[^\/]+)"
ExtraSectionStatTypes5=PHBL
ExtraSectionAddSumRow5=1
MaxNbOfExtra5=10
MinHitExtra5=1

#This section displays instances when Mime FIlter was activated
ExtraSectionName6="Security Breaches Prevented by MIME FILTER"
ExtraSectionCondition6="extra1,mime\-filter"
ExtraSectionFirstColumnTitle6="Column Title"
ExtraSectionFirstColumnValues6="extra2,([^\"]+)"
ExtraSectionStatTypes6=PHBL
ExtraSectionAddSumRow6=1
MaxNbOfExtra6=10
MinHitExtra6=1

#This section displays instances when URL Blacklist was activated
ExtraSectionName7="Security Breaches Prevented by URL BLACKLIST"
ExtraSectionCondition7="extra1,urlbl"
ExtraSectionFirstColumnTitle7="Blocked Categories"
ExtraSectionFirstColumnValues7="extra2,([^\"]+)"
ExtraSectionStatTypes7=PHBL
ExtraSectionAddSumRow7=1
MaxNbOfExtra7=10
MinHitExtra7=1

16. Save and close the conf file.

16. Now you can generate a report with the command -

Code: Select all
cd /usr/local/awstats/tools/
./awstats_updateall.pl now

You should get this message -

Code: Select all
Running '"/usr/local/awstats/wwwroot/cgi-bin/awstats.pl" -update -config=192.168.0.178 -configdir="/etc/awstats"' to update config 192.168.0.178
Create/Update database for config "/etc/awstats/awstats.192.168.0.178.conf" by AWStats version 6.9 (build 1.925)
From data in log file "/opt/safesquid/safesquid/logs/extended/extended.log"...
Phase 1 : First bypass old records, searching new record...
Searching new records from beginning of log file...
Phase 2 : Now process new records (Flush history on disk after 20000 hosts)...
Jumped lines in file: 0
Parsed lines in file: 3691
Found 337 dropped records,
Found 2 corrupted records,
Found 0 old records,
Found 3352 new qualified records.

17. To view the log report, you need to enter this URL in the browser -
http://<ip of the linux machine>/awstats/awstats.pl?-confdig=<name of the config file>

Code: Select all
Enter -
http://192.168.0.178/awstats/awstats.pl?-config=192.168.0.178
This will display the generated report.

18. You can set cron jobs to update AWStats database by inserting following lines in the /etc/crontab file

Code: Select all
# This will update databse of the awstats every nighat at 12.05a.m.
5 00 * * * root /usr/local/awstats/tools/awstats_updateall.pl now

19. Save and restart cron -

Code: Select all
/etc/init.d/crond restart

==Referensi==

* https://www.safesquid.com/html/viewtopic.php?t=3002

SafeSquid: Integrasi Awstats - Revision history

Onnowpurbo: Created page with "Installing and configuring AWStats to analyze SafeSquid Logs Post a reply 1 post • Page 1 of 1 Installing and configuring AWStats to analyze SafeSquid Logs by Tech Support..."