I don't know if it's what you wanted, but I found a way to create reports on
historical data in logs that have been rotated:
gunzip squidlog*.gz -d -c > large.log
sarg -l ./large.log -d 01/01/2008-01/02/2008
Basically, unzipping all the logfiles (you could also just do a subset) to
STDOUT and piping that into a new log, which sarg gets pointed to with a
date range.
My user used 235M worth of bandwidth in December!
Chris Robertson-2 wrote:
>
> Richard Chapman wrote:
>> Hi Chris - and many many thanks...
>>
>> See also below.
>>
>>> You have two choices with SARG.
>>>
>>> The first is the simplest, but might not meet your needs. Make sure
>>> in your sarg.conf file the "report_type" directive includes
>>> "users_sites" and "date_time" and/or "site_user_time_date". The
>>> first will give you a listing of the sites each username/IP
>>> accessed. The second, will show bandwidth usage per hour for each
>>> username/IP (linked from the main report). The third will give you a
>>> listing of the times an individual accessed a specific website
>>> (linked from the users_sites report).
>>>
>> I have checked that these "report_types" are enabled - and can find
>> most of what you are talking about except the one I really want. The
>> thing you describe as the "second" above is exactly what I want - but:
>> The date-time reports I get don't seem to be exactly what you
>> describe. If I go to the main page, then click on the most recent
>> report I get a list of client IP addresses.
>> If I click on the "Date-Time" icon near the left of each row - I get
>> an array with hours across and dates down. Each cell contains what
>> appears to be an "elapsed time". I don't really understand what this
>> time means - but it doesn't appear to be the Bandwidth used during
>> that hour.
>
> Hmmm. The report I get when I follow the steps you described (which
> _is_ the report I was referring to) is titled "Squid User Access
> Report". It's a grid with hours for the columns header and dates for
> the rows, but it lists usage by bytes...
>
> Aha. From sarg.conf:
>
> # TAG: date_time_by bytes|elap
> # Date/Time reports will use bytes or elapsed time?
> #
>
> #date_time_by bytes
>
>> Am I in the wrong place - or am I misunderstanding something? Either
>> way - what do these "times" mean?
>
> My understanding is that this indicates the amount of time Squid spent
> processing the requests (second column of the native log format). Since
> it can service more that one request at a time, it might add up to more
> than 1 hour per hour.
>
>> Tanks Chris
>>
>> Richard.
>
> Chris
>
>
-- View this message in context: http://www.nabble.com/Help-with-sarg-usage-tp17847023p21339027.html Sent from the Squid - Users mailing list archive at Nabble.com.Received on Wed Jan 07 2009 - 19:55:30 MST
This archive was generated by hypermail 2.2.0 : Thu Jan 08 2009 - 12:00:02 MST