what to do to find the cause of the problem?

[jskywalker]

Next problem i have on my openSUSE 11.1 installation
opensuse:/var/log/squid # sarg -v
SARG Version: 2.2.5 Mar-03-2008

It seems that sarg is not taking some input from the access.log, because if its replaced with an empty file the segmentation-fault disappears, but i would like to know whic line in the access.log is the cause of this error.

opensuse:/var/log/squid # sarg -f /etc/sarg/sarg.conf -d 06/02/2011 -x -z
SARG: Init
SARG: Loading configuration from: /etc/sarg/sarg.conf
SARG: TAG: language English
SARG: TAG: access_log /var/log/squid/access.log
SARG: TAG: font_face Tahoma,Verdana,Arial
SARG: TAG: output_dir /srv/www/htdocs/squid-reports
SARG: TAG: overwrite_report yes
SARG: TAG: max_elapsed 28800000
SARG: TAG: show_successful_message no
SARG: TAG: show_read_statistics no
SARG: TAG: www_document_root /srv/www/htdocs
SARG: TAG: download_suffix "zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,mp3,avi,mpg,mpeg"
SARG: Parameters:
SARG:
SARG:              Hostname or IP address (-a) =
SARG:                       Useragent log (-b) =
SARG:                        Exclude file (-c) =
SARG:                     Date from-until (-d) = 06/02/2011-06/02/2011
SARG:       Email address to send reports (-e) =
SARG:                         Config file (-f) = /etc/sarg/sarg.conf
SARG:                         Date format (-g) = USA (mm/dd/yyyy)
SARG:                           IP report (-i) = No
SARG:                           Input log (-l) = /var/log/squid/access.log
SARG:                  Resolve IP Address (-n) = No
SARG:                          Output dir (-o) = /srv/www/htdocs/squid-reports/
SARG:    Use Ip Address instead of userid (-p) = No
SARG:                       Accessed site (-s) =
SARG:                                Time (-t) =
SARG:                                User (-u) =
SARG:                       Temporary dir (-w) = /tmp
SARG:                    Process messages (-x) = Yes
SARG:                      Debug messages (-z) = Yes
SARG:
SARG: sarg version: 2.2.5 Mar-03-2008
SARG: Maximum file descriptor: cur=1024 max=8192, changed to cur=20000 max=20000
SARG: Reading access log file: /var/log/squid/access.log
Segmentation fault

[jskywalker]

This line at the start of my access.log seemed to be the cause of this problem:

1296811875.815    453 192.168.178.4 TCP_REFRESH_HIT/200 8672 GET http://ie9cvlist.ie.microsoft.com/ie9cvlist.xml - DIRECT/65.54.89.173 text/xml

After deletion of this line everything is working again…..

[Frederic Marchal]

The line doesn't contains any of the known problem that can produce a segfault in sarg 2.2.5. Now sarg 2.2.5 is largely outdated and I won't investigate this problem unless it occurs with sarg 2.3.

Frederic

[jskywalker]

This version is what comes with openSUSE11.1 by default….
I will check if i can install a newer version.

[jskywalker]

ok, i installed "SARG Version: 2.3.1 Sep-18-2010"    (from source)

$ nl access.log | grep ie9cvlist  | awk '{ print $1, strftime("%d-%m-%y %H:%M", $2); }'
1 04-02-11 10:31
192 04-02-11 12:10
852 04-02-11 14:33
1980 04-02-11 16:33
3626 05-02-11 12:22
6302 05-02-11 19:28
6539 06-02-11 18:48
6914 06-02-11 19:38

html-report for this date shows:
Squid User Access Report
Period: 2011 Feb 04—2011 Feb 07
User: 192.168.178.4
Sort: bytes, reverse
User
ACCESSED SITE DATE TIME
ie9cvlist.ie.microsoft.com 04/02/2011 12:10:22
ie9cvlist.ie.microsoft.com 04/02/2011 14:33:40
ie9cvlist.ie.microsoft.com 04/02/2011 16:33:06
ie9cvlist.ie.microsoft.com 05/02/2011 12:22:24
ie9cvlist.ie.microsoft.com 05/02/2011 19:28:48
ie9cvlist.ie.microsoft.com 06/02/2011 18:48:21
ie9cvlist.ie.microsoft.com 06/02/2011 19:38:15

in this HTML, the record for 10:31 on 4Februari is missing.

This is exactly the first line of my access.log…… which i posted here previously