Next problem i have on my openSUSE 11.1 installation
opensuse:/var/log/squid # sarg -v
SARG Version: 2.2.5 Mar-03-2008
It seems that sarg is not taking some input from the access.log, because if its replaced with an empty file the segmentation-fault disappears, but i would like to know whic line in the access.log is the cause of this error.
opensuse:/var/log/squid # sarg -f /etc/sarg/sarg.conf -d 06/02/2011 -x -z
SARG: Init
SARG: Loading configuration from: /etc/sarg/sarg.conf
SARG: TAG: language English
SARG: TAG: access_log /var/log/squid/access.log
SARG: TAG: font_face Tahoma,Verdana,Arial
SARG: TAG: output_dir /srv/www/htdocs/squid-reports
SARG: TAG: overwrite_report yes
SARG: TAG: max_elapsed 28800000
SARG: TAG: show_successful_message no
SARG: TAG: show_read_statistics no
SARG: TAG: www_document_root /srv/www/htdocs
SARG: TAG: download_suffix "zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,mp3,avi,mpg,mpeg"
SARG: Parameters:
SARG:
SARG: Hostname or IP address (-a) =
SARG: Useragent log (-b) =
SARG: Exclude file (-c) =
SARG: Date from-until (-d) = 06/02/2011-06/02/2011
SARG: Email address to send reports (-e) =
SARG: Config file (-f) = /etc/sarg/sarg.conf
SARG: Date format (-g) = USA (mm/dd/yyyy)
SARG: IP report (-i) = No
SARG: Input log (-l) = /var/log/squid/access.log
SARG: Resolve IP Address (-n) = No
SARG: Output dir (-o) = /srv/www/htdocs/squid-reports/
SARG: Use Ip Address instead of userid (-p) = No
SARG: Accessed site (-s) =
SARG: Time (-t) =
SARG: User (-u) =
SARG: Temporary dir (-w) = /tmp
SARG: Process messages (-x) = Yes
SARG: Debug messages (-z) = Yes
SARG:
SARG: sarg version: 2.2.5 Mar-03-2008
SARG: Maximum file descriptor: cur=1024 max=8192, changed to cur=20000 max=20000
SARG: Reading access log file: /var/log/squid/access.log
Segmentation fault
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The line doesn't contains any of the known problem that can produce a segfault in sarg 2.2.5. Now sarg 2.2.5 is largely outdated and I won't investigate this problem unless it occurs with sarg 2.3.
Frederic
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
html-report for this date shows:
Squid User Access Report
Period: 2011 Feb 04—2011 Feb 07
User: 192.168.178.4
Sort: bytes, reverse
User
ACCESSED SITE DATE TIME
ie9cvlist.ie.microsoft.com 04/02/2011 12:10:22
ie9cvlist.ie.microsoft.com 04/02/2011 14:33:40
ie9cvlist.ie.microsoft.com 04/02/2011 16:33:06
ie9cvlist.ie.microsoft.com 05/02/2011 12:22:24
ie9cvlist.ie.microsoft.com 05/02/2011 19:28:48
ie9cvlist.ie.microsoft.com 06/02/2011 18:48:21
ie9cvlist.ie.microsoft.com 06/02/2011 19:38:15
in this HTML, the record for 10:31 on 4Februari is missing.
This is exactly the first line of my access.log…… which i posted here previously
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Next problem i have on my openSUSE 11.1 installation
opensuse:/var/log/squid # sarg -v
SARG Version: 2.2.5 Mar-03-2008
It seems that sarg is not taking some input from the access.log, because if its replaced with an empty file the segmentation-fault disappears, but i would like to know whic line in the access.log is the cause of this error.
opensuse:/var/log/squid # sarg -f /etc/sarg/sarg.conf -d 06/02/2011 -x -z
SARG: Init
SARG: Loading configuration from: /etc/sarg/sarg.conf
SARG: TAG: language English
SARG: TAG: access_log /var/log/squid/access.log
SARG: TAG: font_face Tahoma,Verdana,Arial
SARG: TAG: output_dir /srv/www/htdocs/squid-reports
SARG: TAG: overwrite_report yes
SARG: TAG: max_elapsed 28800000
SARG: TAG: show_successful_message no
SARG: TAG: show_read_statistics no
SARG: TAG: www_document_root /srv/www/htdocs
SARG: TAG: download_suffix "zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,mp3,avi,mpg,mpeg"
SARG: Parameters:
SARG:
SARG: Hostname or IP address (-a) =
SARG: Useragent log (-b) =
SARG: Exclude file (-c) =
SARG: Date from-until (-d) = 06/02/2011-06/02/2011
SARG: Email address to send reports (-e) =
SARG: Config file (-f) = /etc/sarg/sarg.conf
SARG: Date format (-g) = USA (mm/dd/yyyy)
SARG: IP report (-i) = No
SARG: Input log (-l) = /var/log/squid/access.log
SARG: Resolve IP Address (-n) = No
SARG: Output dir (-o) = /srv/www/htdocs/squid-reports/
SARG: Use Ip Address instead of userid (-p) = No
SARG: Accessed site (-s) =
SARG: Time (-t) =
SARG: User (-u) =
SARG: Temporary dir (-w) = /tmp
SARG: Process messages (-x) = Yes
SARG: Debug messages (-z) = Yes
SARG:
SARG: sarg version: 2.2.5 Mar-03-2008
SARG: Maximum file descriptor: cur=1024 max=8192, changed to cur=20000 max=20000
SARG: Reading access log file: /var/log/squid/access.log
Segmentation fault
This line at the start of my access.log seemed to be the cause of this problem:
1296811875.815 453 192.168.178.4 TCP_REFRESH_HIT/200 8672 GET http://ie9cvlist.ie.microsoft.com/ie9cvlist.xml - DIRECT/65.54.89.173 text/xml
After deletion of this line everything is working again…..
The line doesn't contains any of the known problem that can produce a segfault in sarg 2.2.5. Now sarg 2.2.5 is largely outdated and I won't investigate this problem unless it occurs with sarg 2.3.
Frederic
This version is what comes with openSUSE11.1 by default….
I will check if i can install a newer version.
ok, i installed "SARG Version: 2.3.1 Sep-18-2010" (from source)
$ nl access.log | grep ie9cvlist | awk '{ print $1, strftime("%d-%m-%y %H:%M", $2); }'
1 04-02-11 10:31
192 04-02-11 12:10
852 04-02-11 14:33
1980 04-02-11 16:33
3626 05-02-11 12:22
6302 05-02-11 19:28
6539 06-02-11 18:48
6914 06-02-11 19:38
html-report for this date shows:
Squid User Access Report
Period: 2011 Feb 04—2011 Feb 07
User: 192.168.178.4
Sort: bytes, reverse
User
ACCESSED SITE DATE TIME
ie9cvlist.ie.microsoft.com 04/02/2011 12:10:22
ie9cvlist.ie.microsoft.com 04/02/2011 14:33:40
ie9cvlist.ie.microsoft.com 04/02/2011 16:33:06
ie9cvlist.ie.microsoft.com 05/02/2011 12:22:24
ie9cvlist.ie.microsoft.com 05/02/2011 19:28:48
ie9cvlist.ie.microsoft.com 06/02/2011 18:48:21
ie9cvlist.ie.microsoft.com 06/02/2011 19:38:15
in this HTML, the record for 10:31 on 4Februari is missing.
This is exactly the first line of my access.log…… which i posted here previously