Squid/Sarg requirement

Discussion in 'Other Operating Systems' started by Rubberband, Jul 10, 2009.

  1. Rubberband

    Rubberband Member

    Joined:
    Jun 27, 2001
    Messages:
    6,750
    Location:
    Doreen, 3754
    Please excuse the noob terminology but this is a new area for me but I need advice on squid/sarg/proxies.

    I'm at Melbourne Uni and our entire network is managed centrally and so I don't have access to it directly. I've got a layman's knowledge of proxies from use but not from installation, configuration or requirements.

    We have student labs within our faculty containing 120 PC's and the rest of the faculty has about another 300. The issue we have is that students have access to wireless through their student accounts which has a download limit. If they use this account to log onto a lab PC they have this download limit passed onto the lab PC also, which isn't ideal as wireless is intended for study/personal use and the labs for study. If they blow their limit then the labs are useless to them without disabling the proxy, which is a waste of everyone's time.

    To remedy this we've disabled the proxy in the labs but now students have unlimited access to whatever they want. We receive reports from central I.T. in the event that a particular IP exceeds 500mb of downloads, but the problem with this system is that, being a lab, an IP isn't granular enough. Furthermore, we would like to expand our knowledge of internet usage over all the PC's in the faculty and instigate throttling on high use personal sites (we aren't permitted by policy to block any sites).

    I've installed Astaro Security Gateway which is great, except it doesn't have throttling per se, and it's rather expensive. I've got time to invest in a project and I also want to learn more linux as we are running VMWare and I want to reduce my dependence on the Windows GUI, so I'm thinking of installing a squid/sarg setup (based on my research).

    Being a Windows admin I really would like a GUI to interact with the reporting, not just for simplicity but also for my manager who doesn't have the time to learn linux. I know I can install ISA but where's the fun in that :)

    I've already tried an Ubuntu 8.10 server on vmware but I couldn't locate the commands (or instructions that worked) to install squid or sarg.

    The assistance I'm looking for is for someone to recommend the optimum distro and applications to achieve the following:

    - Monitor http usage
    - Reporting on users (using ldap authentication to AD)
    - GUI for the reporting would be great

    If someone would be able to list what I need, or even suggest a virtual appliance or package, that would be great. I don't mind having to pay for the right product, but not more than $1000/year.

    Thanks in advance :)
     
  2. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    7,162
    Location:
    Briz Vegas
  3. OP
    OP
    Rubberband

    Rubberband Member

    Joined:
    Jun 27, 2001
    Messages:
    6,750
    Location:
    Doreen, 3754
    Thanks :)

    In my closing comments I mentioned I don't mind learning CLI stuff as I need to be familiar with it for ESX. ISA is good, but there's an immediate cost and where's the fun? ;)

    As long as I can use vmware server to resolve this issue then I don't mind what I use.
     
  4. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    36,279
    Location:
    Brisbane
    Squid auths against AD/NTLM, LDAP, or anything else you like. Documentation on how to do it is covered in the default squid.conf (it's literally about six lines of config for the NTLM stuff, and another few for ACLs - all of which have verbose examples in the default conf file).

    From there you can use RRD to store whatever information you like graphically, whether it's via Squid directly or at your network level.

    Sarg is a painless install. "apt-get install sarg", and hack /etc/sarg/* and /etc/default/sarg to point to the relavent squid logs. It's also worth your time to get logrotate installed and working correctly to give you the right log cycles.

    There's no magic book/website/resource you need other than the default provided config files and man pages. Honestly, every example and requirement you have is covered within them (and any web tutorial will merely paraphrase them). How do you think I learned how to set them all up?
     
  5. OP
    OP
    Rubberband

    Rubberband Member

    Joined:
    Jun 27, 2001
    Messages:
    6,750
    Location:
    Doreen, 3754
    Thanks Elvis.
     
  6. maddhatter

    maddhatter Member

    Joined:
    Jun 27, 2001
    Messages:
    4,798
    Location:
    Mackay, QLD.
    Be sure to set squid to emulate HTTPD logs format - otherwise sarg won't read the logs correctly (this may not be the case anymore though :) )
     

Share This Page

Advertisement: