Faruque Ahmed : MCP, MCSA, MCSE, MCTS, MCIT, CCNA, OCA, OCP, GCP

Squid Analyzer

------

Squid Analyzer in CentOS 6.4

----------------------------------------------------------------------------------------

1) Stop unwanted Services or settings

----------------------------------------------------------------------------------------

# /etc/init.d/NetworkManager stop

# chkconfig NetworkManager off

Note: Make sure you have configured Network i.e. (IP Address/Netmask/Gateway/DNS)

# vi /etc/sysconfig/selinux

SELINUX=disabled

----------------------------------------------------------------------------------------

2) Open Necessary Ports in iptables

----------------------------------------------------------------------------------------

[root@server ~]#vi /etc/sysconfig/iptables

-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

----------------------------------------------------------------------------------------

3) Install Require Packages and dependencies and verify

----------------------------------------------------------------------------------------

[root@server ~]# yum install perl-ExtUtils-MakeMaker perl-GD-Graph perl-GD-Graph3d make gd libpng -y

[root@server ~]# yum install perl-Time-HiRes -y

----------------------------------------------------------------------------------------

4) Download Squidanalyzer Packages Compile

----------------------------------------------------------------------------------------

[root@server ~]#cd /var/www/

[root@server ~]# wget http://downloads.sourceforge.net/project/squid-report/squid-report/5.4/squidanalyzer-5.4.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fsquid-report%2F&ts=1406810704&use_mirror=cznic

[root@server ~]# tar -zxvf squidanalyzer-5.4.tar.gz

[root@server ~]# cd squidanalyzer-5.4

[root@server ~]# perl Makefile.PL

[root@server ~]# make

[root@server ~]# cp SquidAnalyzer.pm blib/lib/SquidAnalyzer.pm

[root@server ~]# make install

----------------------------------------------------------------------------------------

5) Install and Configure Apache Web Server

----------------------------------------------------------------------------------------

[root@server ~]# yum install httpd

[root@server ~]# vi /etc/httpd/conf/httpd.conf

# Alias /squidreport /var/www/html/squidanalyzer

Alias /squidanalyzer /var/www/squidanalyzer

Options -Indexes FollowSymLinks MultiViews

AllowOverride None

# Order deny,allow

# Deny from all

# Allow from all

Require all granted

</Directory>

-------------OR--------------

### SquidAnalyzer ###

Alias /squidreport /var/www/squidanalyzer

Options -Indexes FollowSymLinks MultiViews

AllowOverride None

Order deny,allow

Deny from all

Allow from all

</Directory>

[root@server ~]# /etc/init.d/httpd restart

----------------------------------------------------------------------------------------

6) Create squidanalyzer-update script Set Cron for squidanalyzer

----------------------------------------------------------------------------------------

[root@server ~]# vi /etc/cron.daily/squidanalyzer-update.sh

#!/bin/sh

/usr/local/bin/squid-analyzer --logfile /var/log/squid/access.log --configfile /etc/squidanalyzer/squidanalyzer.conf

[root@server ~]# chmod +x /etc/cron.daily/squidanalyzer-update.sh

----------------------------------------------------------------------------------------

7) Edit squidanalyzer Main Config File & Do Following Changes

----------------------------------------------------------------------------------------

[root@server ~]# vi /var/www/squidanalyzer/etc/squidanalyzer.conf

# Set the path to the Squid log file

LogFile /var/log/squid/access.log

----------------------------------------------------------------------------------------

8) Edit squidanalyzer network-aliases Config File & Do Following Changes

----------------------------------------------------------------------------------------

[root@server ~]# vi /var/www/squidanalyzer/etc/network-aliases

ClassC Network 192.168.1.0/24

ClassC Network 192.168.2.0/24

Access via Browser

http:SERVER-IP or http://Server-IP-squidreport

#################################################################################################

Secure Your Directory Access with htpasswd

----------------------------------------------------------------------------------------

1: Edit httpd.conf & Insert Following Container

----------------------------------------------------------------------------------------

[root@server ~]# vi /etc/httpd/conf/httpd.conf

### SquidAnalyzer ###

Alias /squidreport /var/www/squidanalyzer

############### HTTP AUTHENTICATION START ############

AuthType Basic

AuthName "Restricted Access"

AuthUserFile /opt/squidanalyzer.passwords

Require valid-user

############### HTTP AUTHENTICATION END ############

Options -Indexes FollowSymLinks MultiViews

AllowOverride None

Order deny,allow

Deny from all

Allow from all

</Directory>

----------------------------------------------------------------------------------------

2: Then Generate a Username & Password with Following Command.

----------------------------------------------------------------------------------------

[root@server ~]# htpasswd -c /opt/squidanalyzer.passwords devendra

----------------------------------------------------------------------------------------

3: Check if password & username is generated

----------------------------------------------------------------------------------------

[root@server ~]# cat /opt/squidanalyzer.passwords

devendra:FgjXxAAssuZIo

Access via Browser

http:SERVER-IP or http://Server-IP-squidreport

------------------------X-----------------------------

Installing SquidAnalyzer Prerequisites on CentOS 7:

SquidAnalyzer is a web based software therefore, we are required to install a web server to deploy and run SquidAnalyzer.

Install Apache HTTP Server using yum command.

[root@squid-proxy-01 ~]# yum install -y httpd Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.ges.net.pk * extras: mirrors.ges.net.pk * updates: mirrors.ges.net.pk Resolving Dependencies --> Running transaction check ---> Package httpd.x86_64 0:2.4.6-90.el7.centos will be installed --> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-90.el7.centos.x86_64 --> Running transaction check ---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: httpd x86_64 2.4.6-90.el7.centos base 2.7 M Installing for dependencies: mailcap noarch 2.1.41-2.el7 base 31 k Transaction Summary ================================================================================ Install 1 Package (+1 Dependent package) Total download size: 2.7 M Installed size: 9.4 M Downloading packages: (1/2): mailcap-2.1.41-2.el7.noarch.rpm | 31 kB 00:01 (2/2): httpd-2.4.6-90.el7.centos.x86_64.rpm | 2.7 MB 00:05 -------------------------------------------------------------------------------- Total 519 kB/s | 2.7 MB 00:05 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : mailcap-2.1.41-2.el7.noarch 1/2 Installing : httpd-2.4.6-90.el7.centos.x86_64 2/2 Verifying : mailcap-2.1.41-2.el7.noarch 1/2 Verifying : httpd-2.4.6-90.el7.centos.x86_64 2/2 Installed: httpd.x86_64 0:2.4.6-90.el7.centos Dependency Installed: mailcap.noarch 0:2.1.41-2.el7 Complete!

SquidAnalyzer also requires perl compiler for installation.

Install perl packages using yum command.

[root@squid-proxy-01 ~]# yum install -y perl perl-devel ... Installed: perl-devel.x86_64 4:5.16.3-294.el7_6 Dependency Installed: gdbm-devel.x86_64 0:1.10-8.el7 glibc-devel.x86_64 0:2.17-292.el7 glibc-headers.x86_64 0:2.17-292.el7 kernel-headers.x86_64 0:3.10.0-1062.1.2.el7 libdb-devel.x86_64 0:5.3.21-25.el7 perl-ExtUtils-Install.noarch 0:1.58-294.el7_6 perl-ExtUtils-MakeMaker.noarch 0:6.68-3.el7 perl-ExtUtils-Manifest.noarch 0:1.61-244.el7 perl-ExtUtils-ParseXS.noarch 1:3.18-3.el7 perl-Test-Harness.noarch 0:3.28-3.el7 pyparsing.noarch 0:1.5.6-9.el7 systemtap-sdt-devel.x86_64 0:4.0-9.el7 Complete!

We are also required git command to clone the SquidAnalyzer source from GitHub.

[root@squid-proxy-01 ~]# yum install -y git ... Installed: git.x86_64 0:1.8.3.1-20.el7 Dependency Installed: perl-Error.noarch 1:0.17020-2.el7 perl-Git.noarch 0:1.8.3.1-20.el7 perl-TermReadKey.x86_64 0:2.30-20.el7 rsync.x86_64 0:3.1.2-6.el7_6.1 Complete!

Installing SquidAnalyzer on CentOS 7:

Download the source code of SquidAnalyzer using git command.

[root@squid-proxy-01 ~]# cd /var/www [root@squid-proxy-01 www]# git clone https://github.com/darold/squidanalyzer Cloning into 'squidanalyzer'... remote: Enumerating objects: 2064, done. remote: Total 2064 (delta 0), reused 0 (delta 0), pack-reused 2064 Receiving objects: 100% (2064/2064), 1.44 MiB | 640.00 KiB/s, done. Resolving deltas: 100% (1309/1309), done.

Compile SquidAnalyzer from source code.

[root@squid-proxy-01 www]# cd squidanalyzer/ [root@squid-proxy-01 squidanalyzer]# perl Makefile.PL which: no bzcat in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin) Checking if your kit is complete... Looks good Writing Makefile for SquidAnalyzer Done... Now type 'make && make install'

Installing SquidAnalyzer as follows.

[root@squid-proxy-01 squidanalyzer]# make && make install cp SquidAnalyzer.pm blib/lib/SquidAnalyzer.pm cp squid-analyzer blib/script/squid-analyzer /usr/bin/perl -MExtUtils::MY -e 'MY->fixin(shift)' -- blib/script/squid-analyzer Manifying blib/man3/SquidAnalyzer.3pm Installing /usr/local/share/perl5/SquidAnalyzer.pm sh install_all.sh ----------------------------------------------------------------------------- 1. Modify your httpd.conf to allow access to HTML output like follow: Alias /squidreport /var/www/squidanalyzer <Directory /var/www/squidanalyzer> Options -Indexes FollowSymLinks MultiViews AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.1 </Directory> 2. If necessary, give additional host access to SquidAnalyzer in httpd.conf. Restart and ensure that httpd is running. 3. Browse to http://my.host.dom/squidreport/ to ensure that things are working properly. 4. Setup a cronjob to run squid-analyzer daily: # SquidAnalyzer log reporting daily 0 2 * * * /usr/local/bin/squid-analyzer > /dev/null 2>&1 or run it manually. For more information, see /README file. ----------------------------------------------------------------------------- Appending installation info to /usr/lib64/perl5/perllocal.pod

Edit Apache configuration to add SquidAnalyzer website.

[root@squid-proxy-01 squidanalyzer]# cd [root@squid-proxy-01 ~]# vi /etc/httpd/conf.d/squidanalyzer.conf

Add following directives in configuration file.

Enable and start httpd.service.

[root@squid-proxy-01 ~]# systemctl enable --now httpd Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.

Allow HTTP service in CentOS 7 firewall.

[root@squid-proxy-01 ~]# firewall-cmd --permanent --add-service=http success [root@squid-proxy-01 ~]# firewall-cmd --reload success

By default the log file location, provided in squidanalyzer.conf file is incorrect according to our Linux distro. Therefore, we need to correct it before moving forward.

[root@squid-proxy-01 ~]# grep LogFile /etc/squidanalyzer/squidanalyzer.conf LogFile /var/log/squid3/access.log [root@squid-proxy-01 ~]# sed -i 's/squid3/squid/' /etc/squidanalyzer/squidanalyzer.conf [root@squid-proxy-01 ~]# grep LogFile /etc/squidanalyzer/squidanalyzer.conf LogFile /var/log/squid/access.log

Configure a Cron job for SquidAnalyzer to generate analytical reports.

[root@squid-proxy-01 ~]# crontab -e

add following lines therein.

# SquidAnalyzer log reporting daily 0 2 * * * /usr/local/bin/squid-analyzer > /dev/null 2>&1

We have to explicitly execute squid-analyzer command one time to generate reports in /var/www/squidanalyzer directory.

[root@squid-proxy-01 ~]# /usr/local/bin/squid-analyzer

Browse URL http://squid-proxy-01.example.com/squidreport in a client's browser.

Configure HTTP Basic Authentication for SquidAnalyzer:

SquidAnalyzer does not provides a native authentication method.

Since the SquidAnalyzer running as a web application, therefore, we can utilize the HTTP basic authentication to restrict the access to SquidAnalyzer website.

Install httpd-tools using yum command.

[root@squid-proxy-01 ~]# yum install -y httpd-tools Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.ges.net.pk * extras: mirrors.ges.net.pk * updates: mirrors.ges.net.pk Package httpd-tools-2.4.6-90.el7.centos.x86_64 already installed and latest version Nothing to do

Nothing to do! because, we have already installed httpd-tools during installation of Squid proxy server on CentOS 7.

Create a password file for SquidAnalyzer and add squidadmin user therein.

[root@squid-proxy-01 ~]# htpasswd -c /etc/squidanalyzer/passwd squidadmin New password: Re-type new password: Adding password for user squidadmin

Edit Apache configurations to add HTTP basic authentication.

[root@squid-proxy-01 ~]# vi /etc/httpd/conf.d/squidanalyzer.conf

Add HTTP basic authentication for SquidAnalyzer. Final configuration should be look like this.

Alias /squidreport /var/www/squidanalyzer <Directory /var/www/squidanalyzer> Options -Indexes +FollowSymLinks +MultiViews AllowOverride None Order deny,allow Deny from all Allow from 192.168.116.0/24 AuthType Basic AuthName "Restricted Content" AuthUserFile /etc/squidanalyzer/passwd Require valid-user </Directory>

Test Apache configuration files for syntax errors.

[root@squid-proxy-01 ~]# httpd -t Syntax OK

Restart Apache service to take changes in effect.

[root@squid-proxy-01 ~]# systemctl restart httpd.service

Browse URL http://squid-proxy-01.example.com/squidreport in a client's browser.

Now, it requires user authentication for access to SquidAnalyzer website.

We have successfully installed and configured SquidAnalyzer for Squid log analysis on CentOS 7.

------

Page updated

Google Sites

Report abuse