How to set up sarg with opnsense?

Started by liver007, August 24, 2018, 12:39:26 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 24, 2018, 12:39:26 PM Last Edit: August 29, 2019, 06:59:55 AM by fabian
Hi all!
Anyone who has info that might be helpful in setting up Sarg on an opnsense firewall?
Suggestions and ideas are greatly appreciated.
August 28, 2018, 08:55:45 AM #1
Hello.
Yes, I installed Sarg in one of my installation of OPNSense.
A did a "step by step" guide and I have it in my office's server, I'm out now.
If you like I can post it as soon as I'll reach my office.

Cheers,

Michele.
August 28, 2018, 04:45:11 PM #2
Here I am.
Below the steps to install, configure and protect Sarg on OPNSense.
I have one installation and I did the installation many months ago.

INSTALL
pkg install sarg

CONFIG
Search for file "sarg.conf" and set thi parameter:
output_dir /usr/local/www/squid-reports

If this parameter remains unset reports will be unaccessible.

PROTECT
To protect access to reports with user and password follow these steps:

Search for file "/usr/local/etc/inc/plugin.inc.d/webgui.inc" and:

1) add string "mod_auth"

## modules to load
server.modules              =   ( "mod_access", "mod_expire", "mod_auth", "mod_compress", "mod_redirect",
  "mod_cgi", "mod_fastcgi","mod_alias", "mod_rewrite"
)

2) Just after those rows add these lines of code:

"auth.backend = "plain"
auth.backend.plain.userfile = "/usr/local/www/squid-reports/.htpasswd"
auth.require = ("/squid-reports" => (
"method" => "digest",
"realm" => "squid-reports",
"require" => "valid-user"
))"


3) Then create file "/usr/local/www/sarg-reports/.htpasswd"
and insert username and password inside (for istance):
admin:admin

Thats all.

Restart firewall to test.

HINT: file "webgui.inc" is being overwritten when OPNSense is updated or upgraded so it must be re-written for the part in point 2)

I hope to have been helpful,

cheers,

Michele.
August 28, 2018, 06:25:54 PM #3
FYI: a better solution would be using the nginx plugin.

just create a server listening on a high port like 8080/8443 and set the root to the export directory. If you use a location (use no match and / to match the URL), you can also configure authentication and it will persist across releases.
September 29, 2020, 03:18:03 PM #4
Hi myksto,

Following your steps i had installed sarg on opnsense but i cannot find sarg plugin on Opnsense Gui.
Can you please tell me how to access the sarg Gui for configurations?
September 30, 2020, 07:00:14 PM #5
Hi Raxid.
Unfortunately I have no more installations with Sarg and to tell the truth I really can't remember whether I had the plugin in the gui or not.

Sorry not to be able to give you some help. :(

Michele.
October 01, 2020, 09:17:55 AM #6
There never was a SARG plugin.
July 19, 2023, 02:40:05 PM #7

Quote
HINT: file "webgui.inc" is being overwritten when OPNSense is updated or upgraded so it must be re-written for the part in point 2)

You can put the conf in /usr/local/etc/lighttpd_webgui/conf.d/10-sarg.conf, hence you'll be resilient to update.
Print
Go Up Pages1
User actions