Latest

Monday, 7 October 2019

Install SquidAnalyzer for Squid Log Analysis on CentOS 7

Install SquidAnalyzer for Squid Log Analysis on CentOS 7

SquidAnalyzer is a log analyzer for Squid proxy server. SquidAnalyzer generates and provides analytical reports via a web-based interface. SquidAnalyzer is free and open source. SquidAnalyzer is distributed under GNU GPL license.

We have installed Squid proxy server on CentOS 7 in our previous article. Now, we are installing SquidAnalyzer for Squid log analysis on the same CentOS 7 server to have a analytical view of Squid logs.

 

Table of Contents:

Install SquidAnalyzer for Squid Log Analysis on CentOS 7

Environment Specification:

We have provisioned a CentOS 7 virtual machine with following specification.

  • CPU - 3.4 Ghz (1 Core)
  • Memory - 1 GB
  • Storage - 20 GB
  • Operating System - CentOS 7.7
  • Hostname - squid-proxy-01.example.com
  • IP Address - 192.168.116.214/24

 

Installing SquidAnalyzer Prerequisites on CentOS 7:

SquidAnalyzer is a web based software therefore, we are required to install a web server to deploy and run SquidAnalyzer.

Install Apache HTTP Server using yum command.

# yum install -y httpd

SquidAnalyzer also requires perl compiler for installation.

Install perl packages using yum command.

# yum install -y perl perl-devel

We are also required git command to clone the SquidAnalyzer source from GitHub.

# yum install -y git

 

Installing SquidAnalyzer on CentOS 7:

Download the source code of SquidAnalyzer using git command.

# cd /var/www
# git clone https://github.com/darold/squidanalyzer
Cloning into 'squidanalyzer'...
remote: Enumerating objects: 2064, done.
remote: Total 2064 (delta 0), reused 0 (delta 0), pack-reused 2064
Receiving objects: 100% (2064/2064), 1.44 MiB | 640.00 KiB/s, done.
Resolving deltas: 100% (1309/1309), done.

Compile SquidAnalyzer from source code.

# cd squidanalyzer/
# perl Makefile.PL
which: no bzcat in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
Checking if your kit is complete...
Looks good
Writing Makefile for SquidAnalyzer
Done...

Now type 'make && make install'

Installing SquidAnalyzer as follows.

# make && make install
cp SquidAnalyzer.pm blib/lib/SquidAnalyzer.pm
cp squid-analyzer blib/script/squid-analyzer
/usr/bin/perl -MExtUtils::MY -e 'MY->fixin(shift)' -- blib/script/squid-analyzer
Manifying blib/man3/SquidAnalyzer.3pm

Installing /usr/local/share/perl5/SquidAnalyzer.pm
sh install_all.sh

-----------------------------------------------------------------------------
1. Modify your httpd.conf to allow access to HTML output like follow:
        Alias /squidreport /var/www/squidanalyzer
        <Directory /var/www/squidanalyzer>
            Options -Indexes FollowSymLinks MultiViews
            AllowOverride None
            Order deny,allow
            Deny from all
            Allow from 127.0.0.1
        </Directory>
2. If necessary, give additional host access to SquidAnalyzer in httpd.conf.
   Restart and ensure that httpd is running.
3. Browse to http://my.host.dom/squidreport/ to ensure that things are working
   properly.
4. Setup a cronjob to run squid-analyzer daily:

     # SquidAnalyzer log reporting daily
     0 2 * * * /usr/local/bin/squid-analyzer > /dev/null 2>&1

or run it manually. For more information, see /README file.
-----------------------------------------------------------------------------

Appending installation info to /usr/lib64/perl5/perllocal.pod

Edit Apache configuration to add SquidAnalyzer website.

# cd
# vi /etc/httpd/conf.d/squidanalyzer.conf

Add following directives in configuration file.

Alias /squidreport /var/www/squidanalyzer
<Directory /var/www/squidanalyzer>
        Options -Indexes +FollowSymLinks +MultiViews
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 192.168.116.0/24
</Directory>

Enable and start httpd.service.

# systemctl enable --now httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.

Allow HTTP service in CentOS 7 firewall.

# firewall-cmd --permanent --add-service=http
success
# firewall-cmd --reload
success

By default the log file location, provided in squidanalyzer.conf file is incorrect according to our Linux distro. Therefore, we need to correct it before moving forward.

# grep LogFile /etc/squidanalyzer/squidanalyzer.conf
LogFile /var/log/squid3/access.log
# sed -i 's/squid3/squid/' /etc/squidanalyzer/squidanalyzer.conf
# grep LogFile /etc/squidanalyzer/squidanalyzer.conf
LogFile /var/log/squid/access.log

Configure a Cron job for SquidAnalyzer to generate analytical reports.

# crontab -e

add following lines therein.

# SquidAnalyzer log reporting daily
0 2 * * * /usr/local/bin/squid-analyzer > /dev/null 2>&1

We have to explicitly execute squid-analyzer command one time to generate reports in /var/www/squidanalyzer directory.

# /usr/local/bin/squid-analyzer

Open URL http://squid-proxy-01.example.com/squidreport in a web browser.

01-install-squidanalyzer-global-stats

02-install-squidanalyzer-cache-stats

03-install-squidanalyzer-top-100-url

 

Configure HTTP Basic Authentication for SquidAnalyzer:

SquidAnalyzer does not provides a native authentication method.

Since the SquidAnalyzer running as a web application, therefore, we can utilize the HTTP basic authentication to restrict the access to SquidAnalyzer website.

Install httpd-tools using yum command.

# yum install -y httpd-tools
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.ges.net.pk
 * extras: mirrors.ges.net.pk
 * updates: mirrors.ges.net.pk
Package httpd-tools-2.4.6-90.el7.centos.x86_64 already installed and latest version
Nothing to do

Nothing to do! because, we have already installed httpd-tools during installation of Squid proxy server on CentOS 7.

Create a password file for SquidAnalyzer and add squidadmin user therein.

# htpasswd -c /etc/squidanalyzer/passwd squidadmin
New password:
Re-type new password:
Adding password for user squidadmin

Edit Apache configurations to add HTTP basic authentication.

# vi /etc/httpd/conf.d/squidanalyzer.conf

Add HTTP basic authentication for SquidAnalyzer. Final configuration should be look like this.

Alias /squidreport /var/www/squidanalyzer
<Directory /var/www/squidanalyzer>
        Options -Indexes +FollowSymLinks +MultiViews
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 192.168.116.0/24
        AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile /etc/squidanalyzer/passwd
        Require valid-user
</Directory>

Test Apache configuration files for syntax errors.

# httpd -t
Syntax OK

Restart Apache service to take changes in effect.

# systemctl restart httpd.service

Open URL http://squid-proxy-01.example.com/squidreport in a web browser.

04-install-squidanalyzer-user-authentication

Now, it requires user authentication for access to SquidAnalyzer website.

We have successfully installed and configured SquidAnalyzer for Squid log analysis on CentOS 7.

If you find this article useful? Don't you mind support us by Buy Me A Coffee


No comments:

Post a Comment

© 2022 CentLinux. All Rights Reserved.