SquidAnalyzer is a log analyzer for Squid proxy server. SquidAnalyzer generates and provides analytical reports via a web-based interface. SquidAnalyzer is free and open source. SquidAnalyzer is distributed under GNU GPL license.
We have installed Squid proxy server on CentOS 7 in our previous article. Now, we are installing SquidAnalyzer for Squid log analysis on the same CentOS 7 server to have a analytical view of Squid logs.
This Article Provides:
Environment Specification:
We have provisioned a CentOS 7 virtual machine with following specification.
- CPU - 3.4 Ghz (1 Core)
- Memory - 1 GB
- Storage - 20 GB
- Operating System - CentOS 7.7
- Hostname - squid-proxy-01.example.com
- IP Address - 192.168.116.214/24
Installing SquidAnalyzer Prerequisites on CentOS 7:
SquidAnalyzer is a web based software therefore, we are required to install a web server to deploy and run SquidAnalyzer.
Install Apache HTTP Server using yum command.
[root@squid-proxy-01 ~]# yum install -y httpd
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.ges.net.pk
* extras: mirrors.ges.net.pk
* updates: mirrors.ges.net.pk
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-90.el7.centos will be installed
--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-90.el7.centos.x86_64
--> Running transaction check
---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
httpd x86_64 2.4.6-90.el7.centos base 2.7 M
Installing for dependencies:
mailcap noarch 2.1.41-2.el7 base 31 k
Transaction Summary
================================================================================
Install 1 Package (+1 Dependent package)
Total download size: 2.7 M
Installed size: 9.4 M
Downloading packages:
(1/2): mailcap-2.1.41-2.el7.noarch.rpm | 31 kB 00:01
(2/2): httpd-2.4.6-90.el7.centos.x86_64.rpm | 2.7 MB 00:05
--------------------------------------------------------------------------------
Total 519 kB/s | 2.7 MB 00:05
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : mailcap-2.1.41-2.el7.noarch 1/2
Installing : httpd-2.4.6-90.el7.centos.x86_64 2/2
Verifying : mailcap-2.1.41-2.el7.noarch 1/2
Verifying : httpd-2.4.6-90.el7.centos.x86_64 2/2
Installed:
httpd.x86_64 0:2.4.6-90.el7.centos
Dependency Installed:
mailcap.noarch 0:2.1.41-2.el7
Complete!
SquidAnalyzer also requires perl compiler for installation.
Install perl packages using yum command.
[root@squid-proxy-01 ~]# yum install -y perl perl-devel
...
Installed:
perl-devel.x86_64 4:5.16.3-294.el7_6
Dependency Installed:
gdbm-devel.x86_64 0:1.10-8.el7
glibc-devel.x86_64 0:2.17-292.el7
glibc-headers.x86_64 0:2.17-292.el7
kernel-headers.x86_64 0:3.10.0-1062.1.2.el7
libdb-devel.x86_64 0:5.3.21-25.el7
perl-ExtUtils-Install.noarch 0:1.58-294.el7_6
perl-ExtUtils-MakeMaker.noarch 0:6.68-3.el7
perl-ExtUtils-Manifest.noarch 0:1.61-244.el7
perl-ExtUtils-ParseXS.noarch 1:3.18-3.el7
perl-Test-Harness.noarch 0:3.28-3.el7
pyparsing.noarch 0:1.5.6-9.el7
systemtap-sdt-devel.x86_64 0:4.0-9.el7
Complete!
We are also required git command to clone the SquidAnalyzer source from GitHub.
[root@squid-proxy-01 ~]# yum install -y git
...
Installed:
git.x86_64 0:1.8.3.1-20.el7
Dependency Installed:
perl-Error.noarch 1:0.17020-2.el7 perl-Git.noarch 0:1.8.3.1-20.el7
perl-TermReadKey.x86_64 0:2.30-20.el7 rsync.x86_64 0:3.1.2-6.el7_6.1
Complete!
Installing SquidAnalyzer on CentOS 7:
Download the source code of SquidAnalyzer using git command.
[root@squid-proxy-01 ~]# cd /var/www
[root@squid-proxy-01 www]# git clone https://github.com/darold/squidanalyzer
Cloning into 'squidanalyzer'...
remote: Enumerating objects: 2064, done.
remote: Total 2064 (delta 0), reused 0 (delta 0), pack-reused 2064
Receiving objects: 100% (2064/2064), 1.44 MiB | 640.00 KiB/s, done.
Resolving deltas: 100% (1309/1309), done.
Compile SquidAnalyzer from source code.
[root@squid-proxy-01 www]# cd squidanalyzer/
[root@squid-proxy-01 squidanalyzer]# perl Makefile.PL
which: no bzcat in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
Checking if your kit is complete...
Looks good
Writing Makefile for SquidAnalyzer
Done...
Now type 'make && make install'
Installing SquidAnalyzer as follows.
[root@squid-proxy-01 squidanalyzer]# make && make install
cp SquidAnalyzer.pm blib/lib/SquidAnalyzer.pm
cp squid-analyzer blib/script/squid-analyzer
/usr/bin/perl -MExtUtils::MY -e 'MY->fixin(shift)' -- blib/script/squid-analyzer
Manifying blib/man3/SquidAnalyzer.3pm
Installing /usr/local/share/perl5/SquidAnalyzer.pm
sh install_all.sh
-----------------------------------------------------------------------------
1. Modify your httpd.conf to allow access to HTML output like follow:
Alias /squidreport /var/www/squidanalyzer
<Directory /var/www/squidanalyzer>
Options -Indexes FollowSymLinks MultiViews
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
2. If necessary, give additional host access to SquidAnalyzer in httpd.conf.
Restart and ensure that httpd is running.
3. Browse to http://my.host.dom/squidreport/ to ensure that things are working
properly.
4. Setup a cronjob to run squid-analyzer daily:
# SquidAnalyzer log reporting daily
0 2 * * * /usr/local/bin/squid-analyzer > /dev/null 2>&1
or run it manually. For more information, see /README file.
-----------------------------------------------------------------------------
Appending installation info to /usr/lib64/perl5/perllocal.pod
Edit Apache configuration to add SquidAnalyzer website.
[root@squid-proxy-01 squidanalyzer]# cd
[root@squid-proxy-01 ~]# vi /etc/httpd/conf.d/squidanalyzer.conf
Add following directives in configuration file.
Alias /squidreport /var/www/squidanalyzer
<Directory /var/www/squidanalyzer>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride None
Order deny,allow
Deny from all
Allow from 192.168.116.0/24
</Directory>
Enable and start httpd.service.
[root@squid-proxy-01 ~]# systemctl enable --now httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
Allow HTTP service in CentOS 7 firewall.
[root@squid-proxy-01 ~]# firewall-cmd --permanent --add-service=http
success
[root@squid-proxy-01 ~]# firewall-cmd --reload
success
By default the log file location, provided in squidanalyzer.conf file is incorrect according to our Linux distro. Therefore, we need to correct it before moving forward.
[root@squid-proxy-01 ~]# grep LogFile /etc/squidanalyzer/squidanalyzer.conf
LogFile /var/log/squid3/access.log
[root@squid-proxy-01 ~]# sed -i 's/squid3/squid/' /etc/squidanalyzer/squidanalyzer.conf
[root@squid-proxy-01 ~]# grep LogFile /etc/squidanalyzer/squidanalyzer.conf
LogFile /var/log/squid/access.log
Configure a Cron job for SquidAnalyzer to generate analytical reports.
[root@squid-proxy-01 ~]# crontab -e
add following lines therein.
# SquidAnalyzer log reporting daily
0 2 * * * /usr/local/bin/squid-analyzer > /dev/null 2>&1
We have to explicitly execute squid-analyzer command one time to generate reports in /var/www/squidanalyzer directory.
[root@squid-proxy-01 ~]# /usr/local/bin/squid-analyzer
Browse URL http://squid-proxy-01.example.com/squidreport in a client's browser.
Configure HTTP Basic Authentication for SquidAnalyzer:
SquidAnalyzer does not provides a native authentication method.
Since the SquidAnalyzer running as a web application, therefore, we can utilize the HTTP basic authentication to restrict the access to SquidAnalyzer website.
Install httpd-tools using yum command.
[root@squid-proxy-01 ~]# yum install -y httpd-tools
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.ges.net.pk
* extras: mirrors.ges.net.pk
* updates: mirrors.ges.net.pk
Package httpd-tools-2.4.6-90.el7.centos.x86_64 already installed and latest version
Nothing to do
Nothing to do! because, we have already installed httpd-tools during installation of Squid proxy server on CentOS 7.
Create a password file for SquidAnalyzer and add squidadmin user therein.
[root@squid-proxy-01 ~]# htpasswd -c /etc/squidanalyzer/passwd squidadmin
New password:
Re-type new password:
Adding password for user squidadmin
Edit Apache configurations to add HTTP basic authentication.
[root@squid-proxy-01 ~]# vi /etc/httpd/conf.d/squidanalyzer.conf
Add HTTP basic authentication for SquidAnalyzer. Final configuration should be look like this.
Alias /squidreport /var/www/squidanalyzer
<Directory /var/www/squidanalyzer>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride None
Order deny,allow
Deny from all
Allow from 192.168.116.0/24
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/squidanalyzer/passwd
Require valid-user
</Directory>
Test Apache configuration files for syntax errors.
[root@squid-proxy-01 ~]# httpd -t
Syntax OK
Restart Apache service to take changes in effect.
[root@squid-proxy-01 ~]# systemctl restart httpd.service
Browse URL http://squid-proxy-01.example.com/squidreport in a client's browser.
Now, it requires user authentication for access to SquidAnalyzer website.
We have successfully installed and configured SquidAnalyzer for Squid log analysis on CentOS 7.
0 Comments