Sarg report error
- by amyassin
I have a proxy server that runs Ubuntu Server 11.10, Squid 2.7.STABLE9. I installed sarg (version 2.3.1 Sep-18-2010) to generate reports using the ordinary apt-get install, and added a cron job to generate a report of the day every 5 minutes (that will overwrite the 5-minutes-older one):
*/5 * * * * /root/proxy_report.sh
And the content of /root/proxy_report.sh is:
#!/bin/bash
/usr/bin/sarg -nd `date +"%d/%m/%Y"` > /dev/null 2>&1
And I added another cron job to generate a full report every hour at :32 (not to collide with the 5 minutes job):
*/32 * * * * /root/proxy_report_full.sh
And the content of /root/proxy_report_full.sh is :
#!/bin/bash
/usr/bin/sarg -n > /dev/null 2>&1
And I added a small script to remove the yesterday full report (the full report that ends in yesterday that won't be overwritten by the new today full report) in /etc/rc.local to run at startup:
/usr/bin/rm_yesterday.sh &>> /var/log/rm_yesterday
Where /usr/bin/rm_yesterday.sh:
#!/bin/bash
find /var/www/sarg/ | grep `date -d Apr1 +"%Y%b%d"`-* | grep -v `date +"%Y%b%d"` | xargs rm -rf
* Apr1 is the starting date of the proxy...
** I've placed it in /usr/bin to be mounted early at startup...
That arrangement went OK for about a month and a half, except for one time I noticed some errors and reports wasn't generated, and fixed that by making an offset (the two minutes in 32 of the second cron job). However, it then started not to generate reports anymore. By manually trying to generate it it gives the following error:
root@proxy-server:~# sarg -n
SARG: getword_atoll loop detected after 3 bytes.
SARG: Line="154 192.168.10.40 TCP_MISS/200 39 CONNECT www.google.com"
SARG: Record="154 192.168.10.40 TCP_MISS/200 39 CONNECT www.google.com"
SARG: searching for 'x2f'
SARG: getword backtrace:
SARG: 1:sarg() [0x8050a4a]
SARG: 2:sarg() [0x8050c8b]
SARG: 3:sarg() [0x804fc2e]
SARG: 4:/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf3) [0x129113]
SARG: 5:sarg() [0x80501c9]
SARG: Maybe you have a broken date in your /var/log/squid/access.log file
When I looked to /var/log/squid/ folder, I noticed that it contains some rotated logs:
root@proxy-server:~# ls /var/log/squid/
access.log access.log.1 cache.log cache.log.1 store.log store.log.1
So maybe sarg installed logrotate with it? Or it comes with the standard Ubuntu? I don't remember I installed it manuallly.
The question is: What could've gone wrong? Does it have something to do with rotating the log? How can I trace the error and start generating reports again?