diff --git a/config/rootfiles/packages/sarg b/config/rootfiles/packages/sarg
new file mode 100644
index 000000000..9a0672c78
--- /dev/null
+++ b/config/rootfiles/packages/sarg
@@ -0,0 +1,48 @@
+etc/fcron.daily/sarg-reports
+etc/fcron.hourly/sarg-reports
+etc/fcron.monthly/sarg-reports
+etc/fcron.weekly/sarg-reports
+etc/sarg
+etc/sarg/css.tpl
+etc/sarg/exclude_codes
+etc/sarg/sarg.conf
+#etc/sarg/sarg.conf.default
+etc/sarg/user_limit_block
+usr/bin/sarg
+usr/sbin/update-sarg-reports
+usr/share/locale/bg/LC_MESSAGES/sarg.mo
+usr/share/locale/ca/LC_MESSAGES/sarg.mo
+usr/share/locale/cs/LC_MESSAGES/sarg.mo
+usr/share/locale/da/LC_MESSAGES/sarg.mo
+usr/share/locale/de/LC_MESSAGES/sarg.mo
+usr/share/locale/el/LC_MESSAGES/sarg.mo
+usr/share/locale/es/LC_MESSAGES/sarg.mo
+usr/share/locale/fr/LC_MESSAGES/sarg.mo
+usr/share/locale/hu/LC_MESSAGES/sarg.mo
+usr/share/locale/id/LC_MESSAGES/sarg.mo
+usr/share/locale/it/LC_MESSAGES/sarg.mo
+usr/share/locale/ja/LC_MESSAGES/sarg.mo
+usr/share/locale/lv/LC_MESSAGES/sarg.mo
+usr/share/locale/nl/LC_MESSAGES/sarg.mo
+usr/share/locale/pl/LC_MESSAGES/sarg.mo
+usr/share/locale/pt/LC_MESSAGES/sarg.mo
+usr/share/locale/pt_BR/LC_MESSAGES/sarg.mo
+usr/share/locale/ro/LC_MESSAGES/sarg.mo
+usr/share/locale/ru/LC_MESSAGES/sarg.mo
+usr/share/locale/sk/LC_MESSAGES/sarg.mo
+usr/share/locale/sr/LC_MESSAGES/sarg.mo
+usr/share/locale/tr/LC_MESSAGES/sarg.mo
+usr/share/locale/uk/LC_MESSAGES/sarg.mo
+usr/share/locale/zh_CN/LC_MESSAGES/sarg.mo
+#usr/share/man/man1/sarg.1
+usr/share/sarg
+usr/share/sarg/fonts
+usr/share/sarg/fonts/DejaVuSans.ttf
+usr/share/sarg/fonts/FreeSans.ttf
+usr/share/sarg/fonts/README
+usr/share/sarg/fonts/license
+usr/share/sarg/images
+usr/share/sarg/images/datetime.png
+usr/share/sarg/images/graph.png
+usr/share/sarg/images/sarg-squidguard-block.png
+usr/share/sarg/images/sarg.png
diff --git a/config/sarg/cron.daily b/config/sarg/cron.daily
new file mode 100644
index 000000000..8ae1b1b19
--- /dev/null
+++ b/config/sarg/cron.daily
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+/usr/sbin/update-sarg-reports daily >/dev/null 2>&1
+
+exit 0
diff --git a/config/sarg/cron.hourly b/config/sarg/cron.hourly
new file mode 100644
index 000000000..1e7b5ff30
--- /dev/null
+++ b/config/sarg/cron.hourly
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+/usr/sbin/update-sarg-reports today >/dev/null 2>&1
+
+exit 0
diff --git a/config/sarg/cron.monthly b/config/sarg/cron.monthly
new file mode 100644
index 000000000..07b9efc4e
--- /dev/null
+++ b/config/sarg/cron.monthly
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+/usr/sbin/update-sarg-reports monthly >/dev/null 2>&1
+
+exit 0
diff --git a/config/sarg/cron.weekly b/config/sarg/cron.weekly
new file mode 100644
index 000000000..1f8287c85
--- /dev/null
+++ b/config/sarg/cron.weekly
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+/usr/sbin/update-sarg-reports weekly >/dev/null 2>&1
+
+exit 0
diff --git a/config/sarg/sarg.conf b/config/sarg/sarg.conf
new file mode 100644
index 000000000..0defd9e21
--- /dev/null
+++ b/config/sarg/sarg.conf
@@ -0,0 +1,696 @@
+# sarg.conf
+#
+# TAG: access_log file
+# Where is the access.log file
+# sarg -l file
+#
+access_log /var/log/squid/access.log
+
+# TAG: graphs yes|no
+# Use graphics where is possible.
+# graph_days_bytes_bar_color blue|green|yellow|orange|brown|red
+#
+graphs yes
+graph_days_bytes_bar_color orange
+
+# TAG: graph_font
+# The full path to the TTF font file to use to create the graphs. It is required
+# if graphs is set to yes.
+#
+graph_font /usr/share/sarg/fonts/DejaVuSans.ttf
+
+# TAG: title
+# Especify the title for html page.
+#
+title "Squid User Access Reports"
+
+# TAG: font_face
+# Especify the font for html page.
+#
+font_face Tahoma,Verdana,Arial
+
+# TAG: header_color
+# Especify the header color
+#
+header_color darkblue
+
+# TAG: header_bgcolor
+# Especify the header bgcolor
+#
+header_bgcolor blanchedalmond
+
+# TAG: font_size
+# Especify the text font size
+#
+font_size 12px
+
+# TAG: header_font_size
+# Especify the header font size
+#
+header_font_size 12px
+
+# TAG: title_font_size
+# Especify the title font size
+#
+title_font_size 12px
+
+# TAG: background_color
+# TAG: background_color
+# Html page background color
+#
+# background_color white
+
+# TAG: text_color
+# Html page text color
+#
+text_color #000000
+
+# TAG: text_bgcolor
+# Html page text background color
+#
+text_bgcolor lavender
+
+# TAG: title_color
+# Html page title color
+#
+#title_color green
+
+# TAG: logo_image
+# Html page logo.
+#
+#logo_image none
+
+# TAG: logo_text
+# Html page logo text.
+#
+#logo_text ""
+
+# TAG: logo_text_color
+# Html page logo texti color.
+#
+#logo_text_color #000000
+
+# TAG: logo_image_size
+# Html page logo image size.
+# width height
+#
+#image_size 80 45
+
+# TAG: background_image
+# Html page background image
+#
+#background_image none
+
+# TAG: password
+# User password file used by Squid authentication scheme
+# If used, generate reports just for that users.
+#
+#password none
+
+# TAG: temporary_dir
+# Temporary directory name for work files
+# sarg -w dir
+#
+#temporary_dir /tmp
+
+# TAG: output_dir
+# The reports will be saved in that directory
+# sarg -o dir
+#
+output_dir /srv/web/ipfire/html/sarg
+
+# TAG: output_email
+# Email address to send the reports. If you use this tag, no html reports will be generated.
+# sarg -e email
+#
+#output_email none
+
+# TAG: resolve_ip yes/no
+# Convert ip address to dns name
+# sarg -n
+resolve_ip no
+
+# TAG: user_ip yes/no
+# Use Ip Address instead userid in reports.
+# sarg -p
+#user_ip no
+
+# TAG: topuser_sort_field field normal/reverse
+# Sort field for the Topuser Report.
+# Allowed fields: USER CONNECT BYTES TIME
+#
+#topuser_sort_field BYTES reverse
+
+# TAG: user_sort_field field normal/reverse
+# Sort field for the User Report.
+# Allowed fields: SITE CONNECT BYTES TIME
+#
+#user_sort_field BYTES reverse
+
+# TAG: exclude_users file
+# users within the file will be excluded from reports.
+# you can use indexonly to have only index.html file.
+#
+#exclude_users none
+
+# TAG: exclude_hosts file
+# Hosts, domains or subnets will be excluded from reports.
+#
+# Eg.: 192.168.10.10 - exclude ip address only
+# 192.168.10.0/24 - exclude full C class
+# s1.acme.foo - exclude hostname only
+# *.acme.foo - exclude full domain name
+#
+#exclude_hosts none
+
+# TAG: useragent_log file
+# useragent.log file patch to generate useragent report.
+#
+useragent_log /var/log/squid/user_agent.log
+
+# TAG: date_format
+# Date format in reports: e (European=dd/mm/yy), u (American=mm/dd/yy), w (Weekly=yy.ww)
+#
+date_format e
+
+# TAG: per_user_limit file MB
+# Saves userid on file if download exceed n MB.
+# This option allow you to disable user access if user exceed a download limit.
+#
+#per_user_limit none
+
+# TAG: lastlog n
+# How many reports files must be keept in reports directory.
+# The oldest report file will be automatically removed.
+# 0 - no limit.
+#
+#lastlog 0
+
+# TAG: remove_temp_files yes
+# Remove temporary files: geral, usuarios, top, periodo from root report directory.
+#
+#remove_temp_files yes
+
+# TAG: index yes|no|only
+# Generate the main index.html.
+# only - generate only the main index.html
+#
+#index yes
+
+# TAG: index_tree date|file
+# How to generate the index.
+#
+#index_tree file
+
+# TAG: overwrite_report yes|no
+# yes - if report date already exist then will be overwrited.
+# no - if report date already exist then will be renamed to filename.n, filename.n+1
+#
+overwrite_report yes
+
+# TAG: records_without_userid ignore|ip|everybody
+# What can I do with records without user id (no authentication) in access.log file ?
+#
+# ignore - This record will be ignored.
+# ip - Use ip address instead. (default)
+# everybody - Use "everybody" instead.
+#
+#records_without_userid ip
+
+# TAG: use_comma no|yes
+# Use comma instead point in reports.
+# Eg.: use_comma yes => 23,450,110
+# use_comma no => 23.450.110
+#
+#use_comma no
+
+# TAG: mail_utility
+# Mail command to use to send reports via SMTP. Sarg calls it like this:
+# mail_utility -s "SARG report, date" "output_email" <"mail_content"
+#
+# Therefore, it is possible to add more arguments to the command by specifying them
+# here.
+#
+# If you need too, you can use a shell script to process the content of /dev/stdin
+# (/dev/stdin is the mail_content passed by sarg to the script) and call whatever
+# command you like. It is not limited to mailing the report via SMTP.
+#
+# Don't forget to quote the command if necessary (i.e. if the path contains
+# characters that must be quoted).
+#
+#mail_utility mailx
+
+# TAG: topsites_num n
+# How many sites in topsites report.
+#
+#topsites_num 100
+
+# TAG: topsites_sort_order CONNECT|BYTES A|D
+# Sort for topsites report, where A=Ascendent, D=Descendent
+#
+#topsites_sort_order CONNECT D
+
+# TAG: index_sort_order A/D
+# Sort for index.html, where A=Ascendent, D=Descendent
+#
+#index_sort_order D
+
+# TAG: exclude_codes file
+# Ignore records with these codes. Eg.: NONE/400
+# Write one code per line. Lines starting with a # are ignored.
+# Only codes matching exactly one of the line is rejected. The
+# comparison is not case sensitive.
+#
+#exclude_codes /usr/local/sarg/exclude_codes
+
+# TAG: replace_index string
+# Replace "index.html" in the main index file with this string
+# If null "index.html" is used
+#
+#replace_index
+
+# TAG: max_elapsed milliseconds
+# If elapsed time is recorded in log is greater than max_elapsed use 0 for elapsed time.
+# Use 0 for no checking
+#
+#max_elapsed 28800000
+# 8 Hours
+
+# TAG: report_type type
+# What kind of reports to generate.
+# topusers - users, sites, times, bytes, connects, links to accessed sites, etc
+# topsites - site, connect and bytes report
+# sites_users - users and sites report
+# users_sites - accessed sites by the user report
+# date_time - bytes used per day and hour report
+# denied - denied sites with full URL report
+# auth_failures - autentication failures report
+# site_user_time_date - sites, dates, times and bytes report
+# downloads - downloads per user report
+#
+# Eg.: report_type topsites denied
+#
+report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
+
+# TAG: usertab filename
+# You can change the "userid" or the "ip address" to be a real user name on the reports.
+# If resolve_ip is active, the ip address is resolved before being looked up into this
+# file. That is, if you want to map the ip address, be sure to set resolv_ip to no or
+# the resolved name will be looked into the file instead of the ip address. Note that
+# it can be used to resolve any ip address known to the dns and then map the unresolved
+# ip addresses to a name found in the usertab file.
+# Table syntax:
+# userid name or ip address name
+# Eg:
+# SirIsaac Isaac Newton
+# vinci Leonardo da Vinci
+# 192.168.10.1 Karol Wojtyla
+#
+# Each line must be terminated with '\n'
+# If usertab have value "ldap" (case ignoring), user names
+# will be taken from LDAP server. This method as approaches for reception
+# of usernames from Active Didectory
+#
+#usertab none
+
+# TAG: LDAPHost hostname
+# FQDN or IP address of host with LDAP service or AD DC
+# default is '127.0.0.1'
+#LDAPHost 127.0.0.1
+
+# TAG: LDAPPort port
+# LDAP service port number
+# default is '389'
+#LDAPPort 389
+
+# TAG: LDAPBindDN CN=username,OU=group,DC=mydomain,DC=com
+# DN of LDAP user, who is authorized to read user's names from LDAP base
+# default is empty line
+#LDAPBindDN cn=proxy,dc=mydomain,dc=local
+
+# TAG: LDAPBindPW secret
+# Password of DN, who is authorized to read user's names from LDAP base
+# default is empty line
+#LDAPBindPW secret
+
+# TAG: LDAPBaseSearch OU=users,DC=mydomain,DC=com
+# LDAP search base
+# default is empty line
+#LDAPBaseSearch ou=users,dc=mydomain,dc=local
+
+# TAG: LDAPFilterSearch (uid=%s)
+# User search filter by user's logins in LDAP
+# First founded record will be used
+# %s - will be changed to userlogins from access.log file
+# filter string can have up to 5 '%s' tags
+# default value is '(uid=%s)'
+#LDAPFilterSearch (uid=%s)
+
+# TAG: LDAPTargetAttr attributename
+# Name of the attribute containing a name of the user
+# default value is 'cn'
+#LDAPTargetAttr cn
+
+# TAG: long_url yes|no
+# If yes, the full url is showed in report.
+# If no, only the site will be showed
+#
+# YES option generate very big sort files and reports.
+#
+#long_url no
+
+# TAG: date_time_by bytes|elap
+# Date/Time reports show the downloaded volume or the elapsed time or both.
+#
+#date_time_by bytes
+
+# TAG: charset name
+# ISO 8859 is a full series of 10 standardized multilingual single-byte coded (8bit)
+# graphic character sets for writing in alphabetic languages
+# You can use the following charsets:
+# Latin1 - West European
+# Latin2 - East European
+# Latin3 - South European
+# Latin4 - North European
+# Cyrillic
+# Arabic
+# Greek
+# Hebrew
+# Latin5 - Turkish
+# Latin6
+# Windows-1251
+# Japan
+# Koi8-r
+# UTF-8
+#
+#charset Latin1
+
+# TAG: user_invalid_char "&/"
+# Records that contain invalid characters in userid will be ignored by Sarg.
+#
+#user_invalid_char "&/"
+
+# TAG: privacy yes|no
+# privacy_string "***.***.***.***"
+# privacy_string_color blue
+# In some countries the sysadm cannot see the visited sites by a restrictive law.
+# Using privacy yes the visited url will be changes by privacy_string and the link
+# will be removed from reports.
+#
+#privacy no
+#privacy_string "***.***.***.***"
+#privacy_string_color blue
+
+# TAG: include_users "user1:user2:...:usern"
+# Reports will be generated only for listed users.
+#
+#include_users none
+
+# TAG: exclude_string "string1:string2:...:stringn"
+# Records from access.log file that contain one of listed strings will be ignored.
+#
+#exclude_string none
+
+# TAG: show_successful_message yes|no
+# Shows "Successful report generated on dir" at end of process.
+#
+#show_successful_message yes
+
+# TAG: show_read_statistics yes|no
+# Shows some reading statistics.
+#
+show_read_statistics yes
+
+# TAG: topuser_fields
+# Which fields must be in Topuser report.
+#
+#topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
+
+# TAG: user_report_fields
+# Which fields must be in User report.
+#
+#user_report_fields CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
+
+# TAG: bytes_in_sites_users_report yes|no
+# Bytes field must be in Site & Users Report ?
+#
+#bytes_in_sites_users_report no
+
+# TAG: topuser_num n
+# How many users in topsites report. 0 = no limit
+#
+#topuser_num 0
+
+# TAG: datafile file
+# Save the report results in a file to populate some database
+#
+#datafile none
+
+# TAG: datafile_delimiter ";"
+# ascii character to use as a field separator in datafile
+#
+#datafile_delimiter ";"
+
+# TAG: datafile_fields all
+# Which data fields must be in datafile
+# user;date;time;url;connect;bytes;in_cache;out_cache;elapsed
+#
+#datafile_fields user;date;time;url;connect;bytes;in_cache;out_cache;elapsed
+
+# TAG: datafile_url ip|name
+# Saves the URL as ip or name in datafile
+#
+#datafile_url ip
+
+# TAG: weekdays
+# The weekdays to take into account ( Sunday->0, Saturday->6 )
+# Example:
+#weekdays 1-3,5
+# Default:
+#weekdays 0-6
+
+# TAG: hours
+# The hours to take into account
+# Example:
+#hours 7-12,14,16,18-20
+# Default:
+#hours 0-23
+
+# TAG: dansguardian_conf file
+# DansGuardian.conf file path
+# Generate reports from DansGuardian logs.
+# Use 'none' to disable it.
+# dansguardian_conf /usr/dansguardian/dansguardian.conf
+#
+#dansguardian_conf none
+
+# TAG: dansguardian_filter_out_date on|off
+# This option replaces dansguardian_ignore_date whose name was not appropriate with respect to its action.
+# Note the change of parameter value compared with the old option.
+# 'off' use the record even if its date is outside of the range found in the input log file.
+# 'on' use the record only if its date is in the range found in the input log file.
+#
+#dansguardian_filter_out_date on
+
+# TAG: squidguard_conf file
+# path to squidGuard.conf file
+# Generate reports from SquidGuard logs.
+# Use 'none' to disable.
+# You can use sarg -L filename to use an alternate squidGuard log.
+# squidguard_conf /usr/local/squidGuard/squidGuard.conf
+#
+#squidguard_conf none
+
+# TAG: redirector_log file
+# the location of the web proxy redirector log such as one created by squidGuard or Rejik. The option
+# may be repeated up to 64 times to read multiple files.
+# If this option is specified, it takes precedence over squidguard_conf.
+# The command line option -L override this option.
+#
+#redirector_log /usr/local/squidGuard/var/logs/urls.log
+
+# TAG: redirector_filter_out_date on|off
+# This option replaces squidguard_ignore_date and redirector_ignore_date whose names were not
+# appropriate with respect to their action.
+# Note the change of parameter value compared with the old options.
+# 'off' use the record even if its date is outside of the range found in the input log file.
+# 'on' use the record only if its date is in the range found in the input log file.
+#
+#redirector_filter_out_date on
+
+# TAG: redirector_log_format
+# Format string for web proxy redirector logs.
+# This option was named squidguard_log_format before sarg 2.3.
+# REJIK #year#-#mon#-#day# #hour# #list#:#tmp# #ip# #user# #tmp#/#tmp#/#url#/#end#
+# SQUIDGUARD #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#
+#redirector_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#
+
+# TAG: show_sarg_info yes|no
+# shows sarg information and site path on each report bottom
+#
+#show_sarg_info yes
+
+# TAG: show_sarg_logo yes|no
+# shows sarg logo
+#
+#show_sarg_logo yes
+
+# TAG: parsed_output_log directory
+# Saves the processed log in a sarg format after parsing the squid log file.
+# This is a way to dump all of the data structures out, after parsing from
+# the logs (presumably this data will be much smaller than the log files themselves),
+# and pull them back in for later processing and merging with data from previous logs.
+#
+#parsed_output_log none
+
+# TAG: parsed_output_log_compress /bin/gzip|/usr/bin/bzip2|nocompress
+# Command to run to compress sarg parsed output log. It may contain
+# options (such as -f to overwrite existing target file). The name of
+# the file to compresse is provided at the end of this
+# command line. Don't forget to quote things appropriately.
+#
+#parsed_output_log_compress /bin/gzip
+
+# TAG: displayed_values bytes|abbreviation
+# how the values will be displayed in reports.
+# eg. bytes - 209.526
+# abbreviation - 210K
+#
+#displayed_values bytes
+
+# Report limits
+# TAG: authfail_report_limit n
+# TAG: denied_report_limit n
+# TAG: siteusers_report_limit n
+# TAG: squidguard_report_limit n
+# TAG: user_report_limit n
+# TAG: dansguardian_report_limit n
+# TAG: download_report_limit n
+# report limits (lines).
+# '0' no limit
+#
+#authfail_report_limit 10
+#denied_report_limit 10
+#siteusers_report_limit 0
+#squidguard_report_limit 10
+#dansguardian_report_limit 10
+#user_report_limit 10
+#user_report_limit 50
+
+# TAG: www_document_root dir
+# Where is your Web DocumentRoot
+# Sarg will create sarg-php directory with some PHP modules:
+# - sarg-squidguard-block.php - add urls from user reports to squidGuard DB
+#
+#www_document_root /var/www/html
+
+# TAG: block_it module_url
+# This tag allow you to pass urls from user reports to a cgi or php module,
+# to be blocked by some Squid acl
+#
+# Eg.: block_it /sarg-php/sarg-block-it.php
+# sarg-block-it is a php that will append a url to a flat file.
+# You must change /var/www/html/sarg-php/sarg-block-it to point to your file
+# in $filename variable, and chown to a httpd owner.
+#
+# sarg will pass http://module_url?url=url
+#
+#block_it none
+
+# TAG: external_css_file path
+# Provide the path to an external css file to link into the HTML reports instead of
+# the inline css written by sarg when this option is not set.
+#
+# In versions prior to 2.3, this used to be an absolute file name to
+# a file to include verbatim in each HTML page but, as it takes a lot of
+# space, version 2.3 switched to a link to an external css file.
+# Therefore, this option must contain the HTTP server path on which a client
+# browser may find the css file.
+#
+# Sarg use theses style classes:
+# .logo logo class
+# .info sarg information class, align=center
+# .title_c title class, align=center
+# .header_c header class, align:center
+# .header_l header class, align:left
+# .header_r header class, align:right
+# .text text class, align:right
+# .data table text class, align:right
+# .data2 table text class, align:left
+# .data3 table text class, align:center
+# .link link class
+#
+# Sarg can be instructed to output the internal css it inline
+# into the reports with this command:
+#
+# sarg --css
+#
+# You can redirect the output to a file of your choice and edit
+# it to your liking.
+#
+#external_css_file none
+
+# TAG: user_authentication yes|no
+# Allow user authentication in User Reports using .htaccess
+# Parameters:
+# AuthUserTemplateFile - The template to use to create the
+# .htaccess file. In the template, %u is replaced by the
+# user's ID for which the report is generated. The path of the
+# template is relative to the directory containing sarg
+# configuration file.
+#
+# user_authentication no
+# AuthUserTemplateFile sarg_htaccess
+
+# TAG: download_suffix "suffix,suffix,...,suffix"
+# file suffix to be considered as "download" in Download report.
+# Use 'none' to disable.
+#
+download_suffix "zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,mp3,avi,mpg,mpeg"
+
+# TAG: ulimit n
+# The maximum number of open file descriptors to avoid "Too many open files" error message.
+# You need to run sarg as root to use ulimit tag.
+# If you run sarg with a low privilege user, set to 'none' to disable ulimit
+#
+#ulimit 20000
+
+# TAG: ntlm_user_format username|domainname+username
+# NTLM users format.
+#
+#ntlm_user_format domainname+username
+
+# TAG: realtime_refresh_time num sec
+# How many time to auto refresh the realtime report
+# 0 = disable
+#
+# realtime_refresh_time 3
+
+# TAG: realtime_access_log_lines num
+# How many last lines to get from access.log file
+#
+# realtime_access_log_lines 1000
+
+# TAG: realtime_types: GET,PUT,CONNECT,ICP_QUERY,POST
+# Which records must be in realtime report.
+#
+# realtime_types GET,PUT,CONNECT
+
+# TAG: realtime_unauthenticated_records: ignore|show
+# What to do with unauthenticated records in realtime report.
+#
+# realtime_unauthenticated_records: show
+
+# TAG: byte_cost value no_cost_limit
+# Cost per byte.
+# Eg. byte_cost 0.01 100000000
+# per byte cost = 0.01
+# bytes with no cost = 100 Mb
+# 0 = disable
+#
+# byte_cost 0.01 50000000
+
+# TAG: squid24 on|off
+# Compatilibity with squid version <= 2.4 when using emulate_http_log on
+#
+# squid24 off
diff --git a/config/sarg/update-sarg-reports b/config/sarg/update-sarg-reports
new file mode 100644
index 000000000..84a7052bc
--- /dev/null
+++ b/config/sarg/update-sarg-reports
@@ -0,0 +1,181 @@
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - An Open Source Firewall Solution #
+# Copyright (C) 2012 Michael Tremer #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see . #
+# #
+###############################################################################
+
+export LC_ALL=C
+
+SARG_CONFIG="/etc/sarg/sarg.conf"
+SQUID_LOG="/var/log/squid/access.log"
+REPORTS_PATH="/var/log/sarg"
+
+function date_calc() {
+ local when
+ local range="false"
+
+ case "${1}" in
+ month)
+ when="1 month ago"
+ range="true"
+ ;;
+ week)
+ when="1 week ago"
+ ;;
+ yesterday)
+ when="1 day ago"
+ ;;
+ today)
+ when="today"
+ ;;
+ *)
+ return 1
+ ;;
+ esac
+
+ if [ "${range}" = "true" ]; then
+ echo "$(date --date "${when}" +01/%m/%Y)-$(date --date "${when}" +31/%m/%Y)"
+ else
+ date --date "${when}" +%d/%m/%Y
+ fi
+
+ return 0
+}
+
+function compile_report() {
+ local interval=${1}
+
+ local date
+ case "${interval}" in
+ today)
+ date=$(date_calc today)
+ ;;
+ daily)
+ date=$(date_calc yesterday)
+ ;;
+ weekly)
+ date="$(date_calc week)-$(date_calc yesterday)"
+ ;;
+ monthly)
+ date="$(date_calc month)"
+ ;;
+ esac
+ [ -n "${date}" ] || return 1
+
+ # Determine max. number of archived log files to search.
+ local max_logs
+ case "${interval}" in
+ today|daily)
+ max_logs=3
+ ;;
+ weekly)
+ max_logs=14
+ ;;
+ monthly)
+ max_logs=40
+ ;;
+ esac
+
+ # Create reports_path, if not exists.
+ local reports_path="${REPORTS_PATH}/${interval}"
+ mkdir -p ${reports_path}
+
+ # Run SARG.
+ get_logs ${max_logs} | sarg -f ${SARG_CONFIG} -l - -d ${date} -o ${reports_path}
+}
+
+function get_logs() {
+ local max=${1}
+
+ if [ -z "${max}" ]; then
+ max=10000
+ fi
+
+ local idx=0
+ while [ ${idx} -le ${max} ]; do
+ file=$(search_log_file ${idx})
+
+ # If no log file could be opened, we are done.
+ [ -z "${file}" ] && break
+
+ case "${file}" in
+ # Logs in plain text.
+ *.log)
+ cat ${file}
+ ;;
+
+ # GZip compressed log files.
+ *.gz)
+ gzip -d < ${file}
+ ;;
+
+ # XZ compressed log files.
+ *.xz)
+ xz -d < ${file}
+ ;;
+
+ # Unhandled stuff.
+ *)
+ echo "Unhandled file type: ${file}" >&2
+ ;;
+ esac
+
+ idx=$(( ${idx} + 1 ))
+ done
+
+ return 0
+}
+
+function search_log_file() {
+ local idx=${1}
+
+ if [ "${idx}" = "0" ] && [ -e "${SQUID_LOG}" ]; then
+ echo "${SQUID_LOG}"
+ return 0
+ fi
+
+ local algo
+ for algo in gz xz; do
+ file="${SQUID_LOG}.${idx}.${algo}"
+
+ if [ -e "${file}" ]; then
+ echo "${file}"
+ return 0
+ fi
+ done
+
+ return 1
+}
+
+# Main.
+
+case "${1}" in
+ today|daily|weekly|monthly)
+ compile_report ${1}
+ ;;
+ *)
+ echo "${0} - Squid proxy reports creation tool"
+ echo
+ echo "Usage: ${0} [interval]"
+ echo " interval: today, daily, weekly, monthly"
+ echo
+ exit 0
+ ;;
+esac
+
+exit 0
diff --git a/lfs/sarg b/lfs/sarg
new file mode 100644
index 000000000..c8794fe7e
--- /dev/null
+++ b/lfs/sarg
@@ -0,0 +1,100 @@
+###############################################################################
+# #
+# IPFire.org - An Open Source Firewall Solution #
+# Copyright (C) 2012 Michael Tremer #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see . #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 2.3.3
+
+THISAPP = sarg-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+PROG = sarg
+PAK_VER = 1
+
+DEPS = ""
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 09dba9a960d500acd7f17802de62512c
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr \
+ --sysconfdir=/etc/sarg
+ cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+ cd $(DIR_APP) && make $(EXTRA_INSTALL) install
+
+ # Install configuration file.
+ cp -v $(DIR_SRC)/config/sarg/sarg.conf /etc/sarg/sarg.conf
+
+ # Install helper script.
+ install -m 755 $(DIR_SRC)/config/sarg/update-sarg-reports \
+ /usr/sbin/update-sarg-reports
+
+ # Install cron job.
+ for i in hourly daily weekly monthly; do \
+ install -m 754 -v $(DIR_SRC)/config/sarg/cron.$${i} \
+ /etc/fcron.$${i}/sarg-reports; \
+ done
+
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/make.sh b/make.sh
index 5d142ef1d..1165c092a 100755
--- a/make.sh
+++ b/make.sh
@@ -774,6 +774,7 @@ buildipfire() {
ipfiremake telnet
ipfiremake stress
ipfiremake libstatgrab
+ ipfiremake sarg
echo Build on $HOSTNAME > $BASEDIR/build/var/ipfire/firebuild
cat /proc/version >> $BASEDIR/build/var/ipfire/firebuild
echo >> $BASEDIR/build/var/ipfire/firebuild
diff --git a/src/paks/sarg/install.sh b/src/paks/sarg/install.sh
new file mode 100644
index 000000000..72406d964
--- /dev/null
+++ b/src/paks/sarg/install.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 2 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2007 IPFire-Team . #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+extract_files
+restore_backup ${NAME}
+
+# Create data directory.
+[ -d "/var/log/sarg" ] || mkdir /var/log/sarg
diff --git a/src/paks/sarg/uninstall.sh b/src/paks/sarg/uninstall.sh
new file mode 100644
index 000000000..66f4344eb
--- /dev/null
+++ b/src/paks/sarg/uninstall.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 2 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2007 IPFire-Team . #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+make_backup ${NAME}
+remove_files
diff --git a/src/paks/sarg/update.sh b/src/paks/sarg/update.sh
new file mode 100644
index 000000000..89c40d0d7
--- /dev/null
+++ b/src/paks/sarg/update.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 2 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2007 IPFire-Team . #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+./uninstall.sh
+./install.sh