smeserver-dansguardian-stats provides a web statistics interface to the results of the content filtering provided by Dansguardian. I will on the statistics page present:
- Pages Scanned, Allowed, Blocked and Infected pages and the amount of data scanned (Bytes)
- Top 10 Visited sites
- Top 10 Blocked Sites
- Top 10 Malware/Virus Blocked content (requires ClamAV enabled)
- Top 10 Blocked Categories as reported by Dansguardian
Its a prerequisite that dansguardian and the smeserver-dansguardian contribs have been installed. See http://wiki.contribs.org/Dansguardian for install details.
yum install --enablerepo=smecontribs smeserver-dansguardian smeserver-dansguardian-stats signal-event dansguardian-save
When installed, the web interface is is accessible form ( you need to wait for cron script to run):
yum upgrade --enablerepo=smecontribs smeserver-dansguardian smeserver-dansguardian-stats signal-event dansguardian-save
You can simply remove the package again with the usual yum command.
yum remove smeserver-dansguardian-stats
Dansguardian Log file Format
The package requires that the logfileformat for dansguardian is set to format 4 (in /etc/dansguardian/dansguardian.conf). You have to edit the file. If you have smeserver-dansguardian-panel installed, you can set this in the server-manager.
# Log File Format # 1 = DansGuardian format (space delimited) # 2 = CSV-style format # 3 = Squid Log File Format # 4 = Tab delimited logfileformat = 4
If you ran with a different logfileformat before then, delete the old log file, change the configuration and restart dansguardian.
/etc/init.d/dansguardian stop rm /var/log/dansguardian/access.log /etc/init.d/dansguardian start
Dansguardian Anti-virus filtering
For the scanned and infected graph to display you will have to activate dansguardian clamscan plugin, see https://wiki.contribs.org/Dansguardian#ClamAV_support
Unofficial ClamAV signatures
I would also recommend to install the script that downloads all the unofficial ClamAV signatures as these detects not only virus but equally importantly various kinds of malware and spam.
Follow the guide on Virus:Additional Signatures to do that.
config setprop dansguardian \
- webstats <YES|NO> # by default (YES), gather and display webstat
- localonly <YES|NO> # by default (YES), only be seen from the local network (IP ranges defined in Local Network in the server-manager) , set to NO to see from outside
- statsclient <disabled|enabled> # default is enabled. See Dansguardian-stats#External Statistics
signal event dansguardian-save
An additional feature of the Dansguardian statistics is to send the collected statistics to a central statistics central at http://central.swerts-knudsen.dk. The gathering of data is not stressful for the server and the data sent is not sensitive (well in my opinion) and consists of:
- Amount of pages scanned
- Top 10 names of virus/malware infected content (names from ClamAV)
- Top 10 names of Blocked domains and their Dansguardian categories (Proxies, Pornography, etc.)
- The version of SME server used (7.x)
- Public IP address of server (used to plot in Google Maps on central.swerts-knudsen.com)
Should you want to disable this functionality then this can obviously be done:
/sbin/e-smith/db configuration setprop dansguardian statsclient <disabled|enabled>
This contrib has been created in the bugtracker so just raise a bug by following this link . Please make sure to be ready to provide your dansguardian log file (/var/log/dansguardian/access.log)
Only versions released in smecontrib are listed here.