Dansguardian-stats

From SME Server
Revision as of 17:59, 9 May 2009 by Knuddi (talk | contribs)
Jump to navigation Jump to search


Maintainer

This contrib has been developed by Jesper Knudsen

Description

smeserver-dansguardian-stats provides a web statistics interface to the results of the content filtering provided by Dansguardian. I will on the statistics page present:

  • Pages Scanned, Allowed, Blocked and Infected pages and the amount of data scanned (Bytes)
  • Top 10 Visited sites
  • Top 10 Blocked Sites
  • Top 10 Malware/Virus Blocked content (requires ClamAV enabled)
  • Top 10 Blocked Categories as reported by Dansguardian

Its a prerequisite that dansguardian and the smeserver-dansguardian contribs have been installed. See http://wiki.contribs.org/Dansguardian for install details.

 

Installation

wget http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs/swerts-knudsen/SME7/Dansguardian-stats/smeserver-dansguardian-stats-1.0.2-1.noarch.rpm
yum localinstall smeserver-dansguardian-stats-1.0.2-1.noarch.rpm

De-installation or de-activation

You can simply remove the package again with the usual rpm command.

rpm –e smeserver-dansguardian-stats-1.0.2-1

or disable the functionality with (default: yes):

/sbin/e-smith/db configuration setprop dansguardian webstats no 

Configuration

The package requires that the logfileformat for dansguardian is set to format 4 (in /etc/dansguardian/dansguardian.conf).

# Log File Format
# 1 = DansGuardian format (space delimited)
# 2 = CSV-style format
# 3 = Squid Log File Format
# 4 = Tab delimited
logfileformat = 4

If you ran with a different logfileformat before then, delete the old log file, change the configuration and restart dansguardian.

/etc/init.d/dansguardian stop
rm /var/log/dansguardian/access.log
/etc/init.d/dansguardian start

When installed, the web interface is is accessible form:

http://your.domain.com/dansguardian

This dansguardian statistics web page can, by default, only be seen from the local network (IP ranges defined in Local Network in the server-manager) but if you want this to be accessible from remote networks (public access) this can be done via (default: yes):

/sbin/e-smith/db configuration setprop dansguardian LocalOnly <no|yes>
expand-template /etc/httpd/conf/httpd.conf
/etc/rc.d/init.d/httpd-e-smith restart

Unofficial ClamAV signatures

I would also recommend to install the script that downloads all the unofficial ClamAV signatures as these detects not only virus but equally importantly various kinds of malware and spam.

Follow the guide on http://wiki.contribs.org/Email#Anti_Virus to do that.

Statistics

An additional feature of the Dansguardian statistics is to send the collected statistics to a central statistics central at http://central.swerts-knudsen.dk. The gathering of data is not stressful for the server and the data sent is not sensitive (well in my opinion) and consists of:

  • Amount of pages scanned
  • Top 10 names of virus/malware infected content (names from ClamAV)
  • Top 10 names of Blocked domains and their Dansguardian categories (Proxies, Pornography, etc.)
  • The version of SME server used (7.x)
  • Public IP address of server (used to plot in Google Maps on central.swerts-knudsen.com)

Should you want to disable this functionality then this can obviously be done:

/sbin/e-smith/db configuration setprop dansguardian statsclient <disabled|enabled>

How do I report a problem or a suggestion?

This contrib has not yet been created in the bugtracker so just send an email to mailto:contribs@swerts-knudsen.dk. Please make sure to be ready to provide your dansguardian log file (/var/log/dansguardian/access.log)