Dansguardian-stats

From SME Server
Jump to navigation Jump to search

Maintainer

This contrib has been developed by Jesper Knudsen from SME Optimizer

Description

smeserver-dansguardian-stats provides a web statistics interface to the results of the content filtering provided by Dansguardian. I will on the statistics page present:

  • Pages Scanned, Allowed, Blocked and Infected pages and the amount of data scanned (Bytes)
  • Top 10 Visited sites
  • Top 10 Blocked Sites
  • Top 10 Malware/Virus Blocked content (requires ClamAV enabled)
  • Top 10 Blocked Categories as reported by Dansguardian

Its a prerequisite that dansguardian and the smeserver-dansguardian contribs have been installed. See http://wiki.contribs.org/Dansguardian for install details.

 

Installation

in according with the bugzilla:7620 this package is moving to smeContribs repo for SME8 and thus the installation method changes.

yum install --enablerepo=smecontribs smeserver-dansguardian smeserver-dansguardian-stats

Upgrade

yum upgrade --enablerepo=smecontribs smeserver-dansguardian smeserver-dansguardian-stats


Uninstall

You can simply remove the package again with the usual yum command.

yum remove smeserver-dansguardian-stats

Configuration

The package requires that the logfileformat for dansguardian is set to format 4 (in /etc/dansguardian/dansguardian.conf).

# Log File Format
# 1 = DansGuardian format (space delimited)
# 2 = CSV-style format
# 3 = Squid Log File Format
# 4 = Tab delimited
logfileformat = 4

If you ran with a different logfileformat before then, delete the old log file, change the configuration and restart dansguardian.

/etc/init.d/dansguardian stop
rm /var/log/dansguardian/access.log
/etc/init.d/dansguardian start

When installed, the web interface is is accessible form:

http://your.domain.com/dansguardian

This dansguardian statistics web page can, by default, only be seen from the local network (IP ranges defined in Local Network in the server-manager) but if you want this to be accessible from remote networks (public access) this can be done via (default: yes):

/sbin/e-smith/db configuration setprop dansguardian LocalOnly <no|yes>
expand-template /etc/httpd/conf/httpd.conf
/etc/rc.d/init.d/httpd-e-smith restart

Unofficial ClamAV signatures

I would also recommend to install the script that downloads all the unofficial ClamAV signatures as these detects not only virus but equally importantly various kinds of malware and spam.

Follow the guide on Virus:Additional Signatures to do that.

Statistics

An additional feature of the Dansguardian statistics is to send the collected statistics to a central statistics central at http://central.swerts-knudsen.dk. The gathering of data is not stressful for the server and the data sent is not sensitive (well in my opinion) and consists of:

  • Amount of pages scanned
  • Top 10 names of virus/malware infected content (names from ClamAV)
  • Top 10 names of Blocked domains and their Dansguardian categories (Proxies, Pornography, etc.)
  • The version of SME server used (7.x)
  • Public IP address of server (used to plot in Google Maps on central.swerts-knudsen.com)

Should you want to disable this functionality then this can obviously be done:

/sbin/e-smith/db configuration setprop dansguardian statsclient <disabled|enabled>

How do I report a problem or a suggestion?

This contrib has been created in the bugtracker so just raise a bug by following this link . Please make sure to be ready to provide your dansguardian log file (/var/log/dansguardian/access.log)