pfSense: SARG Reports (v2.2.6 Update)

This post follows on from my (surprisingly popular) article “pfSense: SARG Reports Not Showing

After an update to v2.2.6-RELEASE I had re-inherited the same

Error: Could not find report index file.
Check and save sarg settings and try to force sarg schedule.


On jumping onto the firewall via SSH, it appears that, at some point the sarg-reports directory under /usr/pbi/sarg-amd64/local/ had been turned into a symbolic link (this may have happened via the reinstallation of packages following the update).

As such, any attempts to link /usr/local/sarg-reports to /usr/pbi/sarg-amd64/local/sarg-reports would result in;

/usr/local/sarg-reports: Too many levels of symbolic links.

The way I have solved this is to remove the symbolic link

rm -rf /usr/pbi/sarg-amd64/local/sarg-reports

then, from the web interface, force a scheduled report. This should recreate the /usr/pbi/sarg-amd64/local/sarg-reports directory and put the report plus an index.html into it.

If this doesn’t work, you can safely remove the SARG package from the pfSense package manager ({System} > {Packages} > [Installed Packages] Tab > ‘Remove Sarg Package’ (the ‘X’ next to the package)), then confirm that any remnant directories are removed;

rm -rf /usr/pbi/sarg-amd64/local/sarg-reports
rm -rf /usr/local/sarg-reports

As the user access data is stored in the Squid log directory /var/squid/logs by default, your history will still be stored (though the reports will need to be recreated).

Once these directories are deleted, reinstall the SARG package ({System} > {Packages} > [Available Packages] Tab > ‘Sarg’)

Then, we simply run the original symbolic link hack;

rm -r /usr/local/sarg-reports
ln -s /usr/pbi/sarg-amd64/local/sarg-reports /usr/local/sarg-reports

..and check the [Status} > [SARG Reports] > [View Report] to confirm that the report is displayed. You can force the creation of a report via

sarg -d day-1 /var/squid/logs/access.log*

Hopefully, this will get you running again, at which point you may wish to Recreate you historical Sarg reports.


One response to “pfSense: SARG Reports (v2.2.6 Update)”

  1. […] Edit: 02/01/2016 – After an update to v2.2.6-RELEASE I had re-inherited the same error, this time however, it was caused by symbolic link weirdness – See the fix here. […]