[TriLUG] Web Usage Tracking...

Jon Carnes jonc at nc.rr.com
Thu Sep 27 18:24:32 EDT 2001


> You could set ipchains to log all outgoing packets destined for ports
> 80, 443, and 8008.  This would give you basic traffic analysis.  Not
> perfect or elegant, but it's quick and easy.

Heck, go ahead and log everything, but make sure you put in a scsi disk
sub-system for the firewall or your performance is going to take a hit.

I have a couple of firewalls based on RH6.2 and they work great for logging
and I can even tell in real time what is going on:
  netstat -Mn |grep 80
tells me who is using the web and for what.  I have cron jobs pull the top
10's out of my logs nightly and then flush the logs after seven days.

Another good command to run is:
  netstat -Mn |grep 80 | cut -c15- | sort
This lets you see who all the web pigs are.  You will be amazed at how many
port 80 sessions one person can run on their machine.

Right away, you'll be able to peg the folks who are using "instant
messager", they will have one session on port 80 for every person in their
discussion list.  What a poorly designed app.

Jon

> Christopher Knowles wrote:
> >
> > Once again, I turn to your expertise.
> >
> > I need to be able to track the web activities of our people.  We already
have
> > a Linux firewall, and thinking that that is a natural choke point, I
thought
> > it would be handy if said software could run on it.  Do I have any
choices?
> >
> > What I'd like to do.
> >
> > I'd like to be able to give a report to a manager of things that users
in his
> > department are doing.  (by IP address is, of course, acceptable.)
> >
> > if possible I'd also like real time monitoring capabilities, though this
is
> > just a wish.
> >
> > I've seen some Windows products that do this sort of thing, but if I
enter
> > web and track in the same search box on freshmeat and the like, I keep
> > getting web log analyzers, and this is NOT what I want.
> >
> > As always, thank you for pondering my silly questions.
> >
> > CJK





More information about the TriLUG mailing list