[TriLUG] Web Usage Tracking...
Christopher Knowles
trilug@trilug.org
Thu, 27 Sep 2001 20:29:23 -0400
On Thursday 27 September 2001 06:24 pm, you wrote:
> > You could set ipchains to log all outgoing packets destined for ports
> > 80, 443, and 8008. This would give you basic traffic analysis. Not
> > perfect or elegant, but it's quick and easy.
>
> Heck, go ahead and log everything, but make sure you put in a scsi disk
> sub-system for the firewall or your performance is going to take a hit.
>
> I have a couple of firewalls based on RH6.2 and they work great for logging
> and I can even tell in real time what is going on:
> netstat -Mn |grep 80
> tells me who is using the web and for what. I have cron jobs pull the top
> 10's out of my logs nightly and then flush the logs after seven days.
<SNIP>
OK, can you give me an example of the cron job you use for that? (I assume
the logs to which you refer are the packet logs...)
CJK