[TriLUG] web traffic capturing software
cgbullock at yahoo.com
Mon May 11 15:54:41 EDT 2009
Big problem I see with using the logs in OBSD is that it only give the IP address, or nasty DNS name like 'ev1s-209-85-66-221.theplanet.com'
--- On Mon, 5/11/09, John Broome <jbroome at gmail.com> wrote:
> From: John Broome <jbroome at gmail.com>
> Subject: Re: [TriLUG] web traffic capturing software
> To: "Triangle Linux Users Group General Discussion" <trilug at trilug.org>
> Date: Monday, May 11, 2009, 8:39 AM
> Chris Bullock wrote:
> > We need a solution to be able to track a users
> Internet use. We currently use OpenBSD firewalls and
> Windows on the desktop.
> > We recently had a call from a customer that had been
> notified that her credit had been attempted to be used and
> that the only person she had given the number to was an
> employee of ours. when looking in the pf logs it
> appears that our logs rotate every hour and we only keep 4
> rotated logs.
> > We need a solution that we can "easily" search for a
> website or computer and be able to get a report of computers
> that have accessed that web site or be able to get a list of
> web sites that a specific computer has accessed. I
> know squid is out there but do not know any of the specifics
> of the software.
> > Regards,
> > chris
> Could you tweak logrotate to keep more logs, or rsync them
> off to
> another box before they rotate out?
> I used tinyproxy at another client for whitelisting web
> sites for some
> machines (on OBSD, whoo!).
> I'm sure you could transparently proxy your users through
> that, without
> any filtering to get your traffic logs per user.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
More information about the TriLUG