Internet tracking options
Felipe Alfaro Solana
lkml at mac.com
Mon Mar 28 22:54:10 UTC 2005
On 28 Mar 2005, at 19:01, Scot L. Harris wrote:
> On Mon, 2005-03-28 at 11:50, Mark Haney wrote:
>
>> On Mon, 2005-03-28 at 11:45, Mark Haney wrote:
>>
>>> Well after a small hiatus, I am back on the list again. It's good to
>>> finally think about something other than Windows. Here's my question
>>> to the list. What options are there to track Users internet usage in
>>> Linux? Not just bandwidth, which isn't an issue, but what sites are
>>> visited etc? I know squid does this, but the log files are a pain to
>>> go through. Are there any other apps out there that I can test?
>>
>> Why not write a script to parse the squid log files for you?
>>
>> I suppose I could, however, my intention is to look at alternatives
>> for
>> those times when squid isn't used. I guess I should have mentioned
>> that
>> earlier.
>
> Without using a proxy server to funnel all http requests you will have
> to find another choke point where you can monitor all traffic. The
> logical place would be the external firewall. Even there you will need
> to parse the firewalls logs to collect the data you want to look at.
>
> In a normal setup where squid is used the firewall is typically set to
> block all http requests unless they come from the proxy server. If
> this
> is not done then the proxy server may go unused and you won't get any
> benefit from having it in place.
>
> You may need to explain more of what it is you really want to do and
> the
> environment you are trying to set this up in.
>
> Without a choke point to log and view the traffic, which implies
> parsing
> a log file at some point, there are no real good ways to get what I
> think you are asking. Trying to sniff traffic on the fly is difficult
> at best and still requires a central choke point.
Using a firewall exclusively will make very difficult to get per-user
usage statistics, unless works as a standard proxy or an ALG. Any other
way, like a bridging firewall or transparent proxy, you can only track
per-machine usage statistics.
More information about the fedora-list
mailing list