Internet tracking options

Felipe Alfaro Solana lkml at mac.com
Mon Mar 28 22:54:10 UTC 2005 

On 28 Mar 2005, at 19:01, Scot L. Harris wrote:

> On Mon, 2005-03-28 at 11:50, Mark Haney wrote:
>
>> On Mon, 2005-03-28 at 11:45, Mark Haney wrote:
>>
>>> Well after a small hiatus, I am back on the list again.  It's good to
>>> finally think about something other than Windows.  Here's my question
>>> to the list.  What options are there to track Users internet usage in
>>> Linux?  Not just bandwidth, which isn't an issue, but what sites are
>>> visited etc?  I know squid does this, but the log files are a pain to
>>> go through.  Are there any other apps out there that I can test?
>>
>> Why not write a script to parse the squid log files for you?
>>
>> I suppose I could, however, my intention is to look at alternatives 
>> for
>> those times when squid isn't used.  I guess I should have mentioned 
>> that
>> earlier.
>
> Without using a proxy server to funnel all http requests you will have
> to find another choke point where you can monitor all traffic.  The
> logical place would be the external firewall.  Even there you will need
> to parse the firewalls logs to collect the data you want to look at.
>
> In a normal setup where squid is used the firewall is typically set to
> block all http requests unless they come from the proxy server.  If 
> this
> is not done then the proxy server may go unused and you won't get any
> benefit from having it in place.
>
> You may need to explain more of what it is you really want to do and 
> the
> environment you are trying to set this up in.
>
> Without a choke point to log and view the traffic, which implies 
> parsing
> a log file at some point, there are no real good ways to get what I
> think you are asking.  Trying to sniff traffic on the fly is difficult
> at best and still requires a central choke point.

Using a firewall exclusively will make very difficult to get per-user 
usage statistics, unless works as a standard proxy or an ALG. Any other 
way, like a bridging firewall or transparent proxy, you can only track 
per-machine usage statistics.

More information about the fedora-list mailing list