Tracking websites visited

[Tom Diehl]

On Mon, 14 Aug 2006, Ashley M. Kirchner wrote:

> -- I accidentally sent this to just Frank, so here it is for the list --
>
>
> Quoting Frank Cox <theatre at sasktel.net>:
>
>> Anything that you use will require "installing and setting it up".
>>
>> You could use Squid, or you could use Privoxy.  Either one (or both together)
>>  will work just dandy for what you want.
>
>  Well, I figured that much. :)  I meant I don't have a whole lot of time to get
> something installed, configured and all, specially not something I know nothing
> about, such as squid.  But, if that's what it takes, then that's what it takes.
> I'm S.O.L. either way I suppose.
>
>  This all stemmed because some employees are using their machines to do
> "personal" chit-chat and e-mailing, something upper management wants curbed, or
> at the very least, limited.  Things that immediately came up in our meeting was
> the blocking of Yahoo!, Google, and MSN mail during work hours (and possibly
> unblocked during lunch hours, but that's still being discussed.)  While I think
> it's a bit extreme, they sign my paycheque, so I do as I'm told.
>
>  For right now, my immediate task is to block those sites from getting reached
> and I'm trying to figure out how to (efficiently) do that through iptables.  My
> next concern is to start logging everything else being visited, and I guess
> that's where squid (or something else) will come into play.
>
>  If anyone wants to give pointers, and or help with either one of those two
> tasks, I'll be greatful.

If you are willing to block access to everyone on your network for a given
domain such as aol.com AND you run your own dns servers on the internal net, why
not simply add a zone that is authoritative for the domain and directs all
requests to the company web site. That is what I do for garbage like 
myspace.com. Much easier than maintaining iptables rules.

Regards,

-- 
Tom Diehl		tdiehl at rogueind.com		Spamtrap address mtd123 at rogueind.com