[K12OSN] Way OT: Track all web activity on my network with logging and report

David Trask dtrask at vcsvikings.org
Fri May 19 15:05:44 UTC 2006

SME server with the dungog-dansguardian module can already do this. 
Yes....the dungog module does cost, but it's wicked reasonable and it's
solely to support  a guy for his "coding" time.  SME server is a CentOS
server....no GUI...uses a web interface....very slick...I use a bunch of
them.  The interface for DG is awesome!  And....there is a log reader
parser that is very slick.  You can easily set it up so that all users
need to log in to authenticate to use the internet....and you can do this
by groups as well.....I have a staff group, a student group, and an admin
(unfiltered) group.  You can also unfilter workstations or ban
workstations and users...etc.  You can filter by groups in a manner where
one group is filtered more harshly than another.  I have mine set up so
all users need to log in to use the internet.  This makes tracking very
easy.  It is also set up so that everything is transparently proxied no
matter what....however if they have browser settings (proxy) then they can
log in to the internet and browse according to their user groups
privileges.  Otherwise if the machine does not have browser settings then
they are filtered at the "default" level....and my default is VERY harshly
filtered to make people WANT to log in.  But either way...I'm covered. 
The blacklists are Eric's publicly exported blacklists.  SME server is
free   http://www.contribs.org   (very cool server....does a lot of
things).....the dungog module is quite cheap....http://www.dungog.net/sme
and sets up easy via YUM

As for the logging....I can go into the system....type in a username.....a
time period....and get a list of all activity....denied
activity...allowed....etc.   very nice to have.....this year we used it
once to get ourselves off the hook....a parent accused us of letting a kid
get on to naughty sites and save pics to a disk.  That didn't fit as
neither the laptops or the thin-clients have disk drives, but I was able
essentially prove that he'd never visited that site at school....he
eventually admitted to doing it at home.  :-)

"Support list for opensource software in schools." <k12osn at redhat.com> on
Thursday, May 18, 2006 at 4:15 PM +0000 wrote:
>First we implemented about 100 thins this year in 2 buildings.  The 
>state of Ohio is even recognizing thin client technology from a funding 
>stand point.  Huge huge thank you to Jim and all the people that make 
>K12LTSP possible.  Nutshell - 4 servers ( 3.2 GIG P4 with 4gig of RAM 
>and 15k SCSI 320 harddrives (key)) ICEwm, OpenOffice, FireFox, AbiWord, 
>and Email.  Oh nvu as well.  No down days 100% reliable.
>Last year I had 3 requests to produce web activity logs of students 
>across a 5000 student district.  This year that number has jumped to 87 
>requests from admins, parents, and law enforcement.  I need help.  My 
>student (aka super star) created a transparent proxy squid/Dans filter 
>box and its main purpose is to force SafeSearch On google, it works 
>well.    I want to force every user on the network to authenticate to 
>use the, filter and block web content, block downloads via extensions, 
>and log activity weekly and archive it.  Is this possible with a 
>Squid/Dans setup.  I might want to cache individual's cache for this 
>thing called "evidence."   About 1400 possible nodes.  Would you go 
>multiple boxes ( one at each building ) or one big mean server.  The 
>District is on a star topology so one big server is possible. 
>Thank you for your time,
>Tom Ventresco

David N. Trask
Technology Teacher/Director
Vassalboro Community School
dtrask at vcsvikings.org

More information about the K12OSN mailing list