[K12OSN] Way OT: Track all web activity on my network with logging and reports

Mike Ely mely at rogueriver.k12.or.us
Thu May 18 20:41:45 UTC 2006 

Squid can be configured to force auth against things like LDAP - it's no 
longer transparent, but each user has to have a login in order to go out 
to the internet.  Depending on how your proxy is set up, you can get a 
fair amount of detail from the logs.  I wouldn't recommend trying to 
segregate caches per user - the logs of who was authenticated and went 
where will likely be enough for the evidence folks, and trying to cache 
all that will be a storage and performance nightmare.

One decent machine can handle 1400 nodes without any trouble - iptables 
is very, very efficient - your bottlenecks will be generating logs and 
rendering them into something useful.  I'm using a SunFire x2100 for 500 
nodes, running ipcop with extremely high logging detail as well as ntop, 
urlfilter (similar to dansguardian, based upon squidguard), VPN etc etc, 
and the output from the 'uptime' command on the machine at the time of 
this writing is:
13:38:21 up 25 days, 15:48,  1 user,  load average: 0.02, 0.09, 0.12

As you can see, it's not even breaking a sweat.  This uptime includes 
lots of state-mandated online testing and students doing stuff like 
downloading music (until I spotted them), so it's been passing plenty of 
traffic.

You could probably get by with such a machine, which costs about a grand 
when well-configured, or go with something similar or slightly beefier.

Good luck finding time to respond to all those log requests...

Mike

Tom Ventresco wrote:
> Hi,
> First we implemented about 100 thins this year in 2 buildings.  The 
> state of Ohio is even recognizing thin client technology from a funding 
> stand point.  Huge huge thank you to Jim and all the people that make 
> K12LTSP possible.  Nutshell - 4 servers ( 3.2 GIG P4 with 4gig of RAM 
> and 15k SCSI 320 harddrives (key)) ICEwm, OpenOffice, FireFox, AbiWord, 
> and Email.  Oh nvu as well.  No down days 100% reliable.
> 
> Last year I had 3 requests to produce web activity logs of students 
> across a 5000 student district.  This year that number has jumped to 87 
> requests from admins, parents, and law enforcement.  I need help.  My 
> student (aka super star) created a transparent proxy squid/Dans filter 
> box and its main purpose is to force SafeSearch On google, it works 
> well.    I want to force every user on the network to authenticate to 
> use the, filter and block web content, block downloads via extensions, 
> and log activity weekly and archive it.  Is this possible with a 
> Squid/Dans setup.  I might want to cache individual's cache for this 
> thing called "evidence."   About 1400 possible nodes.  Would you go 
> multiple boxes ( one at each building ) or one big mean server.  The 
> District is on a star topology so one big server is possible. Thank you 
> for your time,
> Tom Ventresco
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>

More information about the K12OSN mailing list