This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
Subject: Re: How to log who is visiting which web pages From: Chris Dowling <sugarboy@cs.curtin.edu.au> Date: Thu, 06 Jan 2000 16:32:22 +0800 "R. Kuijvenhoven" wrote: > > Hello, > > I have installed an ipchains firewall/router. I would like to be able to > check the "surfing behaviour" of some of the employees, because I know that > they will be surfing instead of working if we are not able to check what > they are doing. > > I thought of adding the -l option to some of the ipchains rules, but I think > this will generate an enormous amount of log entries. > > Is there a better way of handling this? heh, this was asked about a week ago. I think that in the end the guy went for this solution: what you might want to do is to set up a proxy (maybe squid?) somewhere on your network, and then using ipchains you can "invisibly" redirect all traffic on port 80 to that host (with the exclusion of that host, because otherwise you'd just be redirecting it to itself when it wants to make a real request:). then you can just look at the output of your proxy log files and see who's doing what. that way it is completely transparent to the end user, and you don't have to reconfigure any web browsers at all. this has some good points to it: 1) it makes it really hard to surf the web without being logged. I won't say impossible, because I've got some nice code here that will allow me to do that :) 2) you create another service to your users and improve their web browsing experience. it also has some bad points, but the only one that I can think of is that you need more disk space to cache web pages... someone else mentioned some package for filtering out the logs into a nicer format if you don't like the raw logs. can't remember what is was called though... we briefly touched on other solutions as well. there is software for windows called Webboy which does this (www.ngdsoftware.com). or, using libpcap you can write a program that will listen to traffic and sift out all the http requests. that's a little harder. I was going to give that a shot last week, but, well, I never got around to it :) === Subject: Re: How to log who is visiting which web pages From: "J. Scott Kasten" <jsk@titan.tetracon-eng.net> Date: Thu, 6 Jan 2000 09:11:14 -0500 At the risk of adding to your employee's Orwellian future, what you want to do is just log TCP SYNs going out to port 80. I beleive the -y option in chains specifies SYN only. Man it to be sure. === Subject: Re: How to log who is visiting which web pages From: Chris Dowling <sugarboy@cs.curtin.edu.au> Date: Thu, 06 Jan 2000 22:52:01 +0800 correct me if I'm wrong, but that will only tell you the address of the server that pages are being requested from, and which machine requested them? it won't tell you what was page was actually requested by that person... as for Orwellian: if you're prepared to be slightly annoying to people, then you might as well go the whole hog and drive them nuts :) hey, that might not make a bad .sig... sugarboy "J. Scott Kasten" wrote: > > At the risk of adding to your employee's Orwellian future, what you > want to do is just log TCP SYNs going out to port 80. I beleive the > -y option in chains specifies SYN only. Man it to be sure. > > On Thu, Jan 06, 2000 at 09:18:47AM +0100, R. Kuijvenhoven wrote: > > Hello, > > > > I have installed an ipchains firewall/router. I would like to be able to > > check the "surfing behaviour" of some of the employees, because I know that > > they will be surfing instead of working if we are not able to check what > > they are doing. > > > > I thought of adding the -l option to some of the ipchains rules, but I think > > this will generate an enormous amount of log entries. > > > > Is there a better way of handling this? > > > > TIA, > > > > Robert-Jan Kuijvenhoven > > > > > > -- > > To unsubscribe: mail redhat-list-request@redhat.com with "unsubscribe" > > as the Subject. > > > > -- > J. Scott Kasten > > jsk AT tetracon-eng DOT net > > "That wasn't an attack. It was preemptive retaliation!" > > -- > To unsubscribe: mail redhat-list-request@redhat.com with "unsubscribe" > as the Subject. === Subject: Re: How to log who is visiting which web pages From: "J. Scott Kasten" <jsk@titan.tetracon-eng.net> Date: Thu, 6 Jan 2000 10:47:11 -0500 Correct. That gives you the server and client, but not the URL. However, the original message did not indicate whether that was the intent. If you want the URLs, then the only real choice is to use a proxy that logs such things. On Thu, Jan 06, 2000 at 10:52:01PM +0800, Chris Dowling wrote: > correct me if I'm wrong, but that will only tell you the address of the > server that pages are being requested from, and which machine requested > them? it won't tell you what was page was actually requested by that > person... > > as for Orwellian: if you're prepared to be slightly annoying to people, > then you might as well go the whole hog and drive them nuts :) > > hey, that might not make a bad .sig... > > sugarboy > > "J. Scott Kasten" wrote: > > > > At the risk of adding to your employee's Orwellian future, what you > > want to do is just log TCP SYNs going out to port 80. I beleive the > > -y option in chains specifies SYN only. Man it to be sure. > > ===