0

this is my second Question on Server Fault.

Devices in hand:

  • Cent OS - 32bit (update)
  • Squid installed (not configured)
  • Sarg installed (not configured)

I'm looking for a solution to the following problem:

  • log all the LAN traffic on Squid. I need an option to block 200 web pages (in future)
  • Yahoo, Gtalk need to monitor the chat timings ( web-chat )
  • Yahoo, Gtalk, MSN Messenger, Pidgin need to monitor the chat times (through client)
  • need to generate the report each user name or each host name (IP addresses are assigned through DHCP 192.168.200.0/24 )
  • report should be done hourly, daily, weekly and monthly
  • separate report for chat sessions

Controls I have:

  • Domain admin access
  • root Access for Linux
  • Network devices (router and switch ) en config privileged access

Anything you want more kindly update.

Thanks in advance
Kartook

splattne
  • 28,508
  • 20
  • 98
  • 148
kartook
  • 79
  • 1
  • 4
  • 8

4 Answers4

1

Not sure about the over all site monitoring, but as you try an monitor one chat system once people figure out you are they'll just move to another one. Or move to a secure one like skype you can't monitor. So I don't think that a battle you can win, from a monitoring standpoint.

Though you could do this.

Block all external access to IM services

Setup an IM server (like Microsoft OCS), have this IM server do federated connections to the other "approved" chat services, yahoo, google, AIM, MSN, etc. This means the all traffic is routed though the IM server under your control, so you can now have that IM server log it. I think OpenFire can do it too, but I haven't setup that one up in that mode. People can only use approved chat services now and its under your control.

SpaceManSpiff
  • 2,547
  • 18
  • 20
  • Leat *** ### Not sure about the over all site monitoring, but as you try an monitor one chat system ****ure one like skype you can't monitor. So I don't think that a battle you can win, from a monitoring standpoint.### I really accept your word .But as of now just need to monitor the usage not chat logs for IM's .Productivity was effected a lot . / Management dont like to block the IM's before going forward we need report Open fire already setup and running but only internal mgmt dont wat to allow IM on through openfire – kartook Jul 10 '09 at 12:37
  • Ah ok, so how much time people are spending in chat, not actually what they are saying. Interesting. Tough problem, sorry I don't have an idea on that one. – SpaceManSpiff Jul 10 '09 at 15:25
  • may 5 hours /day working and also chatting . management want to collect the log for utilization and time ...... i got few ideas and i did .only stuff was Instant messengers thats is great challenge to me to get the logs .... so i am asking help every where :) kartook – kartook Jul 10 '09 at 16:51
1

i can't answer for all your request but i can tell you what i use and works magically:

"log all the LAN traffic on Squid. I need an option to block 200 web pages (in future)" -> I use a squid acl with the "dstdomain" directive to block a list of site in a text file. If you also need to block sites by categories, i suggest you to use the wonderfull Squidguard too with a blacklist database. I also use another url filter to complete which is provided by the free opendns.com services.

"need to generate the report each user name or each host name (IP addresses are assigned through DHCP 192.168.200.0/24 )" -> I tried SARG but it isn't maintained anymore and crash with huge log files, so i use FREE-SA which provides the same features and works very well (no database needed).

"report should be done hourly, daily, weekly and monthly" -> Use crontab to launch FREE-SA when you want

I hope this could help :)

PS: If you have an Active Directory domain, like me, you can also configure Squid to make your users transparently authenticate (SSO) with Kerberos and LDAP.

  • 1
    """" I use a squid acl with the "dstdomain" directive to block a list of site in a text file. If you also need to block sites by categories, i suggest you to use the wonderfull Squidguard too with a blacklist database. I also use another url filter to complete which is provided by the free opendns.com services. """"" ---- This is the great news for me i can do as per your words this will work for me .i need the reference links to do this all .. I will chk the FREE-SA i will prefer to use this Kerberos and LDAP. Thanks Buddy – kartook Jul 10 '09 at 12:33
1

For IM you might use Imspector - goes a bit beyond what you want, but can easily log "chat volume". SmoothWall (Bias disclosure: I work for these guys) put it all together in one package - it will cost money, but save you a bunch of time. Imspector is maintained and part funded by SmoothWall.

Tom Newton
  • 4,141
  • 2
  • 24
  • 28
0

In germany, iirc, you aren't allowed to track any content that could be personal/private, if the employees didn't sign a "no private internet usage" form/term.

I'm just wondering why noone had any privacy/security concerns yet.

Karsten
  • 318
  • 3
  • 11