Internet activity - saving events
-
Hi,
I am a beginner in pfsensie and so I have a question. Basic.
I'm looking for functionality or possibilities how to solve this problem. I need to collect such as Web logs - information such ip local computer that connects to an external ip - the date and time. In short, who visited the ip and when. I have these logs archived and kept for two years. I was looking for a solution in search engine and descriptions Packages but nothing concrete is not found. Is this a big problem in pfsensie?
Or archive Internet activity, and how you resolved it?adminkg
Sorry for my english
-
The squid package will log all http traffic including destination, source, and date/time stamp. There are also packages like lightSquid that can parse the logs into more visually appealing reports with graphs etc. I attached a sample from Squid's access.log file so you can decide if it fits your needs:
1230806674.821 108 10.21.1.200 TCP_MISS/200 417 HEAD http://download.windowsupdate.com/v8/windowsupdate/redir/muv3wuredir.cab? - DIRECT/65.54.87.57 application/octet-stream 1230806674.939 41 10.21.1.200 TCP_MISS/200 405 HEAD http://update.microsoft.com/v8/microsoftupdate/redir/MUAuth.cab? - DIRECT/65.55.25.93 application/octet-stream 1230806678.185 37 10.21.1.200 TCP_MISS/200 415 HEAD http://download.windowsupdate.com/v8/microsoftupdate/redir/muv3muredir.cab? - DIRECT/65.54.87.59 application/octet-stream 1230806679.883 36 10.21.1.200 TCP_REFRESH_HIT/200 8143 GET http://download.windowsupdate.com/msdownload/update/software/dflt/2008/11/1891918_f90a43e2e22893857f7c1d3228e2d01ee45bf0be.cab - DIRECT/65.54.87.59 application/octet-stream 1230806679.936 53 10.21.1.200 TCP_REFRESH_HIT/200 8143 GET http://download.windowsupdate.com/msdownload/update/software/dflt/2008/11/1891920_e7f6c3f19a0f3e20253f14efaa7aeb7a52be1936.cab - DIRECT/65.54.87.57 application/octet-stream
-
Hi,
Thank you very much!
I attached a sample from my Squid's access.log file from /var/squid/log/
1291656367.155 179583 10.30.30.112 TCP_MISS/504 1339 GET http://earthquake.usgs.gov/eqcenter/catalogs/eqs7day-M2.5.xml - DIRECT/10.30.30.2 text/html 1291656406.239 22076 10.30.30.112 TCP_MISS/000 0 GET http://finance.yahoo.com/q? - DIRECT/10.30.30.2 - 1291656406.239 4193 10.30.30.112 TCP_MISS/000 0 POST http://safebrowsing.clients.google.com/safebrowsing/downloads? - DIRECT/10.30.30.2 -
What is the date/time stamp? How to figure it out?
Is this file in any way configured for the size of the time? Can you make it automatically a rip on another server. It has a rotation?
adminkg
-
The time is in unix format…here is a converter:
http://www.onlineconversion.com/unix_time.htmYes, you can setup log rotation. Yes, you can have the server log to another physical server.
-
Hi,
The time is in unix format. And that be so, as I understand it.
Log to another physical server. How this can be done eg on Windows server? If there is a possibility.
In Proxy server: General settings >> Custom Options I have:
redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;redirector_bypass on;redirect_children 3
What is this?
Thank you for your reply.
adminkg